rexxars/sse-channel

GitHub

github.com

Releases22

Frequency6 months 2 weeks

Last Release about 1 month ago

Stars112

Server-Sent Events "channel" where all messages are broadcasted to all connected clients, history is maintained automatically and server attempts to keep clients alive by sending "keep-alive" packets automatically.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-44217 ↗	May 12, 2026Tuesday, 12 May 2026, 20:16	—	—
sse-channel is an SSE-implementation which can be used to any node.js http request/response stream. Prior to 4.0.1, implementations that allow user-provided values to be passed to event, retry or id fields are susceptible to event spoofing, where an attacker could inject arbitrary messages into the stream. This vulnerability is fixed in 4.0.1.