Improper Certificate Validation

Overview org.webjars.npm:node-forge is a WebJar for node-forge. Affected versions of this package are vulnerable to Improper Certificate Validation in the verifyCertificateChain function. An attacker can gain unauthorized certificate authority capabilities by presenting a certificate chain where ...

-fides-amor-et-lux (=1.0.0), 1ib (>=1.0.9 <=1.0.11) +1144 more potentially affected by CVE-2026-33895 via node-forge (>=1.0.0 <=1.3.3)

node-forge NPM version =1.0.0, =1.0.9, =1.0.0, =7.10.2-para-beta.0, =1.3.0-patch.0, =0.0.1-custom-install-dir, =1.2.1, =1.0.0, =1.0.0, =1.2.6, =1.23.2, =1.34.0 - @arextest/arex-request-runtime =7.36.3 and more Source cves: CVE-2026-33895 Source advisory: SNYK:JS-NODEFORGE-15789767...

org.webjars.npm:github-com-cisco-node-jose (=2.2.0), org.webjars.npm:google-auth-library (>=1.6.1 <=6.1.6) +7 more potentially affected by CVE-2026-33895 via org.webjars.npm:node-forge (>=0.10.0 <=1.3.3)

org.webjars.npm:node-forge MAVEN version =0.10.0, =1.6.1, =1.0.2, =2.3.2, =1.10.2, =2.1.1 Source cves: CVE-2026-33895 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15789768...

-fides-amor-et-lux (=1.0.0), -tompan-reacttemplate (>=1.0.1 <=1.1.0) +41818 more potentially affected by CVE-2022-35961 +2 more via node-forge (>=0.10.0 <=1.3.3)

node-forge NPM version =0.10.0, =1.0.1, =1.1.0 - 00ld8nuivn =2.1.0 - 00rqiw31nd =2.1.0 - 01dk01majk =2.1.0 - 02rjq8i863 =1.1.0 - 02vx8qsp01 =2.1.0 - 05y6tjgmws =1.1.0 - 066m7q8o0z =2.1.0 - 06buj9h3su =2.1.0 - 06dre15t8r =2.1.0 - 0726react =0.1.1 - 07fgapmu9l =1.1.0 - 07t2xvu6t4 =2.1.0 - 0850u4lkp...

Improper Verification of Cryptographic Signature

Overview node-forge is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the ed25519.verify function. An attacker can bypas...

-fides-amor-et-lux (=1.0.0), 1ib (>=1.0.9 <=1.0.11) +1144 more potentially affected by CVE-2026-33894 via node-forge (>=1.0.0 <=1.3.3)

node-forge NPM version =1.0.0, =1.0.9, =1.0.0, =7.10.2-para-beta.0, =1.3.0-patch.0, =0.0.1-custom-install-dir, =1.2.1, =1.0.0, =1.0.0, =1.2.6, =1.23.2, =1.34.0 - @arextest/arex-request-runtime =7.36.3 and more Source cves: CVE-2026-33894 Source advisory: SNYK:JS-NODEFORGE-15789773...

org.webjars.npm:github-com-cisco-node-jose (=2.2.0), org.webjars.npm:google-auth-library (>=1.6.1 <=6.1.6) +7 more potentially affected by CVE-2026-33894 via org.webjars.npm:node-forge (>=0.10.0 <=1.3.3)

org.webjars.npm:node-forge MAVEN version =0.10.0, =1.6.1, =1.0.2, =2.3.2, =1.10.2, =2.1.1 Source cves: CVE-2026-33894 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15789774...

Improper Verification of Cryptographic Signature

Overview node-forge is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in ASN.1 structures during RSA signature verification...

-fides-amor-et-lux (=1.0.0), -tompan-reacttemplate (>=1.0.1 <=1.1.0) +41818 more potentially affected by CVE-2026-33894 via node-forge (>=0.10.0 <=1.3.3)

node-forge NPM version =0.10.0, =1.0.1, =1.1.0 - 00ld8nuivn =2.1.0 - 00rqiw31nd =2.1.0 - 01dk01majk =2.1.0 - 02rjq8i863 =1.1.0 - 02vx8qsp01 =2.1.0 - 05y6tjgmws =1.1.0 - 066m7q8o0z =2.1.0 - 06buj9h3su =2.1.0 - 06dre15t8r =2.1.0 - 0726react =0.1.1 - 07fgapmu9l =1.1.0 - 07t2xvu6t4 =2.1.0 - 0850u4lkp...

Infinite loop

Overview node-forge is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities. Affected versions of this package are vulnerable to Infinite loop via the modInverse function. An attacker can cause the application to hang indefinitely...

-fides-amor-et-lux (=1.0.0), -tompan-reacttemplate (>=1.0.1 <=1.1.0) +41818 more potentially affected by CVE-2026-33891 via node-forge (>=0.10.0 <=1.3.3)

node-forge NPM version =0.10.0, =1.0.1, =1.1.0 - 00ld8nuivn =2.1.0 - 00rqiw31nd =2.1.0 - 01dk01majk =2.1.0 - 02rjq8i863 =1.1.0 - 02vx8qsp01 =2.1.0 - 05y6tjgmws =1.1.0 - 066m7q8o0z =2.1.0 - 06buj9h3su =2.1.0 - 06dre15t8r =2.1.0 - 0726react =0.1.1 - 07fgapmu9l =1.1.0 - 07t2xvu6t4 =2.1.0 - 0850u4lkp...

Infinite loop

Overview org.webjars.npm:node-forge is a WebJar for node-forge. Affected versions of this package are vulnerable to Infinite loop via the modInverse function. An attacker can cause the application to hang indefinitely and consume excessive CPU resources by supplying a zero value as input, resulti...

Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input

Summary A Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library. When modInverse is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachab...

-fides-amor-et-lux (=1.0.0), 1ib (>=1.0.9 <=1.0.11) +1144 more potentially affected by CVE-2026-33891 via node-forge (>=1.0.0 <=1.3.3)

node-forge NPM version =1.0.0, =1.0.9, =1.0.0, =7.10.2-para-beta.0, =1.3.0-patch.0, =0.0.1-custom-install-dir, =1.2.1, =1.0.0, =1.0.0, =1.2.6, =1.23.2, =1.34.0 - @arextest/arex-request-runtime =7.36.3 and more Source cves: CVE-2026-33891 Source advisory: SNYK:JS-NODEFORGE-15789769...

org.webjars.npm:github-com-cisco-node-jose (=2.2.0), org.webjars.npm:google-auth-library (>=1.6.1 <=6.1.6) +7 more potentially affected by CVE-2026-33891 via org.webjars.npm:node-forge (>=0.10.0 <=1.3.3)

org.webjars.npm:node-forge MAVEN version =0.10.0, =1.6.1, =1.0.2, =2.3.2, =1.10.2, =2.1.1 Source cves: CVE-2026-33891 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15789770...

GHSA-5M6Q-G25R-MVWX Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input

Summary A Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library. When modInverse is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachab...

PT-2026-28556

Name of the Vulnerable Software and Affected Versions node-forge versions prior to 1.4.0 Description A Denial of Service DoS issue exists in the node-forge library due to an infinite loop within the BigInteger.modInverse function, inherited from the bundled jsbn library. When modInverse is called...

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.18.4 security update

Important: Red Hat OpenShift GitOps v1.18.4 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-8439 CVE-2025-12816 openshift-gitops-1/console-plugin-rhel8: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic...

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2025-64756 DESCRIPTION: Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the...

[SECURITY] [DLA 4471-1] debian-security-support update

Debian LTS Advisory DLA-4471-1 [email protected] https://www.debian.org/lts/security/ Santiago Ruano Rincón February 06, 2026 https://wiki.debian.org/LTS Package : debian-security-support Version : 1:11+2026.02.06 Debian Bug : 1117607 1119290 1124248 debian-security-support, the Debian...