Package impact
npm / jsrsasign
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-4601 | critical | 9.1 | 9.1 | 2mo ago | jsrsasign: Missing cryptographic validation during DSA signing enables private key extraction | |||
| CVE-2026-4600 | critical | 9.1 | 9.1 | 2mo ago | jsrsasign: DSA signatures or X.509 certificates can be forged via DSA domain-parameter validation in KJUR.crypto.DSA.setPublic |