Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/jsrsasign@8.0.11
Typenpm
Namespace
Namejsrsasign
Version8.0.11
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version11.1.1
Latest_non_vulnerable_version11.1.1
Affected_by_vulnerabilities
0
url VCID-1va4-6h3w-h7an
vulnerability_id VCID-1va4-6h3w-h7an
summary 
JWS and JWT signature validation vulnerability with special characters
### Impact

Jsrsasign supports JWS(JSON Web Signatures) and JWT(JSON Web Token) validation. However JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake.

For example, even if a string of non Base64URL encoding characters such as `!@$%` or `\11` is inserted into a valid JWS or JWT signature value string, it will still be a valid JWS or JWT signature by mistake.

When jsrsasign's JWS or JWT validation is used in OpenID connect or OAuth2, this vulnerability will affect to authentication or authorization.

By our internal assessment, CVSS 3.1 score will be 8.6.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

### Patches
Users validate JWS or JWT signatures should upgrade to 10.5.25.

### Workarounds
Validate JWS or JWT signature if it has Base64URL and dot safe string before
executing JWS.verify() or JWS.verifyJWT() method.

### ACKNOWLEDGEMENT

Thanks to Adi Malyanker and Or David for this vulnerability report. Also thanks for [Snyk security team](https://snyk.io/) for this coordination.

### References
https://github.com/kjur/jsrsasign/releases/tag/10.5.25
https://github.com/kjur/jsrsasign/security/advisories/GHSA-3fvg-4v2m-98jf kjur's advisories
https://github.com/advisories/GHSA-3fvg-4v2m-98jf github advisories
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25898
https://kjur.github.io/jsrsasign/api/symbols/KJUR.jws.JWS.html#.verifyJWT
https://kjur.github.io/jsrsasign/api/symbols/KJUR.jws.JWS.html#.verify
https://kjur.github.io/jsrsasign/api/symbols/global__.html#.isBase64URLDot
https://github.com/kjur/jsrsasign/wiki/Tutorial-for-JWS-verification
https://github.com/kjur/jsrsasign/wiki/Tutorial-for-JWT-verification
https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-2869122
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25898
reference_id
reference_type
scores
0
value 0.01775
scoring_system epss
scoring_elements 0.8305
published_at 2026-06-05T12:55:00Z
1
value 0.01775
scoring_system epss
scoring_elements 0.83023
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25898
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25898
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25898
2
reference_url https://github.com/kjur/jsrsasign
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign
3
reference_url https://github.com/kjur/jsrsasign/commit/4536a6e9e8bcf1a644ab7c07ed96e453347dae41
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign/commit/4536a6e9e8bcf1a644ab7c07ed96e453347dae41
4
reference_url https://github.com/kjur/jsrsasign/releases/tag/10.5.25
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign/releases/tag/10.5.25
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25898
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25898
6
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2935898
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2935898
7
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-2935897
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-2935897
8
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2935896
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2935896
9
reference_url https://snyk.io/vuln/SNYK-JS-JSRSASIGN-2869122
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-JSRSASIGN-2869122
10
reference_url https://github.com/advisories/GHSA-3fvg-4v2m-98jf
reference_id GHSA-3fvg-4v2m-98jf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3fvg-4v2m-98jf
11
reference_url https://github.com/kjur/jsrsasign/security/advisories/GHSA-3fvg-4v2m-98jf
reference_id GHSA-3fvg-4v2m-98jf
reference_type
scores
url https://github.com/kjur/jsrsasign/security/advisories/GHSA-3fvg-4v2m-98jf
fixed_packages
0
url pkg:npm/jsrsasign@10.5.25
purl pkg:npm/jsrsasign@10.5.25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ax2w-kcpr-rffk
1
vulnerability VCID-b7u7-uwdr-vbgs
2
vulnerability VCID-bgv2-wbuc-wqcj
3
vulnerability VCID-q2dz-12f5-zbgg
4
vulnerability VCID-qayx-46yz-d3b8
5
vulnerability VCID-r434-j4qg-r3bx
6
vulnerability VCID-sm4v-ac3f-6yha
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/jsrsasign@10.5.25
aliases CVE-2022-25898, GHSA-3fvg-4v2m-98jf, GMS-2022-2707
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1va4-6h3w-h7an
1
url VCID-3c19-m13f-vbf1
vulnerability_id VCID-3c19-m13f-vbf1
summary 
Improper Verification of Cryptographic Signature
In the jsrsasign package for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid. NOTE: there is no known practical attack.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-30246
reference_id
reference_type
scores
0
value 0.002
scoring_system epss
scoring_elements 0.42072
published_at 2026-06-05T12:55:00Z
1
value 0.002
scoring_system epss
scoring_elements 0.41998
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-30246
1
reference_url https://github.com/kjur/jsrsasign/issues/478
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign/issues/478
2
reference_url https://github.com/kjur/jsrsasign/releases/tag/10.1.13
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign/releases/tag/10.1.13
3
reference_url https://github.com/kjur/jsrsasign/security/advisories/GHSA-27fj-mc8w-j9wg
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign/security/advisories/GHSA-27fj-mc8w-j9wg
4
reference_url https://kjur.github.io/jsrsasign
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://kjur.github.io/jsrsasign
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-30246
reference_id CVE-2021-30246
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-30246
fixed_packages
0
url pkg:npm/jsrsasign@10.2.0
purl pkg:npm/jsrsasign@10.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1va4-6h3w-h7an
1
vulnerability VCID-ax2w-kcpr-rffk
2
vulnerability VCID-b7u7-uwdr-vbgs
3
vulnerability VCID-bgv2-wbuc-wqcj
4
vulnerability VCID-q2dz-12f5-zbgg
5
vulnerability VCID-qayx-46yz-d3b8
6
vulnerability VCID-r434-j4qg-r3bx
7
vulnerability VCID-sm4v-ac3f-6yha
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/jsrsasign@10.2.0
aliases CVE-2021-30246, GHSA-27fj-mc8w-j9wg
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3c19-m13f-vbf1
2
url VCID-ax2w-kcpr-rffk
vulnerability_id VCID-ax2w-kcpr-rffk
summary jsrsasign: jsrsasign: Private key recovery via incomplete comparison checks biasing DSA nonces
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4599.json
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4599.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4599
reference_id
reference_type
scores
0
value 0.00057
scoring_system epss
scoring_elements 0.1826
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4599
2
reference_url https://gist.github.com/Kr0emer/081681818b51605c91945126d74b4f20
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-23T14:39:36Z/
url https://gist.github.com/Kr0emer/081681818b51605c91945126d74b4f20
3
reference_url https://github.com/kjur/jsrsasign
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign
4
reference_url https://github.com/kjur/jsrsasign/commit/ee4b013478366cb16cea9a4bdfb218b6077f83b1
