pkg:npm/jsrsasign

All known vulnerabilities

• CRITICAL9.8CVE-2020-14967RSA PKCS#1 decryption vulnerability with prepending zeros in jsrsasign
  from 0, < 8.0.18
• CRITICAL9.8CVE-2020-14968RSA-PSS signature validation vulnerability by prepending zeros in jsrsasign
  >= 3.0.0, < 8.0.17
• CRITICAL9.1CVE-2026-4599jsrsasign: Incomplete Comparison Allows DSA Private Key Recovery via Biased Nonce Generation
  >= 7.0.0, < 11.1.1
• CRITICAL9.1CVE-2021-30246RSA signature validation vulnerability on maleable encoded message in jsrsasign
  from 0, < 10.2.0
• HIGH8.7CVE-2026-4601jsrsasign: Missing cryptographic validation during DSA signing enables private key extraction
  from 0, < 11.1.1
• HIGH8.6CVE-2022-25898JWS and JWT signature validation vulnerability with special characters
  >= 4.8.0, < 10.5.25
• HIGH7.5CVE-2026-4598jsrsasign is vulnerable to DoS through Infinite Loop when processing zero or negative inputs
  from 0, < 11.1.1
• HIGH7.5CVE-2026-4602jsrsasign: Negative Exponent Handling Leads to Signature Verification Bypass
  from 0, < 11.1.1
• HIGH7.5CVE-2024-21484Marvin Attack of RSA and RSAOAEP decryption in jsrsasign
  from 0, < 11.0.0
• HIGH7.5CVE-2020-14966ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding in jsrsasign
  >= 4.0.0, < 8.0.19
• HIGH7.4CVE-2026-4600jsrsasign: DSA signatures or X.509 certificates can be forged via DSA domain-parameter validation in KJUR.crypto.DSA.setPublic
  from 0, < 11.1.1
• MEDIUM5.9CVE-2026-4603jsrsasign: Division by Zero Allows Invalid JWK Modulus to Cause Deterministic Zero Output in RSA Operations
  from 0, < 11.1.1