xml-crypto (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package xml-crypto, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2024-32962 — CVSS 10.0 (critical): xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default configuration does not check…
CVE-2025-29774: xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions…
CVE-2025-29775: xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions…