Search for packages
| purl | pkg:npm/openpgp@2.3.8 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1k95-3kbq-9ker
Aliases: CVE-2019-9154 GHSA-hfmf-q43v-2ffj |
Improper Verification of Cryptographic Signature Improper Verification of a Cryptographic Signature in OpenPGP.js allows an attacker to pass off unsigned data as signed. |
Affected by 1 other vulnerability. |
|
VCID-1nnb-p2s9-8qef
Aliases: CVE-2019-9155 GHSA-77jf-fjjf-xcww |
Cryptographic Issues A cryptographic issue in OpenPGP.js allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim's ECDH private key. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-7ufh-3v6b-v3h9
Aliases: CVE-2019-9153 GHSA-qwqc-28w3-fww6 |
Improper Verification of Cryptographic Signature Improper Verification of a Cryptographic Signature in OpenPGP.js allows an attacker to forge signed messages by replacing its signatures with a `standalone` or `timestamp` signature. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-04T20:24:14.698391+00:00 | GitLab Importer | Affected by | VCID-1k95-3kbq-9ker | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/openpgp/CVE-2019-9154.yml | 38.6.0 |
| 2026-06-04T20:24:14.428304+00:00 | GitLab Importer | Affected by | VCID-7ufh-3v6b-v3h9 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/openpgp/CVE-2019-9153.yml | 38.6.0 |
| 2026-06-04T20:24:14.125345+00:00 | GitLab Importer | Affected by | VCID-1nnb-p2s9-8qef | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/openpgp/CVE-2019-9155.yml | 38.6.0 |