EUVD-2019-0635

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

Improper verification in OpenPGP.js allows unsigned data to appear signed by an attacker.

Reporter	Title	Published	Views	Family All 8
CVE	CVE-2019-9154	22 Aug 201915:39	–	cve
Cvelist	CVE-2019-9154	22 Aug 201915:39	–	cvelist
Github Security Blog	Improper Key Verification in openpgp	23 Aug 201921:42	–	github
Node.js	Improper Key Verification	6 Sep 201920:20	–	nodejs
NVD	CVE-2019-9154	22 Aug 201916:15	–	nvd
OSV	GHSA-HFMF-Q43V-2FFJ Improper Key Verification in openpgp	23 Aug 201921:42	–	osv
Prion	Input validation	22 Aug 201916:15	–	prion
Veracode	Improper Verification Of Cryptographic Signature	23 Aug 201902:00	–	veracode

[
  {
    "enisaIdVendor": [
      {
        "id": "46e3e691-7182-367e-b6c2-f439cc281516",
        "vendor": {
          "name": "n/a"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "2a0d7bef-6dfc-3857-8745-a4b6fa6a576d",
        "product": {
          "name": "n/a"
        },
        "product_version": "n/a"
      }
    ]
  }
]

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2019-9154
github	www.github.com/openpgpjs/openpgpjs/pull/797
github	www.github.com/openpgpjs/openpgpjs/pull/797/commits/47138eed61473e13ee8f05931119d3e10542c5e1
github	www.github.com/openpgpjs/openpgpjs/releases/tag/v4.2.0
sec-consult	www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js
snyk	www.snyk.io/vuln/SNYK-JS-OPENPGP-460247
bsi	www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html
npmjs	www.npmjs.com/advisories/1161
packetstormsecurity	www.packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html
sec-consult	www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/

07 Oct 2025 00:30Current

7.5High risk

Vulners AI Score7.5

CVSS 37.5

CVSS 25

EPSS0.00389

openpgp.js cryptographic signature vulnerability unsigned data exploitation