Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-2328-f5f3-gj25
  • npm/node-forge
 Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation) 26 Mar
  • Fix available
  • Severity - 7.4 (High)
GHSA-q67f-28xg-22rw
  • npm/node-forge
 Forge has signature forgery in Ed25519 due to missing S > L check 26 Mar
  • Fix available
  • Severity - 7.5 (High)
GHSA-ppp5-5v6c-4jwp
  • npm/node-forge
 Forge has signature forgery in RSA-PKCS due to ASN.1 extra field 26 Mar
  • Fix available
  • Severity - 7.5 (High)
GHSA-5m6q-g25r-mvwx
  • npm/node-forge
 Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input 26 Mar
  • Fix available
  • Severity - 7.5 (High)
GHSA-554w-wpv2-vw27
  • npm/node-forge
 node-forge has ASN.1 Unbounded Recursion 26 Nov 2025
  • Fix available
  • Severity - 8.7 (High)
GHSA-65ch-62r8-g69g
  • npm/node-forge
 node-forge is vulnerable to ASN.1 OID Integer Truncation 26 Nov 2025
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-5gfm-wpxj-wjgq
  • npm/node-forge
 node-forge has an Interpretation Conflict vulnerability via its ASN.1 Validator Desynchronization 26 Nov 2025
  • Fix available
  • Severity - 8.7 (High)
GHSA-2r2c-g63r-vccr
  • npm/node-forge
 Improper Verification of Cryptographic Signature in `node-forge` 18 Mar 2022
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-x4jg-mjrx-434g
  • npm/node-forge
 Improper Verification of Cryptographic Signature in node-forge 18 Mar 2022
  • Fix available
  • Severity - 7.5 (High)
GHSA-cfm4-qjh2-4765
  • npm/node-forge
 Improper Verification of Cryptographic Signature in node-forge 18 Mar 2022
  • Fix available
  • Severity - 7.5 (High)
GHSA-8fr3-hfg3-gpgp
  • npm/node-forge
 Open Redirect in node-forge 21 Jan 2022
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-5rrq-pxf6-6jx5
  • npm/node-forge
 Prototype Pollution in node-forge debug API. 08 Jan 2022
  • Fix available
GHSA-wxgw-qj99-44c2
  • npm/node-forge
 Prototype Pollution in node-forge util.setPath API 08 Jan 2022
  • Fix available
GHSA-gf8q-jrpm-jvxq
  • npm/node-forge
 URL parsing in node-forge could lead to undesired behavior. 08 Jan 2022
  • Fix available
GHSA-92xj-mqp7-vmcj
  • npm/node-forge
 Prototype Pollution in node-forge 14 Sep 2020
  • Fix available
  • Severity - 9.8 (Critical)