{"url":"http://public2.vulnerablecode.io/api/packages/73518?format=json","purl":"pkg:npm/sm-crypto@0.3.14","type":"npm","namespace":"","name":"sm-crypto","version":"0.3.14","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"0.4.0","latest_non_vulnerable_version":"0.4.0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49780?format=json","vulnerability_id":"VCID-1bk8-d5bu-1uh9","summary":"sm-crypto Affected by Signature Malleability in SM2-DSA\nA signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library. An attacker can derive a new valid signature for a previously signed message from an existing signature.","references":[{"reference_url":"https://github.com/JuneAndGreen/sm-crypto","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/JuneAndGreen/sm-crypto"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23967","reference_id":"CVE-2026-23967","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23967"},{"reference_url":"https://github.com/advisories/GHSA-qv7w-v773-3xqm","reference_id":"GHSA-qv7w-v773-3xqm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qv7w-v773-3xqm"},{"reference_url":"https://github.com/JuneAndGreen/sm-crypto/security/advisories/GHSA-qv7w-v773-3xqm","reference_id":"GHSA-qv7w-v773-3xqm","reference_type":"","scores":[],"url":"https://github.com/JuneAndGreen/sm-crypto/security/advisories/GHSA-qv7w-v773-3xqm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73518?format=json","purl":"pkg:npm/sm-crypto@0.3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sm-crypto@0.3.14"}],"aliases":["CVE-2026-23967","GHSA-qv7w-v773-3xqm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1bk8-d5bu-1uh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49786?format=json","vulnerability_id":"VCID-ycz9-vn64-b7fj","summary":"sm-crypto Affected by Private Key Recovery in SM2-PKE\nA private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto. By interacting with the SM2 decryption interface multiple times, an attacker can fully recover the private key within approximately several hundred interactions.","references":[{"reference_url":"https://github.com/JuneAndGreen/sm-crypto","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/JuneAndGreen/sm-crypto"},{"reference_url":"https://github.com/JuneAndGreen/sm-crypto/commit/b1c824e58fdf1eaa73692c124a095819a8c45707","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/JuneAndGreen/sm-crypto/commit/b1c824e58fdf1eaa73692c124a095819a8c45707"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23966","reference_id":"CVE-2026-23966","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23966"},{"reference_url":"https://github.com/advisories/GHSA-pgx9-497m-6c4v","reference_id":"GHSA-pgx9-497m-6c4v","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pgx9-497m-6c4v"},{"reference_url":"https://github.com/JuneAndGreen/sm-crypto/security/advisories/GHSA-pgx9-497m-6c4v","reference_id":"GHSA-pgx9-497m-6c4v","reference_type":"","scores":[],"url":"https://github.com/JuneAndGreen/sm-crypto/security/advisories/GHSA-pgx9-497m-6c4v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73518?format=json","purl":"pkg:npm/sm-crypto@0.3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sm-crypto@0.3.14"}],"aliases":["CVE-2026-23966","GHSA-pgx9-497m-6c4v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ycz9-vn64-b7fj"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/sm-crypto@0.3.14"}