VulnerableCode Package Details - pkg:npm/ws@0.4.16

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/ws@0.4.16

Essentials
History (6)

purl	pkg:npm/ws@0.4.16

Next non-vulnerable version	1.1.5
Latest non-vulnerable version	8.20.1
Risk	10.0

Vulnerabilities affecting this package (6)

Vulnerability	Summary	Fixed by
VCID-1z3q-ur77-xqf6 Aliases: GMS-2016-2	Remote Memory Disclosure When given a number instead of a string, the ping function sends a non zeroed buffer of the corresponding length which exposes memory to the recipient.	1.0.1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-a5uy-wfv9-gbbd Aliases: CVE-2016-10518 GHSA-2mhh-w6q8-5hxw	Remote Memory Disclosure in ws	1.0.1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-hhzr-sn73-sucg Aliases: GHSA-5v72-xg48-5rpm GMS-2019-145	Denial of Service in ws	1.1.5 Affected by 0 other vulnerabilities. 3.3.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-kxgy-dea9-r7hf Aliases: GMS-2017-331	Denial of Service A specially crafted value of the `Sec-WebSocket-Extensions` header that uses `Object.prototype` property names as extension or parameter names can be used to make a `ws` server crash.	3.3.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-us9s-zn4f-b3hz Aliases: CVE-2016-10542 GHSA-6663-c963-2gqg	DoS due to excessively large websocket message in ws	1.1.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-vadr-5hv8-pkah Aliases: GMS-2016-38	DoS due to excessively large websocket message It is possible to crash the node process by sending an overly long websocket payload to a ws server.	1.1.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T17:11:42.740037+00:00	GitLab Importer	Affected by	VCID-hhzr-sn73-sucg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ws/GMS-2019-145.yml	38.6.0
2026-06-12T17:08:35.115920+00:00	GitLab Importer	Affected by	VCID-a5uy-wfv9-gbbd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ws/CVE-2016-10518.yml	38.6.0
2026-06-12T17:08:28.160741+00:00	GitLab Importer	Affected by	VCID-us9s-zn4f-b3hz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ws/CVE-2016-10542.yml	38.6.0
2026-06-12T16:55:57.990927+00:00	GitLab Importer	Affected by	VCID-kxgy-dea9-r7hf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ws/GMS-2017-331.yml	38.6.0
2026-06-12T16:50:27.684849+00:00	GitLab Importer	Affected by	VCID-vadr-5hv8-pkah	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ws/GMS-2016-38.yml	38.6.0
2026-06-12T16:49:23.583190+00:00	GitLab Importer	Affected by	VCID-1z3q-ur77-xqf6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ws/GMS-2016-2.yml	38.6.0