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-23T14:39:36Z/
url https://github.com/kjur/jsrsasign/commit/ee4b013478366cb16cea9a4bdfb218b6077f83b1
5
reference_url https://github.com/kjur/jsrsasign/pull/647
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-23T14:39:36Z/
url https://github.com/kjur/jsrsasign/pull/647
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4599
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4599
7
reference_url https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370939
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-23T14:39:36Z/
url https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370939
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2450207
reference_id 2450207
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2450207
9
reference_url https://github.com/advisories/GHSA-5jx8-q4cp-rhh6
reference_id GHSA-5jx8-q4cp-rhh6
reference_type
scores
url https://github.com/advisories/GHSA-5jx8-q4cp-rhh6
10
reference_url https://access.redhat.com/errata/RHSA-2026:19375
reference_id RHSA-2026:19375
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19375
11
reference_url https://access.redhat.com/errata/RHSA-2026:19409
reference_id RHSA-2026:19409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19409
12
reference_url https://access.redhat.com/errata/RHSA-2026:19410
reference_id RHSA-2026:19410
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19410
13
reference_url https://access.redhat.com/errata/RHSA-2026:6568
reference_id RHSA-2026:6568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6568
14
reference_url https://access.redhat.com/errata/RHSA-2026:6720
reference_id RHSA-2026:6720
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6720
15
reference_url https://access.redhat.com/errata/RHSA-2026:6912
reference_id RHSA-2026:6912
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6912
16
reference_url https://access.redhat.com/errata/RHSA-2026:6926
reference_id RHSA-2026:6926
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6926
fixed_packages
0
url pkg:npm/jsrsasign@11.1.1
purl pkg:npm/jsrsasign@11.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/jsrsasign@11.1.1
aliases CVE-2026-4599, GHSA-5jx8-q4cp-rhh6
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ax2w-kcpr-rffk
3
url VCID-b7u7-uwdr-vbgs
vulnerability_id VCID-b7u7-uwdr-vbgs
summary jsrsasign: jsrsasign: Private Key Recovery via Missing Cryptographic Step in DSA Signing
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4601.json
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4601.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4601
reference_id
reference_type
scores
0
value 0.00024
scoring_system epss
scoring_elements 0.06901
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4601
2
reference_url https://gist.github.com/Kr0emer/93789fe6efe5519db9692d4ad1dad586
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:P
2
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N/E:P
3
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N/E:P
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-23T14:41:01Z/
url https://gist.github.com/Kr0emer/93789fe6efe5519db9692d4ad1dad586
3
reference_url https://github.com/kjur/jsrsasign
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign
4
reference_url https://github.com/kjur/jsrsasign/commit/0710e392ec35de697ce11e4219c988ba2b5fe0eb
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:P
2
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N/E:P
3
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N/E:P
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-23T14:41:01Z/
url https://github.com/kjur/jsrsasign/commit/0710e392ec35de697ce11e4219c988ba2b5fe0eb
5
reference_url https://github.com/kjur/jsrsasign/pull/645
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:P
1
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
2
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N/E:P
3
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N/E:P
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-23T14:41:01Z/
url https://github.com/kjur/jsrsasign/pull/645
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4601
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4601
7
reference_url https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370941
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:P
2
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N/E:P
3
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N/E:P
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-23T14:41:01Z/
url https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370941
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2450209
reference_id 2450209
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2450209
9
reference_url https://github.com/advisories/GHSA-w8q8-93cx-6h7r
reference_id GHSA-w8q8-93cx-6h7r
reference_type
scores
url https://github.com/advisories/GHSA-w8q8-93cx-6h7r
10
reference_url https://access.redhat.com/errata/RHSA-2026:19375
reference_id RHSA-2026:19375
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19375
11
reference_url https://access.redhat.com/errata/RHSA-2026:19409
reference_id RHSA-2026:19409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19409
12
reference_url https://access.redhat.com/errata/RHSA-2026:19410
reference_id RHSA-2026:19410
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19410
13
reference_url https://access.redhat.com/errata/RHSA-2026:6568
reference_id RHSA-2026:6568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6568
14
reference_url https://access.redhat.com/errata/RHSA-2026:6720
reference_id RHSA-2026:6720
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6720
15
reference_url https://access.redhat.com/errata/RHSA-2026:6912
reference_id RHSA-2026:6912
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6912
16
