Inadequate Encryption Strength

Overview net.gleske:jervis is a Self service Jenkins job generation using Jenkins Job DSL plugin groovy scripts. Reads .jervis.yml and generates a job in Jenkins. Affected versions of this package are vulnerable to Inadequate Encryption Strength in the PBKDF2 key derivation process. An attacker c...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in pbkdf2-3.1.2.tgz

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in pbkdf2-3.1.2.tgz Vulnerability Details CVEID:CVE-2025-6547 DESCRIPTION: Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation.This issue affects pbkdf2:...

EUVD-2025-18922

Malicious code in bioql PyPI...

Security Bulletin: Multiple vulnerabilities in pbkdf2 affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2025-6545 and CVE-2025-6547)

Summary There are multiple vulnerabilities in pbkdf2 used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-6547 DESCRIPTION: Improper Input Validation vulnerability...

Signature Spoofing

pbkdf2 is vulnerable to Signature Spoofing. The vulnerability is due to improper input validation in the lib/to-buffer.js file, which allows an attacker to bypass signature verification and spoof cryptographic signatures, making malicious data appear authentic...

Signature Spoofing

pbkdf2 is vulnerable to Signature Spoofing. The vulnerability is due to improper validation of input parameters within the pbkdf2 library, allows an attacker to forge or spoof digital signatures, potentially bypassing authentication or integrity checks...

GHSA-V62P-RQ8G-8H59 pbkdf2 silently disregards Uint8Array input, returning static keys

Summary On historic but declared as supported Node.js versions 0.12-2.x, pbkdf2 silently disregards Uint8Array input This only affects Node.js = 0.12 and there seems to be ongoing effort in this repo to maintain that Support Uint8Array input input is typechecked against Uint8Array, and the error...

org.webjars.npm:ethereum-cryptography (=0.1.3), org.webjars.npm:parse-asn1 (>=5.0.0 <=5.1.6) potentially affected by CVE-2025-6547 via org.webjars.npm:pbkdf2 (=3.1.2)

org.webjars.npm:pbkdf2 MAVEN version =3.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:pbkdf2 and may be impacted: - org.webjars.npm:ethereum-cryptography =0.1.3 - org.webjars.npm:parse-asn1 =5.0.0, =5.1.6 Source cves: CVE-2025-654...

@0cfg/utils-node (>=0.1.2 <=0.1.8), @b0ase/path402-api (=4.0.0-alpha.1) +262 more potentially affected by CVE-2025-6547 via pbkdf2 (>=3.0.12 <=3.1.2)

pbkdf2 NPM version =3.0.12, =0.1.2, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =2.38.0, =1.45.0, =1.1.14, =1.20.2, =1.3.13, =3.8.1, =4.26.0 and more Source cves: CVE-2025-6547 Source advisory: OSV:GHSA-V62P-RQ8G-8H59...

CVE-2025-6545

Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2...

CVE-2025-6547

Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation.This issue affects pbkdf2: =3.1.2...

CVE-2025-6545

Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2...

CVE-2025-6547

Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation.This issue affects pbkdf2: =3.1.2...

CVE-2025-6545 pbkdf2 silently returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos supported by Node.js

Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2...

CVE-2025-6545 pbkdf2 silently returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos supported by Node.js

Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2...

PT-2025-26634 · Node.Js +2 · Node.Js +2

Name of the Vulnerable Software and Affected Versions: pbkdf2 versions 3.0.10 through 3.1.2 Description: The issue is related to an Improper Input Validation vulnerability in pbkdf2, allowing Signature Spoofing by Improper Validation. This vulnerability is associated with program files...

CVE-2023-46133

CryptoES is a cryptography algorithms library compatible with ES6 and TypeScript. Prior to version 2.1.0, CryptoES PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a...