{"url":"http://public2.vulnerablecode.io/api/packages/264391?format=json","purl":"pkg:npm/node-forge@0.7.6","type":"npm","namespace":"","name":"node-forge","version":"0.7.6","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.4.0","latest_non_vulnerable_version":"1.4.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64127?format=json","vulnerability_id":"VCID-8d9g-bpj3-byaq","summary":"node-forge: node-forge: Denial of Service via infinite loop in BigInteger.modInverse()","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33891.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33891.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33891","reference_id":"","reference_type":"","scores":[{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23747","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23859","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23844","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23794","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23741","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33891"},{"reference_url":"https://github.com/digitalbazaar/forge","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge"},{"reference_url":"https://github.com/digitalbazaar/forge/commit/9bb8d67b99d17e4ebb5fd7596cd699e11f25d023","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-30T15:38:00Z/"}],"url":"https://github.com/digitalbazaar/forge/commit/9bb8d67b99d17e4ebb5fd7596cd699e11f25d023"},{"reference_url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-30T15:38:00Z/"}],"url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33891","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33891"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452450","reference_id":"2452450","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452450"},{"reference_url":"https://github.com/advisories/GHSA-5m6q-g25r-mvwx","reference_id":"GHSA-5m6q-g25r-mvwx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5m6q-g25r-mvwx"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13826","reference_id":"RHSA-2026:13826","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13826"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9742","reference_id":"RHSA-2026:9742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9742"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/112594?format=json","purl":"pkg:npm/node-forge@1.4.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/node-forge@1.4.0"}],"aliases":["CVE-2026-33891","GHSA-5m6q-g25r-mvwx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8d9g-bpj3-byaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42011?format=json","vulnerability_id":"VCID-bxwv-7npc-sybq","summary":"URL parsing in node-forge could lead to undesired behavior.\n### Impact\nThe regex used for the `forge.util.parseUrl` API would not properly parse certain inputs resulting in a parsed data structure that could lead to undesired behavior.\n\n### Patches\n`forge.util.parseUrl` and other very old related URL APIs were removed in 1.0.0 in favor of letting applications use the more modern WHATWG URL Standard API.\n\n### Workarounds\nEnsure code does not directly or indirectly call `forge.util.parseUrl` with untrusted input.\n\n### References\n- https://www.huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae/\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [forge](https://github.com/digitalbazaar/forge)\n* Email us at support@digitalbazaar.com","references":[{"reference_url":"https://github.com/digitalbazaar/forge","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge"},{"reference_url":"https://www.huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0122","reference_id":"CVE-2022-0122","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0122"},{"reference_url":"https://github.com/advisories/GHSA-gf8q-jrpm-jvxq","reference_id":"GHSA-gf8q-jrpm-jvxq","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gf8q-jrpm-jvxq"},{"reference_url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-gf8q-jrpm-jvxq","reference_id":"GHSA-gf8q-jrpm-jvxq","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-gf8q-jrpm-jvxq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60074?format=json","purl":"pkg:npm/node-forge@1.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8d9g-bpj3-byaq"},{"vulnerability":"VCID-d93n-78t2-2yh9"},{"vulnerability":"VCID-exx8-brpk-jfh3"},{"vulnerability":"VCID-fsbk-qxz8-auc4"},{"vulnerability":"VCID-fwyq-bhrg-ubb1"},{"vulnerability":"VCID-j1xr-n7sf-37cp"},{"vulnerability":"VCID-pks8-n38c-buc1"},{"vulnerability":"VCID-sd42-1283-xudy"},{"vulnerability":"VCID-v6bk-ch7f-r3as"},{"vulnerability":"VCID-vmbx-7g36-7qbg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/node-forge@1.0.0"}],"aliases":["GHSA-gf8q-jrpm-jvxq","GMS-2022-67"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bxwv-7npc-sybq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49257?format=json","vulnerability_id":"VCID-d93n-78t2-2yh9","summary":"node-forge is vulnerable to ASN.1 OID Integer Truncation\n**MITRE-Formatted CVE Description**\nAn Integer Overflow (CWE-190) vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66030.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66030.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66030","reference_id":"","reference_type":"","scores":[{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22393","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22498","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22486","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22436","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22385","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66030"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66030","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66030"},{"reference_url":"https://github.com/digitalbazaar/forge","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge"},{"reference_url":"https://github.com/digitalbazaar/forge/commit/3e0c35ace169cfca529a3e547a7848dc7bf57fdb","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-28T18:24:09Z/"}],"url":"https://github.com/digitalbazaar/forge/commit/3e0c35ace169cfca529a3e547a7848dc7bf57fdb"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2417384","reference_id":"2417384","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2417384"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66030","reference_id":"CVE-2025-66030","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66030"},{"reference_url":"https://github.com/advisories/GHSA-65ch-62r8-g69g","reference_id":"GHSA-65ch-62r8-g69g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-65ch-62r8-g69g"},{"reference_url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-65ch-62r8-g69g","reference_id":"GHSA-65ch-62r8-g69g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-28T18:24:09Z/"}],"url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-65ch-62r8-g69g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/72452?format=json","purl":"pkg:npm/node-forge@1.