reference_url https://access.redhat.com/errata/RHSA-2026:6926
reference_id RHSA-2026:6926
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6926
fixed_packages
0
url pkg:npm/jsrsasign@11.1.1
purl pkg:npm/jsrsasign@11.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/jsrsasign@11.1.1
aliases CVE-2026-4601, GHSA-w8q8-93cx-6h7r
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b7u7-uwdr-vbgs
4
url VCID-bgv2-wbuc-wqcj
vulnerability_id VCID-bgv2-wbuc-wqcj
summary jsrsasign: jsrsasign: Cryptographic operations impacted by division by zero via malicious JSON Web Key
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4603.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4603.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4603
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01953
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4603
2
reference_url https://gist.github.com/Kr0emer/5366b7364c4fbf7e754bc377f321e9f3
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P
2
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
3
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value LOW
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T14:42:08Z/
url https://gist.github.com/Kr0emer/5366b7364c4fbf7e754bc377f321e9f3
3
reference_url https://github.com/kjur/jsrsasign
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign
4
reference_url https://github.com/kjur/jsrsasign/commit/dc41d49fac4297e7a737a3ef8ebd0aa9c49ef93f
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
2
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
3
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value LOW
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T14:42:08Z/
url https://github.com/kjur/jsrsasign/commit/dc41d49fac4297e7a737a3ef8ebd0aa9c49ef93f
5
reference_url https://github.com/kjur/jsrsasign/pull/649
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P
2
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
3
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value LOW
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T14:42:08Z/
url https://github.com/kjur/jsrsasign/pull/649
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4603
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4603
7
reference_url https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15371176
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P
2
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
3
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value LOW
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T14:42:08Z/
url https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15371176
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2450205
reference_id 2450205
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2450205
9
reference_url https://github.com/advisories/GHSA-464q-cqxq-xhgr
reference_id GHSA-464q-cqxq-xhgr
reference_type
scores
url https://github.com/advisories/GHSA-464q-cqxq-xhgr
fixed_packages
0
url pkg:npm/jsrsasign@11.1.1
purl pkg:npm/jsrsasign@11.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/jsrsasign@11.1.1
aliases CVE-2026-4603, GHSA-464q-cqxq-xhgr
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bgv2-wbuc-wqcj
5
url VCID-ddcm-ym8f-33hf
vulnerability_id VCID-ddcm-ym8f-33hf
summary 
Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in the jsrsasign package for Node.js. Its RSASSA-PSS (RSA-PSS) implementation does not detect signature manipulation/modification by prepending `\0` bytes to a signature (it accepts these modified signatures as valid). An attacker can abuse this behavior in an application by creating multiple valid signatures where only one signature should exist. Also, an attacker might prepend these bytes with the goal of triggering memory corruption issues.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-14968
reference_id
reference_type
scores
0
value 0.00546
scoring_system epss
scoring_elements 0.68205
published_at 2026-06-05T12:55:00Z
1
value 0.00546
scoring_system epss
scoring_elements 0.68165
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-14968
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14968
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14968
2
reference_url https://github.com/kjur/jsrsasign
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign
3
reference_url https://github.com/kjur/jsrsasign/commit/3bcc088c727658d7235854cd2a409a904cc2ce99
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign/commit/3bcc088c727658d7235854cd2a409a904cc2ce99
4
reference_url https://github.com/kjur/jsrsasign/issues/438
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign/issues/438
5
reference_url https://github.com/kjur/jsrsasign/releases/tag/8.0.17
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign/releases/tag/8.0.17
6
reference_url https://github.com/kjur/jsrsasign/releases/tag/8.0.18
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign/releases/tag/8.0.18
7
reference_url https://github.com/kjur/jsrsasign/security/advisories/GHSA-q3gh-5r98-j4h3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign/security/advisories/GHSA-q3gh-5r98-j4h3
8
reference_url https://kjur.github.io/jsrsasign
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://kjur.github.io/jsrsasign
9
reference_url https://kjur.github.io/jsrsasign/
reference_id
reference_type
scores
url https://kjur.github.io/jsrsasign/
10
reference_url https://kjur.github.io/jsrsasign/api/symbols/RSAKey.html#.verifyWithMessageHashPSS
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://kjur.github.io/jsrsasign/api/symbols/RSAKey.html#.verifyWithMessageHashPSS
11
reference_url https://security.netapp.com/advisory/ntap-20200724-0001
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200724-0001
12
reference_url https://security.netapp.com/advisory/ntap-20200724-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200724-0001/
13
reference_url https://vuldb.com/?id.157125
