{"url":"http://public2.vulnerablecode.io/api/packages/437923?format=json","purl":"pkg:npm/node-forge@0.2.12","type":"npm","namespace":"","name":"node-forge","version":"0.2.12","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.4.0","latest_non_vulnerable_version":"1.4.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21666?format=json","vulnerability_id":"VCID-4nyb-qw4e-rba7","summary":"node-forge has ASN.1 Unbounded Recursion\nAn Uncontrolled Recursion (CWE-674) vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66031.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66031.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66031","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17898","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66031"},{"reference_url":"https://github.com/digitalbazaar/forge","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge"},{"reference_url":"https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-28T18:26:11Z/"}],"url":"https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2417397","reference_id":"2417397","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2417397"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66031","reference_id":"CVE-2025-66031","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66031"},{"reference_url":"https://github.com/advisories/GHSA-554w-wpv2-vw27","reference_id":"GHSA-554w-wpv2-vw27","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-554w-wpv2-vw27"},{"reference_url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27","reference_id":"GHSA-554w-wpv2-vw27","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-28T18:26:11Z/"}],"url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22861","reference_id":"RHSA-2025:22861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22936","reference_id":"RHSA-2025:22936","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22936"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22937","reference_id":"RHSA-2025:22937","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22937"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22938","reference_id":"RHSA-2025:22938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22941","reference_id":"RHSA-2025:22941","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22941"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0261","reference_id":"RHSA-2026:0261","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0261"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0414","reference_id":"RHSA-2026:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0518","reference_id":"RHSA-2026:0518","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0518"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1248","reference_id":"RHSA-2026:1248","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1248"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1517","reference_id":"RHSA-2026:1517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1596","reference_id":"RHSA-2026:1596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1730","reference_id":"RHSA-2026:1730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19712","reference_id":"RHSA-2026:19712","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19712"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20041","reference_id":"RHSA-2026:20041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2350","reference_id":"RHSA-2026:2350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2456","reference_id":"RHSA-2026:2456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2568","reference_id":"RHSA-2026:2568","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2568"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2737","reference_id":"RHSA-2026:2737","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2737"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2754","reference_id":"RHSA-2026:2754","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2754"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2762","reference_id":"RHSA-2026:2762","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2762"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2900","reference_id":"RHSA-2026:2900","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2900"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3710","reference_id":"RHSA-2026:3710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3712","reference_id":"RHSA-2026:3712","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3712"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3713","reference_id":"RHSA-2026:3713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3874","reference_id":"RHSA-2026:3874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5807","reference_id":"RHSA-2026:5807","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5807"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71246?format=json","purl":"pkg:npm/node-forge@1.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-78jp-a3yj-dfdf"},{"vulnerability":"VCID-r1pq-dpfp-hybw"},{"vulnerability":"VCID-u12d-cefq-9bbp"},{"vulnerability":"VCID-w3v3-d3vx-4uhw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/node-forge@1.3.2"}],"aliases":["CVE-2025-66031","GHSA-554w-wpv2-vw27"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4nyb-qw4e-rba7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15350?format=json","vulnerability_id":"VCID-6rq7-xkhj-87ag","summary":"Improper Verification of Cryptographic Signature\nForge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24771.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24771.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24771","reference_id":"","reference_type":"","scores":[{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39304","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24771"},{"reference_url":"https://github.com/digitalbazaar/forge","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge"},{"reference_url":"https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:40Z/"}],"url":"https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1"},{"reference_url":"https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2067387","reference_id":"2067387","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2067387"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24771","reference_id":"CVE-2022-24771","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24771"},{"reference_url":"https://github.com/advisories/GHSA-cfm4-qjh2-4765","reference_id":"GHSA-cfm4-qjh2-4765","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cfm4-qjh2-4765"},{"reference_url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765","reference_id":"GHSA-cfm4-qjh2-4765","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:40Z/"}],"url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1739","reference_id":"RHSA-2022:1739","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1739"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6156","reference_id":"RHSA-2022:6156","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6156"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6835","reference_id":"RHSA-2022:6835","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6835"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60007?format=json","purl":"pkg:npm/node-forge@1.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nyb-qw4e-rba7"},{"vulnerability":"VCID-78jp-a3yj-dfdf"},{"vulnerability":"VCID-r1pq-dpfp-hybw"},{"vulnerability":"VCID-snxz-wbnc-dqbv"},{"vulnerability":"VCID-u12d-cefq-9bbp"},{"vulnerability":"VCID-w3v3-d3vx-4uhw"},{"vulnerability":"VCID-wkq2-vdkh-y3bd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/node-forge@1.3.0"}],"aliases":["CVE-2022-24771","GHSA-cfm4-qjh2-4765"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6rq7-xkhj-87ag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/329184?format=json","vulnerability_id":"VCID-78jp-a3yj-dfdf","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33891.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33891.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33891","reference_id":"","reference_type":"","scores":[{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23078","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33891"},{"reference_url":"https://github.com/digitalbazaar/forge","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge"},{"reference_url":"https://github.com/digitalbazaar/forge/commit/9bb8d67b99d17e4ebb5fd7596cd699e11f25d023","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-30T15:38:00Z/"}],"url":"https://github.com/digitalbazaar/forge/commit/9bb8d67b99d17e4ebb5fd7596cd699e11f25d023"},{"reference_url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-30T15:38:00Z/"}],"url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33891","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33891"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452450","reference_id":"2452450","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452450"},{"reference_url":"https://github.com/advisories/GHSA-5m6q-g25r-mvwx","reference_id":"GHSA-5m6q-g25r-mvwx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5m6q-g25r-mvwx"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13826","reference_id":"RHSA-2026:13826","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13826"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9742","reference_id":"RHSA-2026:9742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9742"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/189598?format=json","purl":"pkg:npm/node-forge@1.4.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/node-forge@1.4.0"}],"aliases":["CVE-2026-33891","GHSA-5m6q-g25r-mvwx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-78jp-a3yj-dfdf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15354?format=json","vulnerability_id":"VCID-7bue-77db-nkf9","summary":"Improper Verification of Cryptographic Signature\nForge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a `DigestInfo` ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24772.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24772.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24772","reference_id":"","reference_type":"","scores":[{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34405","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24772"},{"reference_url":"https://github.com/digitalbazaar/forge","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge"},{"reference_url":"https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1"},{"reference_url":"https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2067458","reference_id":"2067458","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2067458"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24772","reference_id":"CVE-2022-24772","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24772"},{"reference_url":"https://github.com/advisories/GHSA-x4jg-mjrx-434g","reference_id":"GHSA-x4jg-mjrx-434g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x4jg-mjrx-434g"},{"reference_url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g","reference_id":"GHSA-x4jg-mjrx-434g","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1739","reference_id":"RHSA-2022:1739","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1739"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6156","reference_id":"RHSA-2022:6156","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6156"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6835","reference_id":"RHSA-2022:6835","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6835"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60007?format=json","purl":"pkg:npm/node-forge@1.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nyb-qw4e-rba7"},{"vulnerability":"VCID-78jp-a3yj-dfdf"},{"vulnerability":"VCID-r1pq-dpfp-hybw"},{"vulnerability":"VCID-snxz-wbnc-dqbv"},{"vulnerability":"VCID-u12d-cefq-9bbp"},{"vulnerability":"VCID-w3v3-d3vx-4uhw"},{"vulnerability":"VCID-wkq2-vdkh-y3bd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/node-forge@1.3.0"}],"aliases":["CVE-2022-24772","GHSA-x4jg-mjrx-434g"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7bue-77db-nkf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14580?format=json","vulnerability_id":"VCID-brez-48e1-93ca","summary":"URL Redirection to Untrusted Site ('Open Redirect')\nforge is vulnerable to URL Redirection to Untrusted Site","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0122","reference_id":"","reference_type":"","scores":[{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.5483","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0122"},{"reference_url":"https://github.com/digitalbazaar/forge","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge"},{"reference_url":"https://github.com/digitalbazaar/forge/commit/db8016c805371e72b06d8e2edfe0ace0df934a5e","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/commit/db8016c805371e72b06d8e2edfe0ace0df934a5e"},{"reference_url":"https://huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0122","reference_id":"CVE-2022-0122","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0122"},{"reference_url":"https://github.com/advisories/GHSA-8fr3-hfg3-gpgp","reference_id":"GHSA-8fr3-hfg3-gpgp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8fr3-hfg3-gpgp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59053?format=json","purl":"pkg:npm/node-forge@1.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nyb-qw4e-rba7"},{"vulnerability":"VCID-6rq7-xkhj-87ag"},{"vulnerability":"VCID-78jp-a3yj-dfdf"},{"vulnerability":"VCID-7bue-77db-nkf9"},{"vulnerability":"VCID-pfhn-ftud-x7hq"},{"vulnerability":"VCID-r1pq-dpfp-hybw"},{"vulnerability":"VCID-snxz-wbnc-dqbv"},{"vulnerability":"VCID-u12d-cefq-9bbp"},{"vulnerability":"VCID-w3v3-d3vx-4uhw"},{"vulnerability":"VCID-wkq2-vdkh-y3bd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/node-forge@1.0.0"}],"aliases":["CVE-2022-0122","GHSA-8fr3-hfg3-gpgp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-brez-48e1-93ca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14622?format=json","vulnerability_id":"VCID-ep5p-d99x-jkcy","summary":"URL parsing in node-forge could lead to undesired behavior.\n### Impact\nThe regex used for the `forge.util.parseUrl` API would not properly parse certain inputs resulting in a parsed data structure that could lead to undesired behavior.\n\n### Patches\n`forge.util.parseUrl` and other very old related URL APIs were removed in 1.0.0 in favor of letting applications use the more modern WHATWG URL Standard API.\n\n### Workarounds\nEnsure code does not directly or indirectly call `forge.util.parseUrl` with untrusted input.\n\n### References\n- https://www.huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae/\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [forge](https://github.com/digitalbazaar/forge)\n* Email us at support@digitalbazaar.com","references":[{"reference_url":"https://github.com/digitalbazaar/forge","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge"},{"reference_url":"https://www.huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0122","reference_id":"CVE-2022-0122","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0122"},{"reference_url":"https://github.com/advisories/GHSA-gf8q-jrpm-jvxq","reference_id":"GHSA-gf8q-jrpm-jvxq","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gf8q-jrpm-jvxq"},{"reference_url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-gf8q-jrpm-jvxq","reference_id":"GHSA-gf8q-jrpm-jvxq","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-gf8q-jrpm-jvxq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59053?format=json","purl":"pkg:npm/node-forge@1.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nyb-qw4e-rba7"},{"vulnerability":"VCID-6rq7-xkhj-87ag"},{"vulnerability":"VCID-78jp-a3yj-dfdf"},{"vulnerability":"VCID-7bue-77db-nkf9"},{"vulnerability":"VCID-pfhn-ftud-x7hq"},{"vulnerability":"VCID-r1pq-dpfp-hybw"},{"vulnerability":"VCID-snxz-wbnc-dqbv"},{"vulnerability":"VCID-u12d-cefq-9bbp"},{"vulnerability":"VCID-w3v3-d3vx-4uhw"},{"vulnerability":"VCID-wkq2-vdkh-y3bd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/node-forge@1.0.0"}],"aliases":["GHSA-gf8q-jrpm-jvxq","GMS-2022-67"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ep5p-d99x-jkcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14619?format=json","vulnerability_id":"VCID-hd86-jyf4-1qeu","summary":"Prototype Pollution in node-forge debug API.\n### Impact\nThe `forge.debug` API had a potential prototype pollution issue if called with untrusted input. The API was only used for internal debug purposes in a safe way and never documented or advertised.  It is suspected that uses of this API, if any exist, would likely not have used untrusted inputs in a vulnerable way.\n\n### Patches\nThe `forge.debug` API and related functions were removed in 1.0.0.\n\n### Workarounds\nDon't use the `forge.debug` API directly or indirectly with untrusted input.\n\n### References\n- https://www.huntr.dev/bounties/1-npm-node-forge/\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [forge](https://github.com/digitalbazaar/forge).\n* Email us at support@digitalbazaar.com.","references":[{"reference_url":"https://github.com/digitalbazaar/forge","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge"},{"reference_url":"https://github.com/advisories/GHSA-5rrq-pxf6-6jx5","reference_id":"GHSA-5rrq-pxf6-6jx5","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5rrq-pxf6-6jx5"},{"reference_url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5rrq-pxf6-6jx5","reference_id":"GHSA-5rrq-pxf6-6jx5","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5rrq-pxf6-6jx5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59053?format=json","purl":"pkg:npm/node-forge@1.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nyb-qw4e-rba7"},{"vulnerability":"VCID-6rq7-xkhj-87ag"},{"vulnerability":"VCID-78jp-a3yj-dfdf"},{"vulnerability":"VCID-7bue-77db-nkf9"},{"vulnerability":"VCID-pfhn-ftud-x7hq"},{"vulnerability":"VCID-r1pq-dpfp-hybw"},{"vulnerability":"VCID-snxz-wbnc-dqbv"},{"vulnerability":"VCID-u12d-cefq-9bbp"},{"vulnerability":"VCID-w3v3-d3vx-4uhw"},{"vulnerability":"VCID-wkq2-vdkh-y3bd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/node-forge@1.0.0"}],"aliases":["GHSA-5rrq-pxf6-6jx5","GMS-2022-66"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hd86-jyf4-1qeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15351?format=json","vulnerability_id":"VCID-pfhn-ftud-x7hq","summary":"Improper Verification of Cryptographic Signature\nForge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not properly check `DigestInfo` for a proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24773.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24773.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24773","reference_id":"","reference_type":"","scores":[{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32492","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24773"},{"reference_url":"https://github.com/digitalbazaar/forge","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge"},{"reference_url":"https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1"},{"reference_url":"https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2067461","reference_id":"2067461","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2067461"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24773","reference_id":"CVE-2022-24773","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24773"},{"reference_url":"https://github.com/advisories/GHSA-2r2c-g63r-vccr","reference_id":"GHSA-2r2c-g63r-vccr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2r2c-g63r-vccr"},{"reference_url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-2r2c-g63r-vccr","reference_id":"GHSA-2r2c-g63r-vccr","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-2r2c-g63r-vccr"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1739","reference_id":"RHSA-2022:1739","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1739"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6156","reference_id":"RHSA-2022:6156","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6156"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6835","reference_id":"RHSA-2022:6835","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6835"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60007?format=json","purl":"pkg:npm/node-forge@1.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nyb-qw4e-rba7"},{"vulnerability":"VCID-78jp-a3yj-dfdf"},{"vulnerability":"VCID-r1pq-dpfp-hybw"},{"vulnerability":"VCID-snxz-wbnc-dqbv"},{"vulnerability":"VCID-u12d-cefq-9bbp"},{"vulnerability":"VCID-w3v3-d3vx-4uhw"},{"vulnerability":"VCID-wkq2-vdkh-y3bd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/node-forge@1.3.0"}],"aliases":["CVE-2022-24773","GHSA-2r2c-g63r-vccr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pfhn-ftud-x7hq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/329187?format=json","vulnerability_id":"VCID-r1pq-dpfp-hybw","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33894.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33894.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33894","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14085","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33894"},{"reference_url":"https://datatracker.ietf.org/doc/html/rfc2313#section-8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:04:30Z/"}],"url":"https://datatracker.ietf.org/doc/html/rfc2313#section-8"},{"reference_url":"https://github.com/digitalbazaar/forge","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge"},{"reference_url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:04:30Z/"}],"url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp"},{"reference_url":"https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:04:30Z/"}],"url":"https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33894","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33894"},{"reference_url":"https://www.rfc-editor.org/rfc/rfc8017.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:04:30Z/"}],"url":"https://www.rfc-editor.org/rfc/rfc8017.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452464","reference_id":"2452464","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452464"},{"reference_url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765","reference_id":"GHSA-cfm4-qjh2-4765","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765"},{"reference_url":"https://github.com/advisories/GHSA-ppp5-5v6c-4jwp","reference_id":"GHSA-ppp5-5v6c-4jwp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ppp5-5v6c-4jwp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13826","reference_id":"RHSA-2026:13826","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13826"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19375","reference_id":"RHSA-2026:19375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21017","reference_id":"RHSA-2026:21017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9742","reference_id":"RHSA-2026:9742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9742"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/189598?format=json","purl":"pkg:npm/node-forge@1.4.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/node-forge@1.4.0"}],"aliases":["CVE-2026-33894","GHSA-ppp5-5v6c-4jwp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r1pq-dpfp-hybw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21563?format=json","vulnerability_id":"VCID-snxz-wbnc-dqbv","summary":"node-forge has an Interpretation Conflict vulnerability via its ASN.1 Validator Desynchronization\nCVE-2025-12816 has been reserved by CERT/CC\n\n**Description**\nAn Interpretation Conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12816.json","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12816.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12816","reference_id":"","reference_type":"","scores":[{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.2184","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12816"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/digitalbazaar/forge","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-25T20:21:37Z/"}],"url":"https://github.com/digitalbazaar/forge"},{"reference_url":"https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/asn1.js#L1153","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/asn1.js#L1153"},{"reference_url":"https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/ed25519.js#L81","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/ed25519.js#L81"},{"reference_url":"https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/pbe.js#L363","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/pbe.js#L363"},{"reference_url":"https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/pkcs12.js#L328","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/pkcs12.js#L328"},{"reference_url":"https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/pkcs7.js#L90","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/pkcs7.js#L90"},{"reference_url":"https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/rsa.js#L1167","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/rsa.js#L1167"},{"reference_url":"https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/x509.js#L667","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/x509.js#L667"},{"reference_url":"https://github.com/digitalbazaar/forge/pull/1124","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-25T20:21:37Z/"}],"url":"https://github.com/digitalbazaar/forge/pull/1124"},{"reference_url":"https://kb.cert.org/vuls/id/521113","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-25T20:21:37Z/"}],"url":"https://kb.cert.org/vuls/id/521113"},{"reference_url":"https://www.kb.cert.org/vuls/id/521113","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.kb.cert.org/vuls/id/521113"},{"reference_url":"https://www.npmjs.com/package/node-forge","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-25T20:21:37Z/"}],"url":"https://www.npmjs.com/package/node-forge"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2417097","reference_id":"2417097","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2417097"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12816","reference_id":"CVE-2025-12816","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12816"},{"reference_url":"https://github.com/advisories/GHSA-5gfm-wpxj-wjgq","reference_id":"GHSA-5gfm-wpxj-wjgq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5gfm-wpxj-wjgq"},{"reference_url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq","reference_id":"GHSA-5gfm-wpxj-wjgq","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-25T20:21:37Z/"}],"url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22936","reference_id":"RHSA-2025:22936","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22936"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22937","reference_id":"RHSA-2025:22937","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22937"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22938","reference_id":"RHSA-2025:22938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22941","reference_id":"RHSA-2025:22941","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22941"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0261","reference_id":"RHSA-2026:0261","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0261"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0414","reference_id":"RHSA-2026:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0518","reference_id":"RHSA-2026:0518","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0518"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1248","reference_id":"RHSA-2026:1248","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1248"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1517","reference_id":"RHSA-2026:1517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1730","reference_id":"RHSA-2026:1730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1942","reference_id":"RHSA-2026:1942","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1942"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19712","reference_id":"RHSA-2026:19712","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19712"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20041","reference_id":"RHSA-2026:20041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2106","reference_id":"RHSA-2026:2106","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2256","reference_id":"RHSA-2026:2256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2350","reference_id":"RHSA-2026:2350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2456","reference_id":"RHSA-2026:2456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2500","reference_id":"RHSA-2026:2500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2568","reference_id":"RHSA-2026:2568","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2568"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2695","reference_id":"RHSA-2026:2695","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2695"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2737","reference_id":"RHSA-2026:2737","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2737"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