EUVD-2019-0640

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

Improper cryptographic signature verification in OpenPGP.js enables message forgery by attackers.

Reporter	Title	Published	Views	Family All 8
CVE	CVE-2019-9153	22 Aug 201915:30	–	cve
Cvelist	CVE-2019-9153	22 Aug 201915:30	–	cvelist
Github Security Blog	Message Signature Bypass in openpgp	23 Aug 201921:42	–	github
Node.js	Message Signature Bypass	6 Sep 201919:50	–	nodejs
NVD	CVE-2019-9153	22 Aug 201916:15	–	nvd
OSV	GHSA-QWQC-28W3-FWW6 Message Signature Bypass in openpgp	23 Aug 201921:42	–	osv
Prion	Input validation	22 Aug 201916:15	–	prion
Veracode	Digital Signature Bypass	23 Aug 201901:50	–	veracode

[
  {
    "enisaIdVendor": [
      {
        "id": "f2fe8962-0a83-3d5f-a325-73edf775347a",
        "vendor": {
          "name": "n/a"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "19dfb931-ad71-37e7-84f4-8cb689edbce2",
        "product": {
          "name": "n/a"
        },
        "product_version": "n/a"
      }
    ]
  }
]

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2019-9153
github	www.github.com/openpgpjs/openpgpjs/pull/797/commits/327d3e5392a6f59a4270569d200c7f7a2bfc4cbc
github	www.github.com/openpgpjs/openpgpjs/pull/816
github	www.github.com/openpgpjs/openpgpjs/releases/tag/v4.2.0
sec-consult	www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js
snyk	www.snyk.io/vuln/SNYK-JS-OPENPGP-460248
bsi	www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html
npmjs	www.npmjs.com/advisories/1160
packetstormsecurity	www.packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html
sec-consult	www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/

07 Oct 2025 00:30Current

7.5High risk

Vulners AI Score7.5

CVSS 37.5

CVSS 25

EPSS0.00362