Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/openpgp@3.0.7

Type npm

Namespace

Name openpgp

Version 3.0.7

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.2.1

Latest_non_vulnerable_version 6.1.1

Affected_by_vulnerabilities

url VCID-1k95-3kbq-9ker

vulnerability_id VCID-1k95-3kbq-9ker

summary

Improper Verification of Cryptographic Signature
Improper Verification of a Cryptographic Signature in OpenPGP.js allows an attacker to pass off unsigned data as signed.

references

reference_url

http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-9154

reference_id

reference_type

scores

value	0.00389
scoring_system	epss
scoring_elements	0.60313
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-9154

reference_url

https://github.com/openpgpjs/openpgpjs/pull/797

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openpgpjs/openpgpjs/pull/797

reference_url

https://github.com/openpgpjs/openpgpjs/pull/797/commits/47138eed61473e13ee8f05931119d3e10542c5e1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openpgpjs/openpgpjs/pull/797/commits/47138eed61473e13ee8f05931119d3e10542c5e1

reference_url

https://github.com/openpgpjs/openpgpjs/releases/tag/v4.2.0

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openpgpjs/openpgpjs/releases/tag/v4.2.0

reference_url

https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js

reference_url

https://snyk.io/vuln/SNYK-JS-OPENPGP-460247

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-OPENPGP-460247

reference_url

https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1

reference_url

https://www.npmjs.com/advisories/1161

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/advisories/1161

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-9154

reference_id

CVE-2019-9154

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-9154

fixed_packages

url pkg:npm/openpgp@4.2.0

purl pkg:npm/openpgp@4.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1nnb-p2s9-8qef

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/openpgp@4.2.0

aliases CVE-2019-9154, GHSA-hfmf-q43v-2ffj

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1k95-3kbq-9ker

url VCID-1nnb-p2s9-8qef

vulnerability_id VCID-1nnb-p2s9-8qef

summary

Cryptographic Issues
A cryptographic issue in OpenPGP.js allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim's ECDH private key.

references

reference_url

http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-9155

reference_id

reference_type

scores

value	0.00309
scoring_system	epss
scoring_elements	0.54367
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-9155

reference_url

https://github.com/openpgpjs/openpgpjs/pull/853

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openpgpjs/openpgpjs/pull/853

reference_url

https://github.com/openpgpjs/openpgpjs/pull/853/commits/7ba4f8c655e7fd7706e8d7334e44b40fdf56c43e

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openpgpjs/openpgpjs/pull/853/commits/7ba4f8c655e7fd7706e8d7334e44b40fdf56c43e

reference_url

https://github.com/openpgpjs/openpgpjs/releases/tag/v4.3.0

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openpgpjs/openpgpjs/releases/tag/v4.3.0

reference_url

https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js

reference_url

https://snyk.io/vuln/SNYK-JS-OPENPGP-460225

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-OPENPGP-460225

reference_url

https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1

reference_url

https://www.npmjs.com/advisories/1159

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/advisories/1159

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-9155

reference_id

CVE-2019-9155

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-9155

fixed_packages

url	pkg:npm/openpgp@4.2.1
purl	pkg:npm/openpgp@4.2.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/openpgp@4.2.1

url	pkg:npm/openpgp@4.3.0
purl	pkg:npm/openpgp@4.3.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/openpgp@4.3.0

aliases CVE-2019-9155, GHSA-77jf-fjjf-xcww

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1nnb-p2s9-8qef

url VCID-7ufh-3v6b-v3h9

vulnerability_id VCID-7ufh-3v6b-v3h9

summary

Improper Verification of Cryptographic Signature
Improper Verification of a Cryptographic Signature in OpenPGP.js allows an attacker to forge signed messages by replacing its signatures with a `standalone` or `timestamp` signature.

references

reference_url

http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-9153

reference_id

reference_type

scores

value	0.00362
scoring_system	epss
scoring_elements	0.58629
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-9153

reference_url

https://github.com/openpgpjs/openpgpjs/pull/797/commits/327d3e5392a6f59a4270569d200c7f7a2bfc4cbc

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openpgpjs/openpgpjs/pull/797/commits/327d3e5392a6f59a4270569d200c7f7a2bfc4cbc

reference_url

https://github.com/openpgpjs/openpgpjs/pull/816

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openpgpjs/openpgpjs/pull/816

reference_url

https://github.com/openpgpjs/openpgpjs/releases/tag/v4.2.0

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openpgpjs/openpgpjs/releases/tag/v4.2.0

reference_url

https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js

reference_url

https://snyk.io/vuln/SNYK-JS-OPENPGP-460248

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-OPENPGP-460248

reference_url

https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1

reference_url

https://www.npmjs.com/advisories/1160

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/advisories/1160

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-9153

reference_id

CVE-2019-9153

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-9153

fixed_packages

url pkg:npm/openpgp@4.2.0

purl pkg:npm/openpgp@4.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1nnb-p2s9-8qef

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/openpgp@4.2.0

aliases CVE-2019-9153, GHSA-qwqc-28w3-fww6

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ufh-3v6b-v3h9

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/openpgp@3.0.7

Package Instance