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://vuldb.com/?id.157125
14
reference_url https://www.npmjs.com/advisories/1541
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/1541
15
reference_url https://www.npmjs.com/package/jsrsasign
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/jsrsasign
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-14968
reference_id CVE-2020-14968
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-14968
17
reference_url https://github.com/advisories/GHSA-q3gh-5r98-j4h3
reference_id GHSA-q3gh-5r98-j4h3
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q3gh-5r98-j4h3
fixed_packages
0
url pkg:npm/jsrsasign@8.0.17
purl pkg:npm/jsrsasign@8.0.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1va4-6h3w-h7an
1
vulnerability VCID-3c19-m13f-vbf1
2
vulnerability VCID-ax2w-kcpr-rffk
3
vulnerability VCID-b7u7-uwdr-vbgs
4
vulnerability VCID-bgv2-wbuc-wqcj
5
vulnerability VCID-nu2y-1xy7-fff5
6
vulnerability VCID-q2dz-12f5-zbgg
7
vulnerability VCID-qayx-46yz-d3b8
8
vulnerability VCID-r434-j4qg-r3bx
9
vulnerability VCID-sm4v-ac3f-6yha
10
vulnerability VCID-tqjx-apth-9qh1
11
vulnerability VCID-y36k-rayk-dyh8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/jsrsasign@8.0.17
aliases CVE-2020-14968, GHSA-q3gh-5r98-j4h3
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ddcm-ym8f-33hf
6
url VCID-nu2y-1xy7-fff5
vulnerability_id VCID-nu2y-1xy7-fff5
summary 
Improper Verification of Cryptographic Signature
An issue was discovered in the jsrsasign package for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and `0` characters appended or prepended to an integer. The modified signatures are verified as valid. This could have a security-relevant impact if an application relied on a single canonical signature.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-14966
reference_id
reference_type
scores
0
value 0.0028
scoring_system epss
scoring_elements 0.51635
published_at 2026-06-05T12:55:00Z
1
value 0.0028
scoring_system epss
scoring_elements 0.51576
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-14966
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14966
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14966
2
reference_url https://github.com/kjur/jsrsasign
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign
3
reference_url https://github.com/kjur/jsrsasign/commit/6087412d072a57074d3c4c1b40bdde0460d53a7f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign/commit/6087412d072a57074d3c4c1b40bdde0460d53a7f
4
reference_url https://github.com/kjur/jsrsasign/issues/437
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign/issues/437
5
reference_url https://github.com/kjur/jsrsasign/releases/tag/8.0.17
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign/releases/tag/8.0.17
6
reference_url https://github.com/kjur/jsrsasign/releases/tag/8.0.18
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign/releases/tag/8.0.18
7
reference_url https://github.com/kjur/jsrsasign/security/advisories/GHSA-p8c3-7rj8-q963
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign/security/advisories/GHSA-p8c3-7rj8-q963
8
reference_url https://kjur.github.io/jsrsasign
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://kjur.github.io/jsrsasign
9
reference_url https://kjur.github.io/jsrsasign/
reference_id
reference_type
scores
url https://kjur.github.io/jsrsasign/
10
reference_url https://kjur.github.io/jsrsasign/api/symbols/ASN1HEX.html#.checkStrictDER
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://kjur.github.io/jsrsasign/api/symbols/ASN1HEX.html#.checkStrictDER
11
reference_url https://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.ECDSA.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.ECDSA.html
12
reference_url https://security.netapp.com/advisory/ntap-20200724-0001
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200724-0001
13
reference_url https://security.netapp.com/advisory/ntap-20200724-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200724-0001/
14
reference_url https://vuldb.com/?id.157123
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://vuldb.com/?id.157123
15
reference_url https://www.npmjs.com/package/jsrsasign
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/jsrsasign
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-14966
reference_id CVE-2020-14966
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-14966
17
reference_url https://github.com/advisories/GHSA-p8c3-7rj8-q963
reference_id GHSA-p8c3-7rj8-q963
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p8c3-7rj8-q963
fixed_packages
0
url pkg:npm/jsrsasign@8.0.19
purl pkg:npm/jsrsasign@8.0.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1va4-6h3w-h7an
1
vulnerability VCID-3c19-m13f-vbf1
2
vulnerability VCID-ax2w-kcpr-rffk
3
vulnerability VCID-b7u7-uwdr-vbgs
4
vulnerability VCID-bgv2-wbuc-wqcj
5
vulnerability VCID-q2dz-12f5-zbgg
6
vulnerability VCID-qayx-46yz-d3b8
7
vulnerability VCID-r434-j4qg-r3bx
8
vulnerability VCID-sm4v-ac3f-6yha
9
vulnerability VCID-tqjx-apth-9qh1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/jsrsasign@8.0.19
aliases CVE-2020-14966, GHSA-p8c3-7rj8-q963
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nu2y-1xy7-fff5
7
url VCID-q2dz-12f5-zbgg
vulnerability_id VCID-q2dz-12f5-zbgg
summary jsrsasign: jsrsasign: Signature verification bypass via negative exponent handling
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4602.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4602.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4602
reference_id
reference_type
scores
0
value 0.00078
scoring_system epss
scoring_elements 0.23423
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4602
2
reference_url https://gist.github.com/Kr0emer/7ecd2be7d17419e4677315ef3758faf5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-23T14:37:35Z/
url https://gist.github.com/Kr0emer/7ecd2be7d17419e4677315ef3758faf5
3
reference_url https://github.com/kjur/jsrsasign
