Ws

This hub aggregates every CVE we track for Ws, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 7 most recently published vulnerabilities affecting Ws.

• CVE-2026-48779ws: Memory exhaustion DoS from tiny fragments and data chunks7.5Jun 16, 2026
• CVE-2026-45736ws: Uninitialized memory disclosure4.4May 15, 2026
• CVE-2024-37890Denial of service when handling a request with many HTTP headers in ws7.5Jun 17, 2024
• CVE-2021-32640ReDoS in Sec-Websocket-Protocol header5.3May 25, 2021
• CVE-2020-35896An issue was discovered in the ws crate through 2020-09-25 for Rust. The outgoing buffer is not properly limited, leading to a remote memory-consumption attack.7.5Dec 31, 2020
• CVE-2016-10542ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` serv...7.5May 31, 2018
• CVE-2016-10518A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a...7.5May 31, 2018