VulnerableCode Package Details - pkg:npm/openpgp@4.2.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-1nnb-p2s9-8qef Aliases: CVE-2019-9155 GHSA-77jf-fjjf-xcww	Cryptographic Issues A cryptographic issue in OpenPGP.js allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim's ECDH private key.	4.2.1 Affected by 0 other vulnerabilities. 4.3.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-1nnb-p2s9-8qef
Aliases:
CVE-2019-9155
GHSA-77jf-fjjf-xcww

Cryptographic Issues A cryptographic issue in OpenPGP.js allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim's ECDH private key.

4.2.1
Affected by 0 other vulnerabilities.

4.3.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1k95-3kbq-9ker	Improper Verification of Cryptographic Signature Improper Verification of a Cryptographic Signature in OpenPGP.js allows an attacker to pass off unsigned data as signed.	CVE-2019-9154 GHSA-hfmf-q43v-2ffj
VCID-7ufh-3v6b-v3h9	Improper Verification of Cryptographic Signature Improper Verification of a Cryptographic Signature in OpenPGP.js allows an attacker to forge signed messages by replacing its signatures with a `standalone` or `timestamp` signature.	CVE-2019-9153 GHSA-qwqc-28w3-fww6

Vulnerability

Summary

Aliases

VCID-1k95-3kbq-9ker

Improper Verification of Cryptographic Signature Improper Verification of a Cryptographic Signature in OpenPGP.js allows an attacker to pass off unsigned data as signed.

CVE-2019-9154
GHSA-hfmf-q43v-2ffj

VCID-7ufh-3v6b-v3h9

Improper Verification of Cryptographic Signature Improper Verification of a Cryptographic Signature in OpenPGP.js allows an attacker to forge signed messages by replacing its signatures with a `standalone` or `timestamp` signature.

CVE-2019-9153
GHSA-qwqc-28w3-fww6

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T17:42:21.843014+00:00	GithubOSV Importer	Fixing	VCID-7ufh-3v6b-v3h9	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/08/GHSA-qwqc-28w3-fww6/GHSA-qwqc-28w3-fww6.json	38.6.0
2026-06-04T17:42:20.875250+00:00	GithubOSV Importer	Fixing	VCID-1k95-3kbq-9ker	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/08/GHSA-hfmf-q43v-2ffj/GHSA-hfmf-q43v-2ffj.json	38.6.0
2026-06-04T16:19:33.192727+00:00	GitLab Importer	Fixing	VCID-1k95-3kbq-9ker	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/openpgp/CVE-2019-9154.yml	38.6.0
2026-06-04T16:19:33.173140+00:00	GitLab Importer	Fixing	VCID-7ufh-3v6b-v3h9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/openpgp/CVE-2019-9153.yml	38.6.0
2026-06-04T16:19:33.151665+00:00	GitLab Importer	Affected by	VCID-1nnb-p2s9-8qef	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/openpgp/CVE-2019-9155.yml	38.6.0