org.webjars.npm:crypto-browserify (>=3.2.6 <=3.2.8), org.webjars.npm:node-libs-browser (>=0.5.2 <=0.5.3) +1 more potentially affected by CVE-2025-9288 via org.webjars.npm:sha.js (>=2.2.6 <=2.3.6)

org.webjars.npm:sha.js MAVEN version =2.2.6, =3.2.6, =0.5.2, =0.5.3 - org.webjars.npm:shasum =1.0.1 Source cves: CVE-2025-9288 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-12089401...

Insecure Cryptography

crypto-browserify is generates cryptographically insecure random numbers. The library uses the native JavaScript Math.Random to generate random numbers, that has been proven as not secure...