CRITICAL9.8CVE-2020-14967RSA PKCS#1 decryption vulnerability with prepending zeros in jsrsasign from 0, < 8.0.18
CRITICAL9.8CVE-2020-14968RSA-PSS signature validation vulnerability by prepending zeros in jsrsasign >= 3.0.0, < 8.0.17
CRITICAL9.1CVE-2026-4599jsrsasign: Incomplete Comparison Allows DSA Private Key Recovery via Biased Nonce Generation >= 7.0.0, < 11.1.1
CRITICAL9.1RSA signature validation vulnerability on maleable encoded message in jsrsasign
from 0, < 10.2.0
HIGH8.7jsrsasign: Missing cryptographic validation during DSA signing enables private key extraction
from 0, < 11.1.1
HIGH8.6JWS and JWT signature validation vulnerability with special characters
>= 4.8.0, < 10.5.25
HIGH7.5jsrsasign is vulnerable to DoS through Infinite Loop when processing zero or negative inputs
from 0, < 11.1.1
HIGH7.5jsrsasign: Negative Exponent Handling Leads to Signature Verification Bypass
from 0, < 11.1.1
HIGH7.5Marvin Attack of RSA and RSAOAEP decryption in jsrsasign
from 0, < 11.0.0
HIGH7.5ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding in jsrsasign
>= 4.0.0, < 8.0.19
HIGH7.4jsrsasign: DSA signatures or X.509 certificates can be forged via DSA domain-parameter validation in KJUR.crypto.DSA.setPublic
from 0, < 11.1.1
MEDIUM5.9jsrsasign: Division by Zero Allows Invalid JWK Modulus to Cause Deterministic Zero Output in RSA Operations
from 0, < 11.1.1