OsVault/npm/node-forge
npm2 critical

node-forge

12 known vulnerabilities · 2 critical · 2 high

CVE-2026-33896CRITICAL
Risk: 88/100

Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)

Published Mar 26, 2026
CVE-2025-66031

node-forge has ASN.1 Unbounded Recursion

Published Nov 26, 2025
CVE-2022-24771HIGH

Improper Verification of Cryptographic Signature in node-forge

Published Mar 18, 2022
CVE-2026-33891

Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input

Published Mar 26, 2026
CVE-2022-24772HIGH

Improper Verification of Cryptographic Signature in node-forge

Published Mar 18, 2022
CVE-2020-7720CRITICAL

Prototype Pollution in node-forge

Published Sep 14, 2020
CVE-2025-66030

node-forge is vulnerable to ASN.1 OID Integer Truncation

Published Nov 26, 2025
CVE-2022-0122MEDIUM

Open Redirect in node-forge

Published Jan 21, 2022
CVE-2025-12816

node-forge has an Interpretation Conflict vulnerability via its ASN.1 Validator Desynchronization

Published Nov 26, 2025
CVE-2026-33894

Forge has signature forgery in RSA-PKCS due to ASN.1 extra field

Published Mar 26, 2026
CVE-2026-33895

Forge has signature forgery in Ed25519 due to missing S > L check

Published Mar 26, 2026
CVE-2022-24773MEDIUM

Improper Verification of Cryptographic Signature in `node-forge`

Published Mar 18, 2022
Check your entire dependency tree at onceRun dependency scan →