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8d9g-bpj3-byaq"},{"vulnerability":"VCID-fwyq-bhrg-ubb1"},{"vulnerability":"VCID-sd42-1283-xudy"},{"vulnerability":"VCID-v6bk-ch7f-r3as"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/node-forge@1.3.2"}],"aliases":["CVE-2025-66030","GHSA-65ch-62r8-g69g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d93n-78t2-2yh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49153?format=json","vulnerability_id":"VCID-exx8-brpk-jfh3","summary":"node-forge has an Interpretation Conflict vulnerability via its ASN.1 Validator Desynchronization\nCVE-2025-12816 has been reserved by CERT/CC\n\n**Description**\nAn Interpretation Conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12816.json","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12816.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12816","reference_id":"","reference_type":"","scores":[{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21793","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21786","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21902","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21844","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.2189","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12816"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12816","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12816"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/digitalbazaar/forge","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-25T20:21:37Z/"}],"url":"https://github.com/digitalbazaar/forge"},{"reference_url":"https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/asn1.js#L1153","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/asn1.js#L1153"},{"reference_url":"https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/ed25519.js#L81","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/ed25519.js#L81"},{"reference_url":"https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/pbe.js#L363","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/pbe.js#L363"},{"reference_url":"https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/pkcs12.js#L328","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/pkcs12.js#L328"},{"reference_url":"https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/pkcs7.js#L90","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/pkcs7.js#L90"},{"reference_url":"https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/rsa.js#L1167","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/rsa.js#L1167"},{"reference_url":"https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/x509.js#L667","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/x509.js#L667"},{"reference_url":"https://github.com/digitalbazaar/forge/pull/1124","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-25T20:21:37Z/"}],"url":"https://github.com/digitalbazaar/forge/pull/1124"},{"reference_url":"https://kb.cert.org/vuls/id/521113","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-25T20:21:37Z/"}],"url":"https://kb.cert.org/vuls/id/521113"},{"reference_url":"https://www.kb.cert.org/vuls/id/521113","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.kb.cert.org/vuls/id/521113"},{"reference_url":"https://www.npmjs.com/package/node-forge","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-25T20:21:37Z/"}],"url":"https://www.npmjs.com/package/node-forge"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2417097","reference_id":"2417097","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2417097"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12816","reference_id":"CVE-2025-12816","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12816"},{"reference_url":"https://github.com/advisories/GHSA-5gfm-wpxj-wjgq","reference_id":"GHSA-5gfm-wpxj-wjgq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5gfm-wpxj-wjgq"},{"reference_url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq","reference_id":"GHSA-5gfm-wpxj-wjgq","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-25T20:21:37Z/"}],"url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22936","reference_id":"RHSA-2025:22936","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22936"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22937","reference_id":"RHSA-2025:22937","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22937"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22938","reference_id":"RHSA-2025:22938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22941","reference_id":"RHSA-2025:22941","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22941"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0261","reference_id":"RHSA-2026:0261","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0261"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0414","reference_id":"RHSA-2026:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0518","reference_id":"RHSA-2026:0518","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0518"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1248","reference_id":"RHSA-2026:1248","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1248"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1517","reference_id":"RHSA-2026:1517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1730","reference_id":"RHSA-2026:1730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1942","reference_id":"RHSA-2026:1942","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1942"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19712","reference_id":"RHSA-2026:19712","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19712"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20041","reference_id":"RHSA-2026:20041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2106","reference_id":"RHSA-2026:2106","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2256","reference_id":"RHSA-2026:2256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2350","reference_id":"RHSA-2026:2350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2456","reference_