`node-forge`

Ecosystem:
npm

Package URL:
pkg:npm/node-forge

Total PRs:
5,710 Dependabot PRs

Latest PR:
4 days ago

Unique Repositories:
4,647 repositories

Unique Repos (30 days):
24 repositories

Security Advisories

Forge has signature forgery in RSA-PKCS due to ASN.1 extra field

GHSA-ppp5-5v6c-4jwp CVE-2026-33894 HIGH published 3 months ago • updated about 13 hours ago

## Summary RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can forge signatures b...

node-forge is vulnerable to ASN.1 OID Integer Truncation

GHSA-65ch-62r8-g69g CVE-2025-66030 MODERATE published 7 months ago • updated 1 day ago

### Summary **MITRE-Formatted CVE Description** An Integer Overflow (CWE-190) vulnerability in node-forge versions 1.3.1 and below enables remote,...

Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input

GHSA-5m6q-g25r-mvwx CVE-2026-33891 HIGH published 3 months ago • updated 7 days ago

## Summary A Denial of Service (DoS) vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse() functio...

Improper Verification of Cryptographic Signature in node-forge

GHSA-x4jg-mjrx-434g CVE-2022-24772 HIGH published over 4 years ago • updated 7 days ago

### Impact RSA PKCS#1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a `DigestInfo` ASN.1 structure. Thi...

node-forge has an Interpretation Conflict vulnerability via its ASN.1 Validator Desynchronization

GHSA-5gfm-wpxj-wjgq CVE-2025-12816 HIGH published 7 months ago • updated 2 days ago

### Summary CVE-2025-12816 has been reserved by CERT/CC **Description** An Interpretation Conflict (CWE-436) vulnerability in node-forge versions...

View all 15 advisories

Recent PRs (filtered by: Patch PRs )

RSS Feed Clear filter

Bump node-forge from 1.3.1 to 1.3.2

YunoHost/doc #2704

1.3.1 → 1.3.2 Patch PR

Open 7 months ago 1 comment

Bump node-forge from 1.3.1 to 1.3.2

chrissearle/www_cso #99

1.3.1 → 1.3.2 Patch PR

Open 7 months ago 2 comments

Bump node-forge from 1.3.1 to 1.3.2 in /functions

FirebaseExtended/reactfire #656

1.3.1 → 1.3.2 Patch PR

Closed 7 months ago 1 comment

Bump node-forge from 1.3.1 to 1.3.2

fjordllc/bootcamp #9326

1.3.1 → 1.3.2 Patch PR

Closed 7 months ago 2 comments

chore(deps): bump node-forge from 1.3.1 to 1.3.2

DanAtkinson/Fuskr #96

1.3.1 → 1.3.2 Patch PR

Closed 7 months ago 1 comment

Bump node-forge from 1.3.1 to 1.3.2

foliovision/fv-wordpress-flowplayer #525

1.3.1 → 1.3.2 Patch PR

Closed 7 months ago 1 comment

Bump node-forge from 1.3.1 to 1.3.2

shaykalyan/shaykalyan.github.io #24

1.3.1 → 1.3.2 Patch PR

Closed 7 months ago 1 comment

Bump node-forge from 1.3.1 to 1.3.2

sitespeedio/browsertime #2345

1.3.1 → 1.3.2 Patch PR

Closed 7 months ago 1 comment

Bump node-forge from 1.3.1 to 1.3.2

boston-library/Commonwealth-public-interface #154

1.3.1 → 1.3.2 Patch PR

Closed 7 months ago 1 comment

chore(deps): bump node-forge from 1.3.1 to 1.3.2

rossshannon/pincushion #50

1.3.1 → 1.3.2 Patch PR

Closed 7 months ago 2 comments

chore(deps-dev): Bump node-forge from 1.3.1 to 1.3.2

auth0/lock #2694

1.3.1 → 1.3.2 Patch PR

Open 7 months ago 2 comments

Bump node-forge from 1.3.1 to 1.3.2

quintel/documentation #274

1.3.1 → 1.3.2 Patch PR

Closed 7 months ago 1 comment

Bump node-forge from 1.3.1 to 1.3.2

jmaister/excellentexport #708

1.3.1 → 1.3.2 Patch PR

Closed 7 months ago 1 comment

Bump node-forge from 1.3.1 to 1.3.2

3liz/lizmap-web-client #6273

1.3.1 → 1.3.2 Patch PR

Open 7 months ago 1 comment

chore(deps-dev): bump node-forge from 1.3.1 to 1.3.2

linkeddata/rdflib.js #723

1.3.1 → 1.3.2 Patch PR

Closed 7 months ago 1 comment

Bump node-forge from 1.3.1 to 1.3.2

AfterShip/phone #444

1.3.1 → 1.3.2 Patch PR

Closed 7 months ago 1 comment

Bump node-forge from 1.3.1 to 1.3.2

ruby-china/homeland #1483

1.3.1 → 1.3.2 Patch PR

Closed 7 months ago 1 comment

Bump node-forge from 1.3.1 to 1.3.2

joomla/framework.joomla.org #159

1.3.1 → 1.3.2 Patch PR

Closed 7 months ago 2 comments

build(deps-dev): bump node-forge from 1.3.1 to 1.3.2

brief-rss/brief #570

1.3.1 → 1.3.2 Patch PR

Closed 7 months ago 2 comments

Bump node-forge from 1.3.1 to 1.3.2

quintel/etmodel #4598

1.3.1 → 1.3.2 Patch PR

Closed 7 months ago 2 comments

Bump node-forge from 1.3.1 to 1.3.2 in /Open-ILS/src/eg2

evergreen-library-system/Evergreen #386

1.3.1 → 1.3.2 Patch PR

Closed 7 months ago 1 comment

Bump node-forge from 1.3.1 to 1.3.2 in /src/Raven.Studio

ravendb/ravendb #21861

1.3.1 → 1.3.2 Patch PR

Open 7 months ago 1 comment

Bump node-forge from 1.3.1 to 1.3.2

pods-framework/pods #7469

1.3.1 → 1.3.2 Patch PR

Closed 7 months ago 1 comment

chore(deps): bump the npm_and_yarn group across 4 directories with 32 updates

hashim21223445/cypress #15

1.3.0 → 1.3.1 Patch PR

Open 10 months ago

Bump the patch-dependencies group with 2 updates

heroku/heroku-exec-util #47

1.3.0 → 1.3.1 Patch PR

Open 10 months ago

Bump the npm_and_yarn group across 1 directory with 10 updates

mybusybee-inc/open-gsa-redesign #2

1.3.0 → 1.3.1 Patch PR

Open 11 months ago

Package Details

Name:	`node-forge`
Ecosystem:	npm
PURL Type:	npm
Package URL:	`pkg:npm/node-forge`
JSON API:	View JSON

Security Advisories

15

Active advisories

HIGH 9

MODERATE 3

LOW 3

View All npm Advisories

Package Information

Description:

JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.

Repository:	https://github.com/digitalbazaar/forge
Homepage:	https://github.com/digitalbazaar/forge
Latest Release:	`1.3.1` about 4 years ago
Dependent Repos:	3,039,204
Dependent Packages:	2,329
Downloads:	99,242,131
Ranking:	Top 0.0058% by dependent repos Top 0.0211% by downloads Top 0.0344% by dependent pkgs

PR Status

Open 2,968 (52.0%)

Merged 58 (1.0%)

Closed 2,659 (46.6%)

PR Types

Major 1,167 (20.4%)

Minor 1,539 (27.0%)

Patch 2,926 (51.3%)

Removal 43 (0.8%)