Package impact
npm / jsrsasign
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-4601 | critical | 9.1 | 9.1 | 2mo ago | jsrsasign: Missing cryptographic validation during DSA signing enables private key extraction | |||
| CVE-2026-4600 | critical | 9.1 | 9.1 | 2mo ago | jsrsasign: DSA signatures or X.509 certificates can be forged via DSA domain-parameter validation in KJUR.crypto.DSA.setPublic | |||
| CVE-2026-4603 | medium | 5.3 | 5.3 | 2mo ago | jsrsasign: Division by Zero Allows Invalid JWK Modulus to Cause Deterministic Zero Output in RSA Operations |