id":"RHSA-2026:2456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2500","reference_id":"RHSA-2026:2500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2568","reference_id":"RHSA-2026:2568","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2568"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2695","reference_id":"RHSA-2026:2695","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2695"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2737","reference_id":"RHSA-2026:2737","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2737"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2754","reference_id":"RHSA-2026:2754","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2754"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2762","reference_id":"RHSA-2026:2762","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2762"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2900","reference_id":"RHSA-2026:2900","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2900"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3710","reference_id":"RHSA-2026:3710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3712","reference_id":"RHSA-2026:3712","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3712"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3713","reference_id":"RHSA-2026:3713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3825","reference_id":"RHSA-2026:3825","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3825"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3869","reference_id":"RHSA-2026:3869","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3869"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3874","reference_id":"RHSA-2026:3874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4185","reference_id":"RHSA-2026:4185","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4185"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4215","reference_id":"RHSA-2026:4215","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4215"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5807","reference_id":"RHSA-2026:5807","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5807"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/72452?format=json","purl":"pkg:npm/node-forge@1.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8d9g-bpj3-byaq"},{"vulnerability":"VCID-fwyq-bhrg-ubb1"},{"vulnerability":"VCID-sd42-1283-xudy"},{"vulnerability":"VCID-v6bk-ch7f-r3as"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/node-forge@1.3.2"}],"aliases":["CVE-2025-12816","GHSA-5gfm-wpxj-wjgq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-exx8-brpk-jfh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42744?format=json","vulnerability_id":"VCID-fsbk-qxz8-auc4","summary":"Improper Verification of Cryptographic Signature\nForge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24771.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24771.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24771","reference_id":"","reference_type":"","scores":[{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.3934","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39327","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.3929","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39384","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.3938","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39355","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24771"},{"reference_url":"https://github.com/digitalbazaar/forge","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge"},{"reference_url":"https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:40Z/"}],"url":"https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1"},{"reference_url":"https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2067387","reference_id":"2067387","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2067387"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24771","reference_id":"CVE-2022-24771","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24771"},{"reference_url":"https://github.com/advisories/GHSA-cfm4-qjh2-4765","reference_id":"GHSA-cfm4-qjh2-4765","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cfm4-qjh2-4765"},{"reference_url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765","reference_id":"GHSA-cfm4-qjh2-4765","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:40Z/"}],"url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1739","reference_id":"RHSA-2022:1739","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1739"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6156","reference_id":"RHSA-2022:6156","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6156"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6835","reference_id":"RHSA-2022:6835","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6835"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61038?format=json","purl":"pkg:npm/node-forge@1.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8d9g-bpj3-byaq"},{"vulnerability":"VCID-d93n-78t2-2yh9"},{"vulnerability":"VCID-exx8-brpk-jfh3"},{"vulnerability":"VCID-fwyq-bhrg-ubb1"},{"vulnerability":"VCID-pks8-n38c-buc1"},{"vulnerability":"VCID-sd42-1283-xudy"},{"vulnerability":"VCID-v6bk-ch7f-r3as"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/node-forge@1.3.0"}],"aliases":["CVE-2022-24771","GHSA-cfm4-qjh2-4765"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fsbk-qxz8-auc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64123?format=json","vulnerability_id":"VCID-fwyq-bhrg-ubb1","summary":"node-forge: Forge (node-forge): Certificate validation bypass allows unauthorized certificate issuance","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33896.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33896.