pkg:npm/node-forge

All known vulnerabilities

• CRITICAL9.8CVE-2020-7720Prototype Pollution in node-forge
  from 0, < 0.10.0
• HIGH8.6CVE-2025-12816node-forge has an Interpretation Conflict vulnerability via its ASN.1 Validator Desynchronization
  from 0, < 1.3.2
• HIGH7.5CVE-2026-33895Forge has signature forgery in Ed25519 due to missing S > L check
  from 0, < 1.4.0
• HIGH7.5CVE-2026-33894Forge has signature forgery in RSA-PKCS due to ASN.1 extra field
  from 0, < 1.4.0
• HIGH7.5CVE-2026-33891Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input
  from 0, < 1.4.0
• HIGH7.5CVE-2025-66031node-forge has ASN.1 Unbounded Recursion
  from 0, < 1.3.2
• HIGH7.5CVE-2022-24772Improper Verification of Cryptographic Signature in node-forge
  from 0, < 1.3.0
• HIGH7.5CVE-2022-24771Improper Verification of Cryptographic Signature in node-forge
  from 0, < 1.3.0
• HIGH7.4CVE-2026-33896Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)
  from 0, < 1.4.0
• MEDIUM6.1CVE-2022-0122Open Redirect in node-forge
  from 0, < 1.0.0
• MEDIUM5.3CVE-2025-66030node-forge is vulnerable to ASN.1 OID Integer Truncation
  from 0, < 1.3.2
• MEDIUM5.3CVE-2022-24773Improper Verification of Cryptographic Signature in `node-forge`
  from 0, < 1.3.0