Components
Vulnerabilities
Pricing
MCP
API
Docs
Sign up
Login
bcic-digital-envelope 1.0.7 | Vulnerabilit… | Sonatype Guide
npm
bcic-digital-envelope
1.0.7
bcic-digital-envelope 1.0.7
Published
Jun 12, 2023
•
Policy
compliance
npm Registry
Developer Trust Score
N/A
Recommended Version:
x.y.z
Latest version with 0 known vulnerabilities that meets your policy.
Compare Versions
Overview
Overview
Versions
18
Versions
18
Vulnerabilities
1
Vulnerabilities
1
Dependencies
4
Dependencies
4
Reset filters
Severity
Critical
(0)
High
(1)
Medium
(0)
Low
(0)
CVSS Score
0.0
10.0
EPSS Score
0.0
1.0
Malware
KEV Status
Published
Filter
Sort: Published (Newest first)
8.7
CVE-2026-23965
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature forgery vulnerability exists in the SM2 signature verification logic of sm-crypto prior to version 0.4.0. Under default configurations, an attacker can forge valid signatures for arbitrary public keys. If the message space contains sufficient redundancy, the attacker can fix the prefix of the message associated with the forged signature to satisfy specific formatting requirements. Version 0.4.0 patches the issue.
affected
Severity
High
Published
Jan 22, 2026
