Skip to content

RadicalNotion.AI

We do not sell or share your personal information

© 2026 RadicalNotion.AI

Security Data

CWE Directory
CAPEC Directory
CNA Directory
CNA Report Cards
Data Sources

Calculators

CVSS Calculator
CVSS 4.0
CVSS 3.1
CVSS 3.0
CVSS 2.0

Platform

My Vulnerabilities
Insights
Notifications
Account
Pricing

Learn

All guides
What is a CVE?
What is CVSS?
The CISA KEV catalog
What is EPSS?

Company

About us
Blog
Book a demo

Get Started

Sign up
Log in

Legal

Privacy
Terms

Security data

Weaknesses (CWE)The MITRE CWE weakness catalog
Attack Patterns (CAPEC)MITRE CAPEC attack patterns
CNAsNumbering authorities + report cards
VendorsVulnerabilities by vendor

Tools

CVSS CalculatorScore CVSS 4.0, 3.1, 3.0 & 2.0

Resources

LearnPlain-English security guides
Data SourcesHow we source CVE data

About Us Blog Pricing Book a Demo

Log in

Home
Vendors
Npm
Signalk Server

npm signalk-server Vulnerabilities: CVEs, CISA KEV & Security Advisories

13 CVEs

npm

npm signalk-server Vulnerabilities

CVE security advisories and vulnerability history for signalk-server by npm.

13

Total CVEs

Published

0

In CISA KEV

Exploited in the wild

12

Public exploits

With known exploit

7.0

Avg CVSS

2026–2026

Last updated May 9, 2026

Overview

npm signalk-server has 13 published CVE records since 2026, of which 0 are in CISA's Known Exploited Vulnerabilities catalog and 12 have a known public exploit. The average CVSS base score across scored CVEs is 7.0.

This page aggregates every publicly disclosed vulnerability (CVE) affecting npm signalk-server, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.

Severity and exploitation

How the CVSS severity of npm signalk-server's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical3

High4

Medium5

Low1

In CISA’s Known Exploited Vulnerabilities catalog

0

None of npm signalk-server's CVEs are currently listed in CISA's KEV catalog.

Public exploits

12

12 of npm signalk-server's CVEs have a known public exploit available.

Affected versions and CVEs

Browse every npm signalk-server version named in a CVE, then pick one to see only the CVEs that affect it.

