Every CVE whose affected-product data names Digitalbazaar Forge, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2020-7720 — CVSS 9.8 (critical): The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking…
CVE-2025-12816 — CVSS 8.6 (high): An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft…
CVE-2022-24772 — CVSS 7.5 (high): Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1…
CVE-2026-33895 — CVSS 7.5 (high): Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519…
CVE-2026-33894 — CVSS 7.5 (high): Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA…
CVE-2026-33891 — CVSS 7.5 (high): Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of…
CVE-2025-66031 — CVSS 7.5 (high): Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion…
CVE-2022-24771 — CVSS 7.5 (high): Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1…
CVE-2026-33896 — CVSS 7.4 (high): Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0…
CVE-2025-66030 — CVSS 5.3 (medium): Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in…
CVE-2022-24773 — CVSS 5.3 (medium): Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1…