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign
4
reference_url https://github.com/kjur/jsrsasign/commit/5ea1c32bb2aa894b4bd29849839afe4f98728195
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-23T14:37:35Z/
url https://github.com/kjur/jsrsasign/commit/5ea1c32bb2aa894b4bd29849839afe4f98728195
5
reference_url https://github.com/kjur/jsrsasign/pull/650
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-23T14:37:35Z/
url https://github.com/kjur/jsrsasign/pull/650
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4602
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4602
7
reference_url https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15371175
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-23T14:37:35Z/
url https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15371175
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2450206
reference_id 2450206
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2450206
9
reference_url https://github.com/advisories/GHSA-8qwj-4jxw-m8jw
reference_id GHSA-8qwj-4jxw-m8jw
reference_type
scores
url https://github.com/advisories/GHSA-8qwj-4jxw-m8jw
10
reference_url https://access.redhat.com/errata/RHSA-2026:19375
reference_id RHSA-2026:19375
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19375
11
reference_url https://access.redhat.com/errata/RHSA-2026:19409
reference_id RHSA-2026:19409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19409
12
reference_url https://access.redhat.com/errata/RHSA-2026:19410
reference_id RHSA-2026:19410
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19410
13
reference_url https://access.redhat.com/errata/RHSA-2026:6568
reference_id RHSA-2026:6568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6568
14
reference_url https://access.redhat.com/errata/RHSA-2026:6720
reference_id RHSA-2026:6720
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6720
15
reference_url https://access.redhat.com/errata/RHSA-2026:6912
reference_id RHSA-2026:6912
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6912
16
reference_url https://access.redhat.com/errata/RHSA-2026:6926
reference_id RHSA-2026:6926
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6926
fixed_packages
0
url pkg:npm/jsrsasign@11.1.1
purl pkg:npm/jsrsasign@11.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/jsrsasign@11.1.1
aliases CVE-2026-4602, GHSA-8qwj-4jxw-m8jw
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q2dz-12f5-zbgg
8
url VCID-qayx-46yz-d3b8
vulnerability_id VCID-qayx-46yz-d3b8
summary jsrsasign: jsrsasign: Denial of Service via infinite loop in bnModInverse function with crafted inputs
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4598.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4598.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4598
reference_id
reference_type
scores
0
value 0.00078
scoring_system epss
scoring_elements 0.23423
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4598
2
reference_url https://gist.github.com/Kr0emer/a1bf5cd4547cc630d2dcc5e761de8264
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-23T14:37:02Z/
url https://gist.github.com/Kr0emer/a1bf5cd4547cc630d2dcc5e761de8264
3
reference_url https://github.com/kjur/jsrsasign
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign
4
reference_url https://github.com/kjur/jsrsasign/commit/ca5b027240287a1e71fe63019fc4400332594323
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-23T14:37:02Z/
url https://github.com/kjur/jsrsasign/commit/ca5b027240287a1e71fe63019fc4400332594323
5
reference_url https://github.com/kjur/jsrsasign/pull/648
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-23T14:37:02Z/
url https://github.com/kjur/jsrsasign/pull/648
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4598
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4598
7
reference_url https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370938
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-23T14:37:02Z/
url https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370938
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2450210
reference_id 2450210
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2450210
9
reference_url https://github.com/advisories/GHSA-8g7p-jf3g-gxcp
reference_id GHSA-8g7p-jf3g-gxcp
reference_type
scores
url https://github.com/advisories/GHSA-8g7p-jf3g-gxcp
10
reference_url https://access.redhat.com/errata/RHSA-2026:19375
reference_id RHSA-2026:19375
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19375
11
reference_url https://access.redhat.com/errata/RHSA-2026:19409
reference_id RHSA-2026:19409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19409
12
reference_url https://access.redhat.com/errata/RHSA-2026:19410
reference_id RHSA-2026:19410
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19410
13
reference_url https://access.redhat.com/errata/RHSA-2026:22840
reference_id RHSA-2026:22840
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22840
14
reference_url https://access.redhat.com/errata/RHSA-2026:23361
reference_id RHSA-2026:23361
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:23361
15
reference_url https://access.redhat.com/errata/RHSA-2026:6568
reference_id RHSA-2026:6568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6568
16
reference_url https://access.redhat.com/errata/RHSA-2026:6720
reference_id RHSA-2026:6720
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6720
fixed_packages
0
url pkg:npm/jsrsasign@11.1.1
purl pkg:npm/jsrsasign@11.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/jsrsasign@11.1.1
aliases CVE-2026-4598, GHSA-8g7p-jf3g-gxcp
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qayx-46yz-d3b8
9
url VCID-r434-j4qg-r3bx
vulnerability_id VCID-r434-j4qg-r3bx
summary 
Marvin Attack of RSA and RSAOAEP decryption in jsrsasign
### Impact
RSA PKCS#1.5 or RSAOAEP ciphertexts may be decrypted by this Marvin attack vulnerability.

