Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/550534?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/550534?format=api", "purl": "pkg:npm/%40soketi/soketi@0.19.1", "type": "npm", "namespace": "@soketi", "name": "soketi", "version": "0.19.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.6.0", "latest_non_vulnerable_version": "1.6.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42007?format=api", "vulnerability_id": "VCID-6h1v-7r16-t7c3", "summary": "Denial of Service in soketi\n### Impact\n_What kind of vulnerability is it? Who is impacted?_\n\nThere was a wrong behavior when reading POST requests, making the server crash if it couldn't read the body. In case a POST request was sent to any endpoint of the server with an empty body, **even unauthenticated with the Pusher Protocol**, it would simply just crash the server for trying to send a response after the request closed.\n\nAll users that run the server are affected by it and it's highly recommended to upgrade to the latest patch.\n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\n\nUpdating to at least or the latest version.\n\n### Workarounds\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_\n\nNo. Upgrading is the only solution.\n\n### References\n_Are there any links users can visit to find out more?_\n\nhttps://github.com/soketi/soketi/releases/tag/0.24.1\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [the issues board](https://github.com/soketi/soketi/issues)\n* Email us at [alex@renoki.org](mailto:alex@renoki.org)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21667", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01227", "scoring_system": "epss", "scoring_elements": "0.7949", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01227", "scoring_system": "epss", "scoring_elements": "0.79475", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01227", "scoring_system": "epss", "scoring_elements": "0.79502", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01227", "scoring_system": "epss", "scoring_elements": "0.79508", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.01227", "scoring_system": "epss", "scoring_elements": "0.795", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21667" }, { "reference_url": "https://github.com/soketi/soketi", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/soketi/soketi" }, { "reference_url": "https://github.com/soketi/soketi/commit/4b12efef9c31117c36a0a0f1c3aa32114e86364b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:58:17Z/" } ], "url": "https://github.com/soketi/soketi/commit/4b12efef9c31117c36a0a0f1c3aa32114e86364b" }, { "reference_url": "https://github.com/soketi/soketi/releases/tag/0.24.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:58:17Z/" } ], "url": "https://github.com/soketi/soketi/releases/tag/0.24.1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21667", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21667" }, { "reference_url": "https://github.com/advisories/GHSA-86ch-6w7v-v6xf", "reference_id": "GHSA-86ch-6w7v-v6xf", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-86ch-6w7v-v6xf" }, { "reference_url": "https://github.com/soketi/soketi/security/advisories/GHSA-86ch-6w7v-v6xf", "reference_id": "GHSA-86ch-6w7v-v6xf", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:58:17Z/" } ], "url": "https://github.com/soketi/soketi/security/advisories/GHSA-86ch-6w7v-v6xf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60073?format=api", "purl": "pkg:npm/%40soketi/soketi@0.24.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-grwn-qms1-7fgq" }, { "vulnerability": "VCID-najf-jgbf-xker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540soketi/soketi@0.24.1" } ], "aliases": [ "CVE-2022-21667", "GHSA-86ch-6w7v-v6xf", "GMS-2022-2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6h1v-7r16-t7c3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42040?format=api", "vulnerability_id": "VCID-grwn-qms1-7fgq", "summary": "Zalgo-like output that crashes the server\n### Impact\n_What kind of vulnerability is it? Who is impacted?_\n\n[`colors`](https://npmjs.com/package/colors) package caused zalgo-like output (see https://github.com/soketi/soketi/issues/276, https://github.com/Marak/colors.js/issues/289) breaking the servers.\n\n**Only NPM users that recently upgraded or installed the NPM package are affected.**\n\nDocker users seem to not be affected as the dependencies were bundled at the time of the build, which were tested.\n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\n\nLatest patch. `0.26.1` to be exact at the time of writing.\n\n### Workarounds\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_\n\nYou cannot get around this as it's related to dependencies.\n\n### References\n_Are there any links users can visit to find out more?_\n\n- https://github.com/Marak/colors.js/issues/289\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [the issues board](https://github.com/soketi/soketi/issues)\n* Email us at [alex@renoki.org](mailto:alex@renoki.org)", "references": [ { "reference_url": "https://github.com/advisories/GHSA-2w8g-m5j8-7m87", "reference_id": "GHSA-2w8g-m5j8-7m87", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2w8g-m5j8-7m87" }, { "reference_url": "https://github.com/soketi/soketi/security/advisories/GHSA-2w8g-m5j8-7m87", "reference_id": "GHSA-2w8g-m5j8-7m87", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/soketi/soketi/security/advisories/GHSA-2w8g-m5j8-7m87" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60126?format=api", "purl": "pkg:npm/%40soketi/soketi@0.26.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-najf-jgbf-xker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540soketi/soketi@0.26.1" } ], "aliases": [ "GHSA-2w8g-m5j8-7m87", "GMS-2022-63" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-grwn-qms1-7fgq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45779?format=api", "vulnerability_id": "VCID-najf-jgbf-xker", "summary": "Soketi was exposed to Sandbox Escape vulnerability via vm2\n### Impact\n_What kind of vulnerability is it? Who is impacted?_\nAnyone who might have used Soketi with the `cluster` driver (or through PM2).\n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\nGet the latest version of Soketi.\n\n### Workarounds\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_\nNone. It's advised to upgrade to the latest version.\n\n### References\n_Are there any links users can visit to find out more?_\n- https://github.com/advisories/GHSA-cchq-frgv-rjh5\n- https://github.com/patriksimek/vm2/issues/533\n- https://github.com/Unitech/pm2/issues/5643", "references": [ { "reference_url": "https://github.com/patriksimek/vm2/issues/533", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/patriksimek/vm2/issues/533" }, { "reference_url": "https://github.com/soketi/soketi", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/soketi/soketi" }, { "reference_url": "https://github.com/soketi/soketi/commit/de12bff706c0d62e6a57dc1c7be3c4f014d0093a", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/soketi/soketi/commit/de12bff706c0d62e6a57dc1c7be3c4f014d0093a" }, { "reference_url": "https://github.com/soketi/soketi/pull/927", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/soketi/soketi/pull/927" }, { "reference_url": "https://github.com/soketi/soketi/releases/tag/1.6.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/soketi/soketi/releases/tag/1.6.0" }, { "reference_url": "https://github.com/Unitech/pm2/issues/5643", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Unitech/pm2/issues/5643" }, { "reference_url": "https://github.com/advisories/GHSA-cchq-frgv-rjh5", "reference_id": "GHSA-cchq-frgv-rjh5", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cchq-frgv-rjh5" }, { "reference_url": "https://github.com/advisories/GHSA-g6w6-h933-4rc5", "reference_id": "GHSA-g6w6-h933-4rc5", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g6w6-h933-4rc5" }, { "reference_url": "https://github.com/soketi/soketi/security/advisories/GHSA-g6w6-h933-4rc5", "reference_id": "GHSA-g6w6-h933-4rc5", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/soketi/soketi/security/advisories/GHSA-g6w6-h933-4rc5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66439?format=api", "purl": "pkg:npm/%40soketi/soketi@1.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540soketi/soketi@1.6.0" } ], "aliases": [ "GHSA-g6w6-h933-4rc5", "GMS-2023-1877" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-najf-jgbf-xker" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540soketi/soketi@0.19.1" }