Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openpgpjs openpgpjs vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-9153
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an malicious user to forge signed messages by replacing its signatures with a "standalone" or "timestamp" signature.
Openpgpjs Openpgpjs
1 Github repository
5.9
CVSSv3
CVE-2019-9155
A cryptographic issue in OpenPGP.js <=4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim's ECDH private key.
Openpgpjs Openpgpjs
7.5
CVSSv3
CVE-2019-9154
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an malicious user to pass off unsigned data as signed.
Openpgpjs Openpgpjs
7.5
CVSSv3
CVE-2015-8013
s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote malicious users to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message.
Openpgpjs Openpgpjs
4.3
CVSSv3
CVE-2023-41037
OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In affected versions OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools. These messages typically contain a "Hash: ..." header...
Openpgpjs Openpgpjs
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started