2754","reference_id":"RHSA-2026:2754","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2754"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2762","reference_id":"RHSA-2026:2762","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2762"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2900","reference_id":"RHSA-2026:2900","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2900"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3710","reference_id":"RHSA-2026:3710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3712","reference_id":"RHSA-2026:3712","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3712"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3713","reference_id":"RHSA-2026:3713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3825","reference_id":"RHSA-2026:3825","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3825"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3869","reference_id":"RHSA-2026:3869","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3869"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3874","reference_id":"RHSA-2026:3874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4185","reference_id":"RHSA-2026:4185","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4185"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4215","reference_id":"RHSA-2026:4215","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4215"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5807","reference_id":"RHSA-2026:5807","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5807"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71246?format=json","purl":"pkg:npm/node-forge@1.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-78jp-a3yj-dfdf"},{"vulnerability":"VCID-r1pq-dpfp-hybw"},{"vulnerability":"VCID-u12d-cefq-9bbp"},{"vulnerability":"VCID-w3v3-d3vx-4uhw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/node-forge@1.3.2"}],"aliases":["CVE-2025-12816","GHSA-5gfm-wpxj-wjgq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-snxz-wbnc-dqbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/329188?format=json","vulnerability_id":"VCID-u12d-cefq-9bbp","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33895.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33895.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33895","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12512","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33895"},{"reference_url":"https://datatracker.ietf.org/doc/html/rfc8032#section-8.4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:39:49Z/"}],"url":"https://datatracker.ietf.org/doc/html/rfc8032#section-8.4"},{"reference_url":"https://github.com/digitalbazaar/forge","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge"},{"reference_url":"https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:39:49Z/"}],"url":"https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85"},{"reference_url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:39:49Z/"}],"url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25793","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25793"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33895","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33895"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452457","reference_id":"2452457","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452457"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-35961","reference_id":"CVE-2022-35961","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-35961"},{"reference_url":"https://github.com/advisories/GHSA-q67f-28xg-22rw","reference_id":"GHSA-q67f-28xg-22rw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q67f-28xg-22rw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13826","reference_id":"RHSA-2026:13826","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13826"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9742","reference_id":"RHSA-2026:9742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9742"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/189598?format=json","purl":"pkg:npm/node-forge@1.4.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/node-forge@1.4.0"}],"aliases":["CVE-2026-33895","GHSA-q67f-28xg-22rw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u12d-cefq-9bbp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/329189?format=json","vulnerability_id":"VCID-w3v3-d3vx-4uhw","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33896.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33896.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33896","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10178","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33896"},{"reference_url":"https://github.com/digitalbazaar/forge","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge"},{"reference_url":"https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-30T18:53:46Z/"}],"url":"https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90"},{"reference_url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-30T18:53:46Z/"}],"url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33896","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33896"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452458","reference_id":"2452458","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452458"},{"reference_url":"https://github.com/advisories/GHSA-2328-f5f3-gj25","reference_id":"GHSA-2328-f5f3-gj25","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2328-f5f3-gj25"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13826","reference_id":"RHSA-2026:13826","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13826"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9742","reference_id":"RHSA-2026:9742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9742"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/189598?format=json","purl":"pkg:npm/node-forge@1.4.