Please report security issues to security@digitalbazaar.com.
Security: digitalbazaar/forge
Security
SECURITY.md
-
basicConstraints bypass in certificate chain verification (RFC 5280 violation)GHSA-2328-f5f3-gj25 published
Mar 24, 2026 by davidlehnHigh -
Signature forgery in Ed25519 due to missing S < L checkGHSA-q67f-28xg-22rw published
Mar 24, 2026 by davidlehnHigh -
Signature forgery in RSA-PKCS due to ASN.1 extra fieldGHSA-ppp5-5v6c-4jwp published
Mar 24, 2026 by davidlehnHigh -
Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero InputGHSA-5m6q-g25r-mvwx published
Mar 24, 2026 by davidlehnHigh -
node-forge ASN.1 OID Integer TruncationGHSA-65ch-62r8-g69g published
Nov 25, 2025 by davidlehnModerate -
node-forge ASN.1 Unbounded RecursionGHSA-554w-wpv2-vw27 published
Nov 25, 2025 by davidlehnHigh -
node-forge ASN.1 Validator DesynchronizationGHSA-5gfm-wpxj-wjgq published
Nov 25, 2025 by davidlehnHigh -
RSA PKCS#1 v1.5 signature verification failing to check tailing garbage bytes can lead to signature forgery.GHSA-x4jg-mjrx-434g published
Mar 17, 2022 by davidlehnHigh -
RSA PKCS#1 v1.5 signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery.GHSA-cfm4-qjh2-4765 published
Mar 17, 2022 by davidlehnHigh -
RSA PKCS#1 v1.5 signature verification leniency in checking `DigestInfo` structure.GHSA-2r2c-g63r-vccr published
Mar 17, 2022 by davidlehnModerate
Learn more about advisories related to digitalbazaar/forge in the GitHub Advisory Database