Fixed in

2.19.05 CVEs
2.24.02 CVEs
2.25.02 CVEs
2.20.31 CVE
2.24.0-beta.11 CVE
2.24.0-beta.41 CVE
2.9.01 CVE

Find a version

13 CVEs

Sort

Signal K Server's WebSocket Login Endpoint Lacks Rate Limiting (Credential Brute-Force)
CVE-2026-41893
Public exploit
Patch
CWE-307
High · CVSS 8.7
EPSS 0.0% (11th pct)2026-05-09
Signal K Server has an Unauthenticated Regular Expression Denial of Service (ReDoS) via WebSocket Subscription Paths
CVE-2026-39320
Public exploit
Patch
CWE-1333
High · CVSS 7.5
EPSS 0.1% (23th pct)2026-04-21
signalk-server: Arbitrary Prototype Read via `from` Field Bypass
CVE-2026-35038
Public exploit
Patch
CWE-125
Low · CVSS 2.1
EPSS 0.1% (21th pct)2026-04-02
signalk-server: OAuth Authorization Code Theft via Unvalidated Host Header in OIDC Flow
CVE-2026-34083
Public exploit
Patch
CWE-601
Medium · CVSS 6.1
EPSS 0.0% (7th pct)2026-04-02
signalk-server: Unauthenticated Source Priorities Manipulation
CVE-2026-33951
Patch
CWE-306
Medium · CVSS 6.9
EPSS 0.1% (28th pct)2026-04-02
signalk-server: Privilege Escalation by Admin Role Injection via /enableSecurity
CVE-2026-33950
Public exploit
Patch
CWE-285
Critical · CVSS 9.4
EPSS 0.0% (9th pct)2026-04-02
SignalK Server has Path Traversal leading to information disclosure
CVE-2026-25228
Public exploit
Patch
CWE-22
Medium · CVSS 5.0
EPSS 0.0% (6th pct)2026-02-02
Signal K Server Vulnerable to Access Request Spoofing
CVE-2025-69203
Public exploit
Patch
CWE-290
Medium · CVSS 6.3
EPSS 0.0% (6th pct)2026-01-01
Signal K Server Vulnerable to Remote Code Execution via Malicious npm Package
CVE-2025-68619
Public exploit
Patch
CWE-94
High · CVSS 7.3
EPSS 0.1% (16th pct)2026-01-01
Signal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated Polling
CVE-2025-68620
Public exploit
Patch
CWE-288
Critical · CVSS 9.1
EPSS 0.1% (18th pct)2026-01-01
Signal K Server Vulnerable to Unauthenticated Information Disclosure via Exposed Endpoints
CVE-2025-68273
Public exploit
Patch
CWE-200
Medium · CVSS 5.3
EPSS 0.0% (3th pct)2026-01-01
Signal K Server Vulnerable to Denial of Service via Unrestricted Access Request Flooding
CVE-2025-68272
Public exploit
Patch
CWE-770
High · CVSS 7.5
EPSS 0.1% (25th pct)2026-01-01
Signal K Server has Unauthenticated State Pollution leading to Remote Code Execution (RCE)
CVE-2025-66398
Public exploit
Patch
CWE-78
Critical · CVSS 9.7
EPSS 0.1% (34th pct)2026-01-01

Common weakness types

The CWE weakness categories most often found in npm signalk-server CVEs. Follow any weakness for its full explanation.

CWE-125Out-of-bounds Read1 CVE
CWE-1333Inefficient Regular Expression Complexity1 CVE
CWE-200Exposure of Sensitive Information to an Unauthorized Actor1 CVE
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')1 CVE
CWE-285Improper Authorization1 CVE
CWE-288Authentication Bypass Using an Alternate Path or Channel1 CVE
CWE-290Authentication Bypass by Spoofing1 CVE
CWE-306Missing Authentication for Critical Function1 CVE

Other npm products

Browse vulnerabilities for other products by npm.

openclaw404 CVEs parse-server106 CVEs n8n62 CVEs directus53 CVEs electron48 CVEs flowise48 CVEs next47 CVEs vm232 CVEs

All npm vulnerabilities

Frequently asked questions

Common questions about npm signalk-server vulnerabilities.

How many CVEs does npm signalk-server have?

npm signalk-server has 13 published CVE records since 2026.

How many npm signalk-server CVEs are in CISA KEV?

None of npm signalk-server's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.

Are there public exploits for npm signalk-server vulnerabilities?

Yes — 12 of npm signalk-server's CVEs have a known public exploit.

Which versions of npm signalk-server are affected?

7 distinct npm signalk-server versions are named across its CVEs. Use the version filter above to see the CVEs affecting a specific version.

What are the most common weakness types in npm signalk-server CVEs?

npm signalk-server's CVEs most often map to these CWE weakness types: CWE-125 (Out-of-bounds Read), CWE-1333 (Inefficient Regular Expression Complexity), CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')).

How many critical npm signalk-server vulnerabilities are there?

npm signalk-server has 3 critical and 4 high-severity CVEs.

What is the average severity of npm signalk-server CVEs?

The average CVSS base score across npm signalk-server's scored CVEs is 7.0.

References

All npm vulnerabilities
The MITRE CVE Program (opens in a new tab)
Learn: What is a CVE?
CWE directory: the weakness types these CVEs map to

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track npm signalk-server vulnerabilities

Monitor new npm signalk-server vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing

On this page

Overview
Severity and exploitation
Affected versions and CVEs
Common weakness types
Other products
FAQ
References