node-forge vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-33896Highnode-forge: Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)CVE-2026-33895Highnode-forge: Forge has signature forgery in Ed25519 due to missing S > L checkCVE-2026-33894Highnode-forge: Forge has signature forgery in RSA-PKCS due to ASN.1 extra field CVE-2026-33891Highnode-forge: Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero InputCVE-2025-66031Highnode-forge: node-forge has ASN.1 Unbounded RecursionCVE-2025-66030Mediumnode-forge: node-forge is vulnerable to ASN.1 OID Integer TruncationCVE-2025-12816Highnode-forge: node-forge has an Interpretation Conflict vulnerability via its ASN.1 Validator DesynchronizationCVE-2022-24773Mediumnode-forge: Improper Verification of Cryptographic Signature in `node-forge`CVE-2022-24772Highnode-forge: Improper Verification of Cryptographic Signature in node-forgeCVE-2022-24771Highnode-forge: Improper Verification of Cryptographic Signature in node-forgeCVE-2022-0122Mediumnode-forge: Open Redirect in node-forgeGHSA-5RRQ-PXF6-6JX5Lownode-forge: Prototype Pollution in node-forge debug API.GHSA-WXGW-QJ99-44C2Lownode-forge: Prototype Pollution in node-forge util.setPath APIGHSA-GF8Q-JRPM-JVXQLownode-forge: URL parsing in node-forge could lead to undesired behavior.CVE-2020-7720Highnode-forge: Prototype Pollution in node-forge

Stop the waste.
Protect your environment with Kodem.