All 9 CVE vulnerabilities found in forge, with AI-generated Chinese analysis, references, and POCs.
Vendor: digitalbazaar
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-33896 | Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation) CWE-295 | 7.4 | High | 2026-03-27 |
| CVE-2026-33895 | Forge has signature forgery in Ed25519 due to missing S > L check CWE-347 | 7.5 | High | 2026-03-27 |
| CVE-2026-33894 | Forge has signature forgery in RSA-PKCS due to ASN.1 extra field CWE-347 | 7.5 | High | 2026-03-27 |
| CVE-2026-33891 | Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input CWE-835 | 7.5 | High | 2026-03-27 |
| CVE-2025-66030 | node-forge ASN.1 OID Integer Truncation CWE-190 | 9.1AI | CriticalAI | 2025-11-26 |
| CVE-2025-66031 | node-forge ASN.1 Unbounded Recursion CWE-674 | 7.5AI | HighAI | 2025-11-26 |
| CVE-2022-24772 | Improper Verification of Cryptographic Signature in `node-forge` CWE-347 | 7.5 | High | 2022-03-18 |
| CVE-2022-24773 | Improper Verification of Cryptographic Signature in `node-forge` CWE-347 | 5.3 | Medium | 2022-03-18 |
| CVE-2022-24771 | Improper Verification of Cryptographic Signature in node-forge CWE-347 | 7.5 | High | 2022-03-18 |
All 9 known CVE vulnerabilities affecting forge with full Chinese analysis, references, and POCs where available.