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/node-forge@1.4.0"}],"aliases":["CVE-2026-33896","GHSA-2328-f5f3-gj25"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w3v3-d3vx-4uhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21667?format=json","vulnerability_id":"VCID-wkq2-vdkh-y3bd","summary":"node-forge is vulnerable to ASN.1 OID Integer Truncation\n**MITRE-Formatted CVE Description**\nAn Integer Overflow (CWE-190) vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66030.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66030.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66030","reference_id":"","reference_type":"","scores":[{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22416","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66030"},{"reference_url":"https://github.com/digitalbazaar/forge","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge"},{"reference_url":"https://github.com/digitalbazaar/forge/commit/3e0c35ace169cfca529a3e547a7848dc7bf57fdb","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-28T18:24:09Z/"}],"url":"https://github.com/digitalbazaar/forge/commit/3e0c35ace169cfca529a3e547a7848dc7bf57fdb"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2417384","reference_id":"2417384","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2417384"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66030","reference_id":"CVE-2025-66030","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66030"},{"reference_url":"https://github.com/advisories/GHSA-65ch-62r8-g69g","reference_id":"GHSA-65ch-62r8-g69g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-65ch-62r8-g69g"},{"reference_url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-65ch-62r8-g69g","reference_id":"GHSA-65ch-62r8-g69g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-28T18:24:09Z/"}],"url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-65ch-62r8-g69g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71246?format=json","purl":"pkg:npm/node-forge@1.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-78jp-a3yj-dfdf"},{"vulnerability":"VCID-r1pq-dpfp-hybw"},{"vulnerability":"VCID-u12d-cefq-9bbp"},{"vulnerability":"VCID-w3v3-d3vx-4uhw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/node-forge@1.3.2"}],"aliases":["CVE-2025-66030","GHSA-65ch-62r8-g69g"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wkq2-vdkh-y3bd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14613?format=json","vulnerability_id":"VCID-yyjk-6zwu-z3hc","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7720.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7720.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7720","reference_id":"","reference_type":"","scores":[{"value":"0.02085","scoring_system":"epss","scoring_elements":"0.84283","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7720"},{"reference_url":"https://github.com/digitalbazaar/forge","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge"},{"reference_url":"https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md"},{"reference_url":"https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md#removed","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md#removed"},{"reference_url":"https://github.com/digitalbazaar/forge/commit/6a1e3ef74f6eb345bcff1b82184201d1e28b6756","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/commit/6a1e3ef74f6eb345bcff1b82184201d1e28b6756"},{"reference_url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-609293","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-609293"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1874606","reference_id":"1874606","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1874606"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969669","reference_id":"969669","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969669"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7720","reference_id":"CVE-2020-7720","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7720"},{"reference_url":"https://github.com/advisories/GHSA-92xj-mqp7-vmcj","reference_id":"GHSA-92xj-mqp7-vmcj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-92xj-mqp7-vmcj"},{"reference_url":"https://github.com/advisories/GHSA-wxgw-qj99-44c2","reference_id":"GHSA-wxgw-qj99-44c2","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wxgw-qj99-44c2"},{"reference_url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-wxgw-qj99-44c2","reference_id":"GHSA-wxgw-qj99-44c2","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/digitalbazaar/forge/security/advisories/GHSA-wxgw-qj99-44c2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5249","reference_id":"RHSA-2020:5249","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5249"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5605","reference_id":"RHSA-2020:5605","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5605"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76008?format=json","purl":"pkg:npm/node-forge@0.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nyb-qw4e-rba7"},{"vulnerability":"VCID-6rq7-xkhj-87ag"},{"vulnerability":"VCID-78jp-a3yj-dfdf"},{"vulnerability":"VCID-7bue-77db-nkf9"},{"vulnerability":"VCID-brez-48e1-93ca"},{"vulnerability":"VCID-ep5p-d99x-jkcy"},{"vulnerability":"VCID-hd86-jyf4-1qeu"},{"vulnerability":"VCID-pfhn-ftud-x7hq"},{"vulnerability":"VCID-r1pq-dpfp-hybw"},{"vulnerability":"VCID-snxz-wbnc-dqbv"},{"vulnerability":"VCID-u12d-cefq-9bbp"},{"vulnerability":"VCID-w3v3-d3vx-4uhw"},{"vulnerability":"VCID-wkq2-vdkh-y3bd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/node-forge@0.10.0"}],"aliases":["CVE-2020-7720","GHSA-92xj-mqp7-vmcj","GHSA-wxgw-qj99-44c2","GMS-2022-68"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yyjk-6zwu-z3hc"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/node-forge@0.2.12"}