### Patches
update to jsrsasign 11.0.0.

### Workarounds
Find and replace RSA and RSAOAEP decryption with other crypto library.

### References
https://people.redhat.com/~hkario/marvin/
https://github.com/kjur/jsrsasign/issues/598
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21484.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21484.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-21484
reference_id
reference_type
scores
0
value 0.0024
scoring_system epss
scoring_elements 0.47278
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-21484
2
reference_url https://github.com/kjur/jsrsasign
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign
3
reference_url https://github.com/kjur/jsrsasign/issues/598
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-23T16:15:40Z/
url https://github.com/kjur/jsrsasign/issues/598
4
reference_url https://github.com/kjur/jsrsasign/releases/tag/11.0.0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-23T16:15:40Z/
url https://github.com/kjur/jsrsasign/releases/tag/11.0.0
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-21484
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-21484
6
reference_url https://people.redhat.com/~hkario/marvin
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://people.redhat.com/~hkario/marvin
7
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-23T16:15:40Z/
url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734
8
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-23T16:15:40Z/
url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733
9
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L/E:P
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-23T16:15:40Z/
url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732
10
reference_url https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-23T16:15:40Z/
url https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2259531
reference_id 2259531
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2259531
12
reference_url https://github.com/advisories/GHSA-rh63-9qcf-83gf
reference_id GHSA-rh63-9qcf-83gf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rh63-9qcf-83gf
13
reference_url https://github.com/kjur/jsrsasign/security/advisories/GHSA-rh63-9qcf-83gf
reference_id GHSA-rh63-9qcf-83gf
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign/security/advisories/GHSA-rh63-9qcf-83gf
14
reference_url https://people.redhat.com/~hkario/marvin/
reference_id marvin
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-23T16:15:40Z/
url https://people.redhat.com/~hkario/marvin/
fixed_packages
0
url pkg:npm/jsrsasign@11.0.0
purl pkg:npm/jsrsasign@11.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ax2w-kcpr-rffk
1
vulnerability VCID-b7u7-uwdr-vbgs
2
vulnerability VCID-bgv2-wbuc-wqcj
3
vulnerability VCID-q2dz-12f5-zbgg
4
vulnerability VCID-qayx-46yz-d3b8
5
vulnerability VCID-sm4v-ac3f-6yha
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/jsrsasign@11.0.0
aliases CVE-2024-21484, GHSA-rh63-9qcf-83gf, GMS-2024-46
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r434-j4qg-r3bx
10
url VCID-sm4v-ac3f-6yha
vulnerability_id VCID-sm4v-ac3f-6yha
summary jsrsasign: jsrsasign: Cryptographic signature forgery via malicious DSA domain parameters
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4600.json
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4600.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4600
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01294
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4600
2
reference_url https://gist.github.com/Kr0emer/bf15ddc097176e951659a24a8e9002a7
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://gist.github.com/Kr0emer/bf15ddc097176e951659a24a8e9002a7
3
reference_url https://github.com/kjur/jsrsasign
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign
4
reference_url https://github.com/kjur/jsrsasign/commit/37b4c06b145c7bfd6bc2a6df5d0a12c56b15ef60
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign/commit/37b4c06b145c7bfd6bc2a6df5d0a12c56b15ef60
5
reference_url https://github.com/kjur/jsrsasign/pull/646
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign/pull/646
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4600
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4600
7
reference_url https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370940
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370940
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2450208
reference_id 2450208
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2450208
9
reference_url https://github.com/advisories/GHSA-wvqx-v3f6-w8rh
reference_id GHSA-wvqx-v3f6-w8rh
reference_type
scores
url https://github.com/advisories/GHSA-wvqx-v3f6-w8rh
10
reference_url https://access.redhat.com/errata/RHSA-2026:19375
reference_id RHSA-2026:19375
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19375
11
reference_url https://access.redhat.com/errata/RHSA-2026:19409
reference_id RHSA-2026:19409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19409
12
reference_url https://access.redhat.com/errata/RHSA-2026:19410
reference_id RHSA-2026:19410
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19410
13
reference_url https://access.redhat.com/errata/RHSA-2026:6568
reference_id RHSA-2026:6568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6568
14
reference_url https://access.redhat.com/errata/RHSA-2026:6720
reference_id RHSA-2026:6720
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6720
15
reference_url https://access.redhat.com/errata/RHSA-2026:6912
reference_id RHSA-2026:6912
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6912
16
reference_url https://access.redhat.com/errata/RHSA-2026:6926
reference_id RHSA-2026:6926
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6926
fixed_packages
0
url pkg:npm/jsrsasign@11.1.1
purl pkg:npm/jsrsasign@11.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/jsrsasign@11.1.1
aliases CVE-2026-4600, GHSA-wvqx-v3f6-w8rh
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sm4v-ac3f-6yha
11
url VCID-tqjx-apth-9qh1
vulnerability_id VCID-tqjx-apth-9qh1
summary 
Signatures are mistakenly recognized to be valid in jsrsasign
In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid. NOTE: there is no known practical attack.
references
0
reference_url https://github.com/kjur/jsrsasign/issues/478
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign/issues/478
1
reference_url https://github.com/kjur/jsrsasign/releases/tag/10.1.13
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign/releases/tag/10.1.13
2
reference_url https://github.com/kjur/jsrsasign/releases/tag/10.2.0
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign/releases/tag/10.2.0
3
reference_url https://kjur.github.io/jsrsasign
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://kjur.github.io/jsrsasign
4
reference_url https://kjur.github.io/jsrsasign/
reference_id
reference_type
scores
url https://kjur.github.io/jsrsasign/
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-30246
reference_id CVE-2021-30246
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-30246
6
reference_url https://github.com/advisories/GHSA-h87q-g2wp-47pj
reference_id GHSA-h87q-g2wp-47pj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h87q-g2wp-47pj
fixed_packages
0
url pkg:npm/jsrsasign@10.2.0
purl pkg:npm/jsrsasign@10.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1va4-6h3w-h7an
1
vulnerability VCID-ax2w-kcpr-rffk
2
vulnerability VCID-b7u7-uwdr-vbgs
3
vulnerability VCID-bgv2-wbuc-wqcj
4
vulnerability VCID-q2dz-12f5-zbgg
5
vulnerability VCID-qayx-46yz-d3b8
6
vulnerability VCID-r434-j4qg-r3bx
7
vulnerability VCID-sm4v-ac3f-6yha
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/jsrsasign@10.2.0
aliases GHSA-h87q-g2wp-47pj, GMS-2022-64
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tqjx-apth-9qh1
12
url VCID-xqn4-9ppe-qye1
vulnerability_id VCID-xqn4-9ppe-qye1
summary 
ECDSA signature vulnerability of Minerva timing attack in jsrsasign
### Impact
ECDSA side-channel attack named [Minerava](https://minerva.crocs.fi.muni.cz/) have been found and it was found that it affects to jsrsasign.

