Every CVE whose affected-product data names Kjur Jsrsasign, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2020-14968 — CVSS 9.8 (critical): An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Its RSASSA-PSS (RSA-PSS) implementation does not detect…
CVE-2020-14967 — CVSS 9.8 (critical): An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect…
CVE-2026-4599 — CVSS 9.1 (critical): Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the…
CVE-2021-30246 — CVSS 9.1 (critical): In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid. NOTE…
CVE-2026-4601 — CVSS 8.7 (high): Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash…
CVE-2022-25898 — CVSS 7.7 (high): The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non…
CVE-2020-14966 — CVSS 7.5 (high): An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking…
CVE-2024-21484 — CVSS 7.5 (high): Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process…
CVE-2026-4598 — CVSS 7.5 (high): Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the…
CVE-2026-4602 — CVSS 7.5 (high): Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative…
CVE-2026-4600 — CVSS 7.4 (high): Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA…
CVE-2026-4603 — CVSS 5.9 (medium): Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in…