VulnerableCode Package Details - pkg:npm/jsrsasign@10.8.6

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/jsrsasign@10.8.6

Essentials
History (7)

purl	pkg:npm/jsrsasign@10.8.6

Next non-vulnerable version	11.1.1
Latest non-vulnerable version	11.1.1
Risk	4.5

Vulnerabilities affecting this package (7)

Vulnerability	Summary	Fixed by
VCID-ax2w-kcpr-rffk Aliases: CVE-2026-4599 GHSA-5jx8-q4cp-rhh6	jsrsasign: jsrsasign: Private key recovery via incomplete comparison checks biasing DSA nonces	11.1.1 Affected by 0 other vulnerabilities.
VCID-b7u7-uwdr-vbgs Aliases: CVE-2026-4601 GHSA-w8q8-93cx-6h7r	jsrsasign: jsrsasign: Private Key Recovery via Missing Cryptographic Step in DSA Signing	11.1.1 Affected by 0 other vulnerabilities.
VCID-bgv2-wbuc-wqcj Aliases: CVE-2026-4603 GHSA-464q-cqxq-xhgr	jsrsasign: jsrsasign: Cryptographic operations impacted by division by zero via malicious JSON Web Key	11.1.1 Affected by 0 other vulnerabilities.
VCID-q2dz-12f5-zbgg Aliases: CVE-2026-4602 GHSA-8qwj-4jxw-m8jw	jsrsasign: jsrsasign: Signature verification bypass via negative exponent handling	11.1.1 Affected by 0 other vulnerabilities.
VCID-qayx-46yz-d3b8 Aliases: CVE-2026-4598 GHSA-8g7p-jf3g-gxcp	jsrsasign: jsrsasign: Denial of Service via infinite loop in bnModInverse function with crafted inputs	11.1.1 Affected by 0 other vulnerabilities.
VCID-r434-j4qg-r3bx Aliases: CVE-2024-21484 GHSA-rh63-9qcf-83gf GMS-2024-46	Marvin Attack of RSA and RSAOAEP decryption in jsrsasign ### Impact RSA PKCS#1.5 or RSAOAEP ciphertexts may be decrypted by this Marvin attack vulnerability. ### Patches update to jsrsasign 11.0.0. ### Workarounds Find and replace RSA and RSAOAEP decryption with other crypto library. ### References https://people.redhat.com/~hkario/marvin/ https://github.com/kjur/jsrsasign/issues/598	11.0.0 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-sm4v-ac3f-6yha Aliases: CVE-2026-4600 GHSA-wvqx-v3f6-w8rh	jsrsasign: jsrsasign: Cryptographic signature forgery via malicious DSA domain parameters	11.1.1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T07:33:41.379332+00:00	GitLab Importer	Affected by	VCID-q2dz-12f5-zbgg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/jsrsasign/CVE-2026-4602.yml	38.6.0
2026-06-06T07:33:22.621972+00:00	GitLab Importer	Affected by	VCID-qayx-46yz-d3b8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/jsrsasign/CVE-2026-4598.yml	38.6.0
2026-06-06T07:33:18.301653+00:00	GitLab Importer	Affected by	VCID-bgv2-wbuc-wqcj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/jsrsasign/CVE-2026-4603.yml	38.6.0
2026-06-06T07:33:17.334060+00:00	GitLab Importer	Affected by	VCID-b7u7-uwdr-vbgs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/jsrsasign/CVE-2026-4601.yml	38.6.0
2026-06-06T07:33:09.804652+00:00	GitLab Importer	Affected by	VCID-sm4v-ac3f-6yha	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/jsrsasign/CVE-2026-4600.yml	38.6.0
2026-06-06T07:33:03.795845+00:00	GitLab Importer	Affected by	VCID-ax2w-kcpr-rffk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/jsrsasign/CVE-2026-4599.yml	38.6.0
2026-06-06T04:31:31.871173+00:00	GitLab Importer	Affected by	VCID-r434-j4qg-r3bx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/jsrsasign/GMS-2024-46.yml	38.6.0