Execution time of thousands signature generation have been observed then EC private key which is scalar value may be recovered since point and scalar multiplication time depends on bits of scalar. In jsrsasign 8.0.13 or later, execution time of EC point and scalar multiplication is almost constant and fixed for the issue.

- Minerva is one of timing attack or side channel attack for EC.
- If you don't use ECDSA class, you are not affected the vulnerability.
- The vulnerability is that attacker may guess private key by checking processing time of EC key generation or ECDSA signing.
- The cause issue is that point multiplication processing time in ECDSA signing is depends on private key value.
- After 8.0.13, processing time of point multiplication in ECDSA signing have become constant for key value in theory.

### Patches
Users using ECDSA signature generation should upgrade to 8.0.13 or later.

### Workarounds
There is no workarounds in jsrsasign. Update jsrsasign or use other ECDSA library.

### ACKNOWLEDGEMENT
Thanks to Jan Jancar @J08nY, Petr Svenda and Vladimir Sedlacek of Masaryk University in Czech Republic to find and report this vulnerability.

### References
https://minerva.crocs.fi.muni.cz/
https://www.npmjs.com/advisories/1505
https://github.com/kjur/jsrsasign/issues/411
references
0
reference_url https://github.com/kjur/jsrsasign
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign
1
reference_url https://github.com/kjur/jsrsasign/commit/9dcb89c57408a3d4b5b66aa9138426bd92819e73
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign/commit/9dcb89c57408a3d4b5b66aa9138426bd92819e73
2
reference_url https://github.com/kjur/jsrsasign/issues/411
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign/issues/411
3
reference_url https://github.com/kjur/jsrsasign/releases/tag/8.0.13
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign/releases/tag/8.0.13
4
reference_url https://minerva.crocs.fi.muni.cz
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://minerva.crocs.fi.muni.cz
5
reference_url https://minerva.crocs.fi.muni.cz/
reference_id
reference_type
scores
url https://minerva.crocs.fi.muni.cz/
6
reference_url https://snyk.io/vuln/SNYK-JS-JSRSASIGN-561755
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-JSRSASIGN-561755
7
reference_url https://www.npmjs.com/advisories/1505
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/1505
8
reference_url https://github.com/advisories/GHSA-g753-jx37-7xwh
reference_id GHSA-g753-jx37-7xwh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g753-jx37-7xwh
9
reference_url https://github.com/kjur/jsrsasign/security/advisories/GHSA-g753-jx37-7xwh
reference_id GHSA-g753-jx37-7xwh
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign/security/advisories/GHSA-g753-jx37-7xwh
fixed_packages
0
url pkg:npm/jsrsasign@8.0.13
purl pkg:npm/jsrsasign@8.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1va4-6h3w-h7an
1
vulnerability VCID-3c19-m13f-vbf1
2
vulnerability VCID-ax2w-kcpr-rffk
3
vulnerability VCID-b7u7-uwdr-vbgs
4
vulnerability VCID-bgv2-wbuc-wqcj
5
vulnerability VCID-ddcm-ym8f-33hf
6
vulnerability VCID-nu2y-1xy7-fff5
7
vulnerability VCID-q2dz-12f5-zbgg
8
vulnerability VCID-qayx-46yz-d3b8
9
vulnerability VCID-r434-j4qg-r3bx
10
vulnerability VCID-sm4v-ac3f-6yha
11
vulnerability VCID-tqjx-apth-9qh1
12
vulnerability VCID-y36k-rayk-dyh8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/jsrsasign@8.0.13
aliases GHSA-g753-jx37-7xwh, GMS-2020-741
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xqn4-9ppe-qye1
13
url VCID-y36k-rayk-dyh8
vulnerability_id VCID-y36k-rayk-dyh8
summary 
Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in the jsrsasign package for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending `\0` bytes to ciphertexts (it decrypts modified ciphertexts without error). An attacker might prepend these bytes with the goal of triggering memory corruption issues.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-14967
reference_id
reference_type
scores
0
value 0.00339
scoring_system epss
scoring_elements 0.56974
published_at 2026-06-05T12:55:00Z
1
value 0.00339
scoring_system epss
scoring_elements 0.56923
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-14967
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14967
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14967
2
reference_url https://github.com/kjur/jsrsasign
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign
3
reference_url https://github.com/kjur/jsrsasign/issues/439
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign/issues/439
4
reference_url https://github.com/kjur/jsrsasign/releases/tag/8.0.17
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign/releases/tag/8.0.17
5
reference_url https://github.com/kjur/jsrsasign/releases/tag/8.0.18
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign/releases/tag/8.0.18
6
reference_url https://github.com/kjur/jsrsasign/security/advisories/GHSA-xxxq-chmp-67g4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign/security/advisories/GHSA-xxxq-chmp-67g4
7
reference_url https://kjur.github.io/jsrsasign
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://kjur.github.io/jsrsasign
8
reference_url https://kjur.github.io/jsrsasign/
reference_id
reference_type
scores
url https://kjur.github.io/jsrsasign/
9
reference_url https://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.Cipher.html#.decrypt
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.Cipher.html#.decrypt
10
reference_url https://security.netapp.com/advisory/ntap-20200724-0001
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200724-0001
11
reference_url https://security.netapp.com/advisory/ntap-20200724-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200724-0001/
12
reference_url https://vuldb.com/?id.157124
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://vuldb.com/?id.157124
13
reference_url https://www.npmjs.com/package/jsrsasign
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/jsrsasign
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-14967
reference_id CVE-2020-14967
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-14967
15
reference_url https://github.com/advisories/GHSA-xxxq-chmp-67g4
reference_id GHSA-xxxq-chmp-67g4
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xxxq-chmp-67g4
fixed_packages
0
url pkg:npm/jsrsasign@8.0.18
purl pkg:npm/jsrsasign@8.0.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1va4-6h3w-h7an
1
vulnerability VCID-3c19-m13f-vbf1
2
vulnerability VCID-ax2w-kcpr-rffk
3
vulnerability VCID-b7u7-uwdr-vbgs
4
vulnerability VCID-bgv2-wbuc-wqcj
5
vulnerability VCID-nu2y-1xy7-fff5
6
vulnerability VCID-q2dz-12f5-zbgg
7
vulnerability VCID-qayx-46yz-d3b8
8
vulnerability VCID-r434-j4qg-r3bx
9
vulnerability VCID-sm4v-ac3f-6yha
10
vulnerability VCID-tqjx-apth-9qh1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/jsrsasign@8.0.18
aliases CVE-2020-14967, GHSA-xxxq-chmp-67g4
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y36k-rayk-dyh8
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/jsrsasign@8.0.11