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33896","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10559","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10635","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10659","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10621","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10536","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33896"},{"reference_url":"https://github.com/digitalbazaar/forge","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge"},{"reference_url":"https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-30T18:53:46Z/"}],"url":"https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90"},{"reference_url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-30T18:53:46Z/"}],"url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33896","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33896"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452458","reference_id":"2452458","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452458"},{"reference_url":"https://github.com/advisories/GHSA-2328-f5f3-gj25","reference_id":"GHSA-2328-f5f3-gj25","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2328-f5f3-gj25"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13826","reference_id":"RHSA-2026:13826","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13826"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9742","reference_id":"RHSA-2026:9742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9742"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/112594?format=json","purl":"pkg:npm/node-forge@1.4.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/node-forge@1.4.0"}],"aliases":["CVE-2026-33896","GHSA-2328-f5f3-gj25"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fwyq-bhrg-ubb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42748?format=json","vulnerability_id":"VCID-j1xr-n7sf-37cp","summary":"Improper Verification of Cryptographic Signature\nForge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a `DigestInfo` ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24772.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24772.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24772","reference_id":"","reference_type":"","scores":[{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34366","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.3448","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34464","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34421","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34401","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34444","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24772"},{"reference_url":"https://github.com/digitalbazaar/forge","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge"},{"reference_url":"https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1"},{"reference_url":"https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2067458","reference_id":"2067458","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2067458"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24772","reference_id":"CVE-2022-24772","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24772"},{"reference_url":"https://github.com/advisories/GHSA-x4jg-mjrx-434g","reference_id":"GHSA-x4jg-mjrx-434g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x4jg-mjrx-434g"},{"reference_url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g","reference_id":"GHSA-x4jg-mjrx-434g","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1739","reference_id":"RHSA-2022:1739","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1739"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6156","reference_id":"RHSA-2022:6156","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6156"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6835","reference_id":"RHSA-2022:6835","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6835"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61038?format=json","purl":"pkg:npm/node-forge@1.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8d9g-bpj3-byaq"},{"vulnerability":"VCID-d93n-78t2-2yh9"},{"vulnerability":"VCID-exx8-brpk-jfh3"},{"vulnerability":"VCID-fwyq-bhrg-ubb1"},{"vulnerability":"VCID-pks8-n38c-buc1"},{"vulnerability":"VCID-sd42-1283-xudy"},{"vulnerability":"VCID-v6bk-ch7f-r3as"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/node-forge@1.3.0"}],"aliases":["CVE-2022-24772","GHSA-x4jg-mjrx-434g"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j1xr-n7sf-37cp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49256?format=json","vulnerability_id":"VCID-pks8-n38c-buc1","summary":"node-forge has ASN.1 Unbounded Recursion\nAn Uncontrolled Recursion (CWE-674) vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66031.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66031.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66031","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17866","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17963","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.1796","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17924","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17848","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66031"},{"reference_url":"https://github.com/digitalbazaar/forge","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge"},{"reference_url":"https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-28T18:26:11Z/"}],"url":"https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2417397","reference_id":"2417397","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2417397"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66031","reference_id":"CVE-2025-66031","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66031"},{"reference_url":"https://github.com/advisories/GHSA-554w-wpv2-vw27","reference_id":"GHSA-554w-wpv2-vw27","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-554w-wpv2-vw27"},{"reference_url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27","reference_id":"GHSA-554w-wpv2-vw27","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-28T18:26:11Z/"}],"url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22861","reference_id":"RHSA-2025:22861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22936","reference_id":"RHSA-2025:22936","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22936"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22937","reference_id":"RHSA-2025:22937","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22937"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22938","reference_id":"RHSA-2025:22938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22941","reference_id":"RHSA-2025:22941","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22941"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0261","reference_id":"RHSA-2026:0261","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0261"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0414","reference_id":"RHSA-2026:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0518","reference_id":"RHSA-2026:0518","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0518"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1248","reference_id":"RHSA-2026:1248","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1248"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1517","reference_id":"RHSA-2026:1517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1596","reference_id":"RHSA-2026:1596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1730","reference_id":"RHSA-2026:1730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19712","reference_id":"RHSA-2026:19712","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19712"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20041","reference_id":"RHSA-2026:20041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2350","reference_id":"RHSA-2026:2350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2456","reference_id":"RHSA-2026:2456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2568","reference_id":"RHSA-2026:2568","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2568"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2737","reference_id":"RHSA-2026:2737","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2737"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2754","reference_id":"RHSA-2026:2754","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2754"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2762","reference_id":"RHSA-2026:2762","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2762"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2900","reference_id":"RHSA-2026:2900","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2900"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3710","reference_id":"RHSA-2026:3710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3712","reference_id":"RHSA-2026:3712","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3712"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3713","reference_id":"RHSA-2026:3713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3874","reference_id":"RHSA-2026:3874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5807","reference_id":"RHSA-2026:5807","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5807"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/72452?format=json","purl":"pkg:npm/node-forge@1.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8d9g-bpj3-byaq"},{"vulnerability":"VCID-fwyq-bhrg-ubb1"},{"vulnerability":"VCID-sd42-1283-xudy"},{"vulnerability":"VCID-v6bk-ch7f-r3as"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/node-forge@1.3.2"}],"aliases":["CVE-2025-66031","GHSA-554w-wpv2-vw27"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pks8-n38c-buc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41968?format=json","vulnerability_id":"VCID-ps6c-wek9-k7c5","summary":"URL Redirection to Untrusted Site ('Open Redirect')\nforge is vulnerable to URL Redirection to Untrusted Site","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0122","reference_id":"","reference_type":"","scores":[{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54926","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54919","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54898","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54859","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54917","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0122"},{"reference_url":"https://github.com/digitalbazaar/forge","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge"},{"reference_url":"https://github.com/digitalbazaar/forge/commit/db8016c805371e72b06d8e2edfe0ace0df934a5e","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/commit/db8016c805371e72b06d8e2edfe0ace0df934a5e"},{"reference_url":"https://huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0122","reference_id":"CVE-2022-0122","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0122"},{"reference_url":"https://github.com/advisories/GHSA-8fr3-hfg3-gpgp","reference_id":"GHSA-8fr3-hfg3-gpgp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8fr3-hfg3-gpgp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60074?format=json","purl":"pkg:npm/node-forge@1.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8d9g-bpj3-byaq"},{"vulnerability":"VCID-d93n-78t2-2yh9"},{"vulnerability":"VCID-exx8-brpk-jfh3"},{"vulnerability":"VCID-fsbk-qxz8-auc4"},{"vulnerability":"VCID-fwyq-bhrg-ubb1"},{"vulnerability":"VCID-j1xr-n7sf-37cp"},{"vulnerability":"VCID-pks8-n38c-buc1"},{"vulnerability":"VCID-sd42-1283-xudy"},{"vulnerability":"VCID-v6bk-ch7f-r3as"},{"vulnerability":"VCID-vmbx-7g36-7qbg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/node-forge@1.0.0"}],"aliases":["CVE-2022-0122","GHSA-8fr3-hfg3-gpgp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ps6c-wek9-k7c5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42002?format=json","vulnerability_id":"VCID-q55u-tkwp-t7ek","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7720.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7720.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7720","reference_id":"","reference_type":"","scores":[{"value":"0.02085","scoring_system":"epss","scoring_elements":"0.84335","published_at":"2026-06-09T12:55:00Z"},{"value":"0.02085","scoring_system":"epss","scoring_elements":"0.84322","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02085","scoring_system":"epss","scoring_elements":"0.84334","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02085","scoring_system":"epss","scoring_elements":"0.84341","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02085","scoring_system":"epss","scoring_elements":"0.84337","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02085","scoring_system":"epss","scoring_elements":"0.84314","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7720"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7720","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7720"},{"reference_url":"https://github.com/digitalbazaar/forge","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge"},{"reference_url":"https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md"},{"reference_url":"https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md#removed","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md#removed"},{"reference_url":"https://github.com/digitalbazaar/forge/commit/6a1e3ef74f6eb345bcff1b82184201d1e28b6756","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/commit/6a1e3ef74f6eb345bcff1b82184201d1e28b6756"},{"reference_url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-609293","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-609293"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