Search for packages
| purl | pkg:npm/node-forge@0.10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4ax1-dngv-dfed
Aliases: GHSA-5rrq-pxf6-6jx5 GMS-2022-66 |
Prototype Pollution in node-forge debug API. |
Affected by 10 other vulnerabilities. |
|
VCID-64cy-gjgm-d3b1
Aliases: CVE-2025-12816 GHSA-5gfm-wpxj-wjgq |
Affected by 4 other vulnerabilities. |
|
|
VCID-6vg2-h2n1-1ubp
Aliases: CVE-2026-33895 GHSA-q67f-28xg-22rw |
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order (`S >= L`). A valid signature and its `S + L` variant both verify in forge, while Node.js `crypto.verify` (OpenSSL-backed) rejects the `S + L` variant, as defined by the specification. This class of signature malleability has been exploited in practice to bypass authentication and authorization logic (see CVE-2026-25793, CVE-2022-35961). Applications relying on signature uniqueness (i.e., dedup by signature bytes, replay tracking, signed-object canonicalization checks) may be bypassed. Version 1.4.0 patches the issue. |
Affected by 0 other vulnerabilities. |
|
VCID-918k-jaua-efcg
Aliases: CVE-2022-24771 GHSA-cfm4-qjh2-4765 |
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds. |
Affected by 7 other vulnerabilities. |
|
VCID-9jed-5rk2-fuha
Aliases: CVE-2022-0122 GHSA-8fr3-hfg3-gpgp |
Open Redirect in node-forge |
Affected by 10 other vulnerabilities. |
|
VCID-euc2-gvgf-wuc6
Aliases: GHSA-gf8q-jrpm-jvxq GMS-2022-67 |
URL parsing in node-forge could lead to undesired behavior. |
Affected by 10 other vulnerabilities. |
|
VCID-jeym-9d7x-dqgp
Aliases: CVE-2025-66030 GHSA-65ch-62r8-g69g |
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2. |
Affected by 4 other vulnerabilities. |
|
VCID-jzq5-zkxm-kka3
Aliases: CVE-2026-33896 GHSA-2328-f5f3-gj25 |
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, `pki.verifyCertificateChain()` does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the `basicConstraints` and `keyUsage` extensions. This allows any leaf certificate (without these extensions) to act as a CA and sign other certificates, which node-forge will accept as valid. Version 1.4.0 patches the issue. |
Affected by 0 other vulnerabilities. |
|
VCID-pc81-tj49-j3fs
Aliases: CVE-2026-33894 GHSA-ppp5-5v6c-4jwp |
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can forge signatures by stuffing “garbage” bytes within the ASN structure in order to construct a signature that passes verification, enabling Bleichenbacher style forgery. This issue is similar to CVE-2022-24771, but adds bytes in an addition field within the ASN structure, rather than outside of it. Additionally, forge does not validate that signatures include a minimum of 8 bytes of padding as defined by the specification, providing attackers additional space to construct Bleichenbacher forgeries. Version 1.4.0 patches the issue. |
Affected by 0 other vulnerabilities. |
|
VCID-rass-mdkt-27e6
Aliases: CVE-2022-24773 GHSA-2r2c-g63r-vccr |
Improper Verification of Cryptographic Signature in `node-forge` |
Affected by 7 other vulnerabilities. |
|
VCID-rmdy-g122-rkba
Aliases: CVE-2025-66031 GHSA-554w-wpv2-vw27 |
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2. |
Affected by 4 other vulnerabilities. |
|
VCID-ytae-c7vj-f7ga
Aliases: CVE-2022-24772 GHSA-x4jg-mjrx-434g |
Improper Verification of Cryptographic Signature in node-forge |
Affected by 7 other vulnerabilities. |
|
VCID-z7tw-mtdc-wfd3
Aliases: CVE-2026-33891 GHSA-5m6q-g25r-mvwx |
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service (DoS) vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse() function (inherited from the bundled jsbn library). When modInverse() is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachable exit condition, causing the process to hang indefinitely and consume 100% CPU. Version 1.4.0 patches the issue. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-vycv-4cyf-bubz | Prototype Pollution in node-forge util.setPath API |
GHSA-wxgw-qj99-44c2
|
| VCID-xhjk-8ujw-6bc8 | Prototype Pollution in node-forge |
CVE-2020-7720
GHSA-92xj-mqp7-vmcj |