VIR Vulnerability Intelligence Relay

Package impact

npm npm / jsrsasign

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-4601 critical 9.1 9.1 2mo ago jsrsasign: Missing cryptographic validation during DSA signing enables private key extraction
CVE-2026-4600 critical 9.1 9.1 2mo ago jsrsasign: DSA signatures or X.509 certificates can be forged via DSA domain-parameter validation in KJUR.crypto.DSA.setPublic
CVE-2026-4603 medium 5.3 5.3 2mo ago jsrsasign: Division by Zero Allows Invalid JWK Modulus to Cause Deterministic Zero Output in RSA Operations
CVE-2026-4598 unknown 2mo ago jsrsasign is vulnerable to DoS through Infinite Loop when processing zero or negative inputs
CVE-2026-4599 unknown 2mo ago jsrsasign: Incomplete Comparison Allows DSA Private Key Recovery via Biased Nonce Generation
CVE-2026-4602 unknown 2mo ago jsrsasign: Negative Exponent Handling Leads to Signature Verification Bypass
CVE-2024-21484 unknown 2y ago Marvin Attack of RSA and RSAOAEP decryption in jsrsasign
CVE-2022-25898 unknown 4y ago JWS and JWT signature validation vulnerability with special characters
CVE-2021-30246 unknown 5y ago RSA signature validation vulnerability on maleable encoded message in jsrsasign
CVE-2020-14966 unknown 6y ago ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding in jsrsasign
CVE-2020-14967 unknown 6y ago RSA PKCS#1 decryption vulnerability with prepending zeros in jsrsasign
CVE-2020-14968 unknown 6y ago RSA-PSS signature validation vulnerability by prepending zeros in jsrsasign