1874606","reference_id":"1874606","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1874606"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969669","reference_id":"969669","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969669"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7720","reference_id":"CVE-2020-7720","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7720"},{"reference_url":"https://github.com/advisories/GHSA-92xj-mqp7-vmcj","reference_id":"GHSA-92xj-mqp7-vmcj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-92xj-mqp7-vmcj"},{"reference_url":"https://github.com/advisories/GHSA-wxgw-qj99-44c2","reference_id":"GHSA-wxgw-qj99-44c2","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wxgw-qj99-44c2"},{"reference_url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-wxgw-qj99-44c2","reference_id":"GHSA-wxgw-qj99-44c2","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-wxgw-qj99-44c2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5249","reference_id":"RHSA-2020:5249","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5249"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5605","reference_id":"RHSA-2020:5605","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5605"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77966?format=json","purl":"pkg:npm/node-forge@0.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8d9g-bpj3-byaq"},{"vulnerability":"VCID-bxwv-7npc-sybq"},{"vulnerability":"VCID-d93n-78t2-2yh9"},{"vulnerability":"VCID-exx8-brpk-jfh3"},{"vulnerability":"VCID-fsbk-qxz8-auc4"},{"vulnerability":"VCID-fwyq-bhrg-ubb1"},{"vulnerability":"VCID-j1xr-n7sf-37cp"},{"vulnerability":"VCID-pks8-n38c-buc1"},{"vulnerability":"VCID-ps6c-wek9-k7c5"},{"vulnerability":"VCID-sd42-1283-xudy"},{"vulnerability":"VCID-v6bk-ch7f-r3as"},{"vulnerability":"VCID-vmbx-7g36-7qbg"},{"vulnerability":"VCID-y43a-m32r-sfbb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/node-forge@0.10.0"}],"aliases":["CVE-2020-7720","GHSA-92xj-mqp7-vmcj","GHSA-wxgw-qj99-44c2","GMS-2022-68"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q55u-tkwp-t7ek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64125?format=json","vulnerability_id":"VCID-sd42-1283-xudy","summary":"node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33894.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33894.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33894","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11737","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11846","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.1184","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11806","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11724","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33894"},{"reference_url":"https://datatracker.ietf.org/doc/html/rfc2313#section-8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:04:30Z/"}],"url":"https://datatracker.ietf.org/doc/html/rfc2313#section-8"},{"reference_url":"https://github.com/digitalbazaar/forge","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge"},{"reference_url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:04:30Z/"}],"url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp"},{"reference_url":"https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:04:30Z/"}],"url":"https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33894","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33894"},{"reference_url":"https://www.rfc-editor.org/rfc/rfc8017.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:04:30Z/"}],"url":"https://www.rfc-editor.org/rfc/rfc8017.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452464","reference_id":"2452464","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452464"},{"reference_url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765","reference_id":"GHSA-cfm4-qjh2-4765","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765"},{"reference_url":"https://github.com/advisories/GHSA-ppp5-5v6c-4jwp","reference_id":"GHSA-ppp5-5v6c-4jwp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ppp5-5v6c-4jwp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13826","reference_id":"RHSA-2026:13826","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13826"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19375","reference_id":"RHSA-2026:19375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21017","reference_id":"RHSA-2026:21017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22465","reference_id":"RHSA-2026:22465","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22465"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22629","reference_id":"RHSA-2026:22629","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22629"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22840","reference_id":"RHSA-2026:22840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:23361","reference_id":"RHSA-2026:23361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:23361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9742","reference_id":"RHSA-2026:9742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9742"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/112594?format=json","purl":"pkg:npm/node-forge@1.4.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/node-forge@1.4.0"}],"aliases":["CVE-2026-33894","GHSA-ppp5-5v6c-4jwp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sd42-1283-xudy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64124?format=json","vulnerability_id":"VCID-v6bk-ch7f-r3as","summary":"node-forge: Forge: Authentication bypass via forged Ed25519 cryptographic signatures","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33895.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33895.