VulnerableCode Package Details - pkg:npm/node-forge@1.3.3

Search for packages

Vulnerability	Summary	Fixed by
VCID-6vg2-h2n1-1ubp Aliases: CVE-2026-33895 GHSA-q67f-28xg-22rw	Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order (`S >= L`). A valid signature and its `S + L` variant both verify in forge, while Node.js `crypto.verify` (OpenSSL-backed) rejects the `S + L` variant, as defined by the specification. This class of signature malleability has been exploited in practice to bypass authentication and authorization logic (see CVE-2026-25793, CVE-2022-35961). Applications relying on signature uniqueness (i.e., dedup by signature bytes, replay tracking, signed-object canonicalization checks) may be bypassed. Version 1.4.0 patches the issue.	1.4.0 Affected by 0 other vulnerabilities.
VCID-jzq5-zkxm-kka3 Aliases: CVE-2026-33896 GHSA-2328-f5f3-gj25	Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, `pki.verifyCertificateChain()` does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the `basicConstraints` and `keyUsage` extensions. This allows any leaf certificate (without these extensions) to act as a CA and sign other certificates, which node-forge will accept as valid. Version 1.4.0 patches the issue.	1.4.0 Affected by 0 other vulnerabilities.
VCID-pc81-tj49-j3fs Aliases: CVE-2026-33894 GHSA-ppp5-5v6c-4jwp	Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can forge signatures by stuffing “garbage” bytes within the ASN structure in order to construct a signature that passes verification, enabling Bleichenbacher style forgery. This issue is similar to CVE-2022-24771, but adds bytes in an addition field within the ASN structure, rather than outside of it. Additionally, forge does not validate that signatures include a minimum of 8 bytes of padding as defined by the specification, providing attackers additional space to construct Bleichenbacher forgeries. Version 1.4.0 patches the issue.	1.4.0 Affected by 0 other vulnerabilities.
VCID-z7tw-mtdc-wfd3 Aliases: CVE-2026-33891 GHSA-5m6q-g25r-mvwx	Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service (DoS) vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse() function (inherited from the bundled jsbn library). When modInverse() is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachable exit condition, causing the process to hang indefinitely and consume 100% CPU. Version 1.4.0 patches the issue.	1.4.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-6vg2-h2n1-1ubp
Aliases:
CVE-2026-33895
GHSA-q67f-28xg-22rw

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order (`S >= L`). A valid signature and its `S + L` variant both verify in forge, while Node.js `crypto.verify` (OpenSSL-backed) rejects the `S + L` variant, as defined by the specification. This class of signature malleability has been exploited in practice to bypass authentication and authorization logic (see CVE-2026-25793, CVE-2022-35961). Applications relying on signature uniqueness (i.e., dedup by signature bytes, replay tracking, signed-object canonicalization checks) may be bypassed. Version 1.4.0 patches the issue.

1.4.0
Affected by 0 other vulnerabilities.

VCID-jzq5-zkxm-kka3
Aliases:
CVE-2026-33896
GHSA-2328-f5f3-gj25

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, `pki.verifyCertificateChain()` does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the `basicConstraints` and `keyUsage` extensions. This allows any leaf certificate (without these extensions) to act as a CA and sign other certificates, which node-forge will accept as valid. Version 1.4.0 patches the issue.

1.4.0
Affected by 0 other vulnerabilities.

VCID-pc81-tj49-j3fs
Aliases:
CVE-2026-33894
GHSA-ppp5-5v6c-4jwp

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can forge signatures by stuffing “garbage” bytes within the ASN structure in order to construct a signature that passes verification, enabling Bleichenbacher style forgery. This issue is similar to CVE-2022-24771, but adds bytes in an addition field within the ASN structure, rather than outside of it. Additionally, forge does not validate that signatures include a minimum of 8 bytes of padding as defined by the specification, providing attackers additional space to construct Bleichenbacher forgeries. Version 1.4.0 patches the issue.

1.4.0
Affected by 0 other vulnerabilities.

VCID-z7tw-mtdc-wfd3
Aliases:
CVE-2026-33891
GHSA-5m6q-g25r-mvwx

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service (DoS) vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse() function (inherited from the bundled jsbn library). When modInverse() is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachable exit condition, causing the process to hang indefinitely and consume 100% CPU. Version 1.4.0 patches the issue.

1.4.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-13T06:28:23.426644+00:00	GHSA Importer	Affected by	VCID-jzq5-zkxm-kka3	https://github.com/advisories/GHSA-2328-f5f3-gj25	38.6.0
2026-06-12T21:39:16.576385+00:00	GitLab Importer	Affected by	VCID-jzq5-zkxm-kka3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/node-forge/CVE-2026-33896.yml	38.6.0
2026-06-12T21:38:27.237962+00:00	GitLab Importer	Affected by	VCID-pc81-tj49-j3fs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/node-forge/CVE-2026-33894.yml	38.6.0
2026-06-12T21:38:09.490545+00:00	GitLab Importer	Affected by	VCID-z7tw-mtdc-wfd3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/node-forge/CVE-2026-33891.yml	38.6.0
2026-06-12T21:37:31.964845+00:00	GitLab Importer	Affected by	VCID-6vg2-h2n1-1ubp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/node-forge/CVE-2026-33895.yml	38.6.0