org.webjars.npm:browser-sync-ui (=2.27.11), org.webjars.npm:nestjs__platform-socket.io (=9.0.0-next.2) +3 more potentially affected by CVE-2026-33151 via org.webjars.npm:socket.io-parser (>=2.3.1 <=4.2.5)

org.webjars.npm:socket.io-parser MAVEN version =2.3.1, =0.3.1, =0.5.0 - org.webjars.npm:socket.io-client =4.8.3 Source cves: CVE-2026-33151 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15680279...

Malicious code in socket.io-client-v2 (npm)

--- -= Per source details. Do not edit below this line.=-...

socket.io (>=3.0.0-rc1 <=3.0.0-rc4), socket.io-client (>=3.0.0-rc1 <=3.0.0-rc4) potentially affected by CVE-2022-2421 via socket.io-parser (>=4.0.1-rc1 <=4.0.1-rc3)

socket.io-parser NPM version =4.0.1-rc1, =3.0.0-rc1, =3.0.0-rc1, =3.0.0-rc4 Source cves: CVE-2022-2421 Source advisory: OSV:GHSA-QM95-PGCG-QQFQ...

cloud.metaapi.sdk:metaapi-java-sdk (>=7.1.0 <=14.0.9), com.after_sunrise.cryptocurrency:bitflyer4j (>=0.5.0 <=0.6.0) +70 more potentially affected by CVE-2022-25867 via io.socket:socket.io-client (>=0.6.1 <=2.0.0)

io.socket:socket.io-client MAVEN version =0.6.1, =7.1.0, =0.5.0, =0.2.0, =1.1.5, =1.0.4, =1.0.4, =1.2.1, =2.3.3, =1.0.1, =2.1.0, =1.0, =1.0.1 and more Source cves: CVE-2022-25867 Source advisory: OSV:GHSA-85XX-XHJM-RHRW...

GHSA-85XX-XHJM-RHRW Socket.IO-client Java before 2.0.1 vulnerable to NULL Pointer Dereference

The package io.socket:socket.io-client before 2.0.1 is vulnerable to NULL Pointer Dereference when parsing a packet with with invalid payload format...

CVE-2022-25867

The package io.socket:socket.io-client before 2.0.1 are vulnerable to NULL Pointer Dereference when parsing a packet with with invalid payload format...

io.github.comet-crypto:lib (>=0.2 <=0.2.3), io.socket:socket.io-server (>=3.0.0 <=3.0.1) potentially affected by CVE-2022-25867 via io.socket:socket.io-client (=2.0.0)

io.socket:socket.io-client MAVEN version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on io.socket:socket.io-client and may be impacted: - io.github.comet-crypto:lib =0.2, =3.0.0, =3.0.1 Source cves: CVE-2022-25867 Source advisory:...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference when parsing a packet with with invalid payload format. Remediation Upgrade io.socket:socket.io-client to version 2.0.1 or higher. References - GitHub Commit - GitHub Commit - GitHub Issue - GitHub Release Credi...