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33895","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13255","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1334","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13345","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13302","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13223","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33895"},{"reference_url":"https://datatracker.ietf.org/doc/html/rfc8032#section-8.4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:39:49Z/"}],"url":"https://datatracker.ietf.org/doc/html/rfc8032#section-8.4"},{"reference_url":"https://github.com/digitalbazaar/forge","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge"},{"reference_url":"https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:39:49Z/"}],"url":"https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85"},{"reference_url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:39:49Z/"}],"url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-35961","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-35961"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25793","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25793"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33895","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33895"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452457","reference_id":"2452457","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452457"},{"reference_url":"https://github.com/advisories/GHSA-q67f-28xg-22rw","reference_id":"GHSA-q67f-28xg-22rw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q67f-28xg-22rw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13826","reference_id":"RHSA-2026:13826","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13826"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9742","reference_id":"RHSA-2026:9742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9742"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/112594?format=json","purl":"pkg:npm/node-forge@1.4.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/node-forge@1.4.0"}],"aliases":["CVE-2026-33895","GHSA-q67f-28xg-22rw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v6bk-ch7f-r3as"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42745?format=json","vulnerability_id":"VCID-vmbx-7g36-7qbg","summary":"Improper Verification of Cryptographic Signature\nForge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not properly check `DigestInfo` for a proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24773.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24773.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24773","reference_id":"","reference_type":"","scores":[{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32358","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32336","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32365","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32404","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32435","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32364","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24773"},{"reference_url":"https://github.com/digitalbazaar/forge","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge"},{"reference_url":"https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1"},{"reference_url":"https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2067461","reference_id":"2067461","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2067461"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24773","reference_id":"CVE-2022-24773","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24773"},{"reference_url":"https://github.com/advisories/GHSA-2r2c-g63r-vccr","reference_id":"GHSA-2r2c-g63r-vccr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2r2c-g63r-vccr"},{"reference_url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-2r2c-g63r-vccr","reference_id":"GHSA-2r2c-g63r-vccr","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-2r2c-g63r-vccr"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1739","reference_id":"RHSA-2022:1739","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1739"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6156","reference_id":"RHSA-2022:6156","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6156"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6835","reference_id":"RHSA-2022:6835","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6835"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61038?format=json","purl":"pkg:npm/node-forge@1.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8d9g-bpj3-byaq"},{"vulnerability":"VCID-d93n-78t2-2yh9"},{"vulnerability":"VCID-exx8-brpk-jfh3"},{"vulnerability":"VCID-fwyq-bhrg-ubb1"},{"vulnerability":"VCID-pks8-n38c-buc1"},{"vulnerability":"VCID-sd42-1283-xudy"},{"vulnerability":"VCID-v6bk-ch7f-r3as"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/node-forge@1.3.0"}],"aliases":["CVE-2022-24773","GHSA-2r2c-g63r-vccr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vmbx-7g36-7qbg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42008?format=json","vulnerability_id":"VCID-y43a-m32r-sfbb","summary":"Prototype Pollution in node-forge debug API.\n### Impact\nThe `forge.debug` API had a potential prototype pollution issue if called with untrusted input. The API was only used for internal debug purposes in a safe way and never documented or advertised.  It is suspected that uses of this API, if any exist, would likely not have used untrusted inputs in a vulnerable way.\n\n### Patches\nThe `forge.debug` API and related functions were removed in 1.0.0.\n\n### Workarounds\nDon't use the `forge.debug` API directly or indirectly with untrusted input.\n\n### References\n- https://www.huntr.dev/bounties/1-npm-node-forge/\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [forge](https://github.com/digitalbazaar/forge).\n* Email us at support@digitalbazaar.com.","references":[{"reference_url":"https://github.com/digitalbazaar/forge","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge"},{"reference_url":"https://github.com/advisories/GHSA-5rrq-pxf6-6jx5","reference_id":"GHSA-5rrq-pxf6-6jx5","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5rrq-pxf6-6jx5"},{"reference_url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5rrq-pxf6-6jx5","reference_id":"GHSA-5rrq-pxf6-6jx5","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5rrq-pxf6-6jx5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60074?format=json","purl":"pkg:npm/node-forge@1.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8d9g-bpj3-byaq"},{"vulnerability":"VCID-d93n-78t2-2yh9"},{"vulnerability":"VCID-exx8-brpk-jfh3"},{"vulnerability":"VCID-fsbk-qxz8-auc4"},{"vulnerability":"VCID-fwyq-bhrg-ubb1"},{"vulnerability":"VCID-j1xr-n7sf-37cp"},{"vulnerability":"VCID-pks8-n38c-buc1"},{"vulnerability":"VCID-sd42-1283-xudy"},{"vulnerability":"VCID-v6bk-ch7f-r3as"},{"vulnerability":"VCID-vmbx-7g36-7qbg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/node-forge@1.0.0"}],"aliases":["GHSA-5rrq-pxf6-6jx5","GMS-2022-66"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y43a-m32r-sfbb"}],"fixing_vulnerabilities":[],"risk_score":"4.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/node-forge@0.7.6"}