VulnerableCode Package Details - pkg:npm/sm-crypto@0.3.14

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/sm-crypto@0.3.14

Essentials
History (2)

purl	pkg:npm/sm-crypto@0.3.14

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (2)

Vulnerability	Summary	Aliases
VCID-1bk8-d5bu-1uh9	sm-crypto Affected by Signature Malleability in SM2-DSA A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library. An attacker can derive a new valid signature for a previously signed message from an existing signature.	CVE-2026-23967 GHSA-qv7w-v773-3xqm
VCID-ycz9-vn64-b7fj	sm-crypto Affected by Private Key Recovery in SM2-PKE A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto. By interacting with the SM2 decryption interface multiple times, an attacker can fully recover the private key within approximately several hundred interactions.	CVE-2026-23966 GHSA-pgx9-497m-6c4v

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:49:38.200489+00:00	GitLab Importer	Fixing	VCID-ycz9-vn64-b7fj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/sm-crypto/CVE-2026-23966.yml	38.6.0
2026-06-02T04:49:37.552842+00:00	GitLab Importer	Fixing	VCID-1bk8-d5bu-1uh9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/sm-crypto/CVE-2026-23967.yml	38.6.0