node-forge

Releases134

Frequency1 month 4 days

Last Release 2 months ago

JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-12816 ↗	Nov 25, 2025Tuesday, 25 November 2025, 20:15	8.6 HIGH	—
An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions.