Digitalbazaar Forge
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Digitalbazaar Forge.
By the Year
In 2026 there have been 4 vulnerabilities in Digitalbazaar Forge with an average score of 7.5 out of ten. Last year, in 2025 Forge had 2 security vulnerabilities published. That is, 2 more vulnerabilities have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 4 | 7.48 |
| 2025 | 2 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 4 | 6.60 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 9.80 |
It may take a day or so for new Forge vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Digitalbazaar Forge Security Vulnerabilities
node-forge < 1.4.0: VerifyCertificateChain Allows Non-CA Certs
CVE-2026-33896
7.4 - High
- March 27, 2026
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, `pki.verifyCertificateChain()` does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the `basicConstraints` and `keyUsage` extensions. This allows any leaf certificate (without these extensions) to act as a CA and sign other certificates, which node-forge will accept as valid. Version 1.4.0 patches the issue.
Improper Certificate Validation
node-forge <=1.3 Ed25519 Sig Verify Malleability flaw
CVE-2026-33895
7.5 - High
- March 27, 2026
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order (`S >= L`). A valid signature and its `S + L` variant both verify in forge, while Node.js `crypto.verify` (OpenSSL-backed) rejects the `S + L` variant, as defined by the specification. This class of signature malleability has been exploited in practice to bypass authentication and authorization logic (see CVE-2026-25793, CVE-2022-35961). Applications relying on signature uniqueness (i.e., dedup by signature bytes, replay tracking, signed-object canonicalization checks) may be bypassed. Version 1.4.0 patches the issue.
Improper Verification of Cryptographic Signature
Forge (node-forge) RSASSA PKCS#1 v1.5 forgery e=3 v<1.4
CVE-2026-33894
7.5 - High
- March 27, 2026
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can forge signatures by stuffing garbage bytes within the ASN structure in order to construct a signature that passes verification, enabling Bleichenbacher style forgery. This issue is similar to CVE-2022-24771, but adds bytes in an addition field within the ASN structure, rather than outside of it. Additionally, forge does not validate that signatures include a minimum of 8 bytes of padding as defined by the specification, providing attackers additional space to construct Bleichenbacher forgeries. Version 1.4.0 patches the issue.
Improper Verification of Cryptographic Signature
node-forge <1.4.0: DoS via Infinite Loop in modInverse()
CVE-2026-33891
7.5 - High
- March 27, 2026
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service (DoS) vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse() function (inherited from the bundled jsbn library). When modInverse() is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachable exit condition, causing the process to hang indefinitely and consume 100% CPU. Version 1.4.0 patches the issue.
Infinite Loop
Integer Overflow in node-forge 1.3.1 Enables OID Bypass
CVE-2025-66030
- November 26, 2025
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Integer Overflow or Wraparound
Uncontrolled Recursion DoS in node-forge <1.3.2 (ASN.1 Parsing)
CVE-2025-66031
- November 26, 2025
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Stack Exhaustion
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript
CVE-2022-24773
5.3 - Medium
- March 18, 2022
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not properly check `DigestInfo` for a proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.
Improper Verification of Cryptographic Signature
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript
CVE-2022-24772
7.5 - High
- March 18, 2022
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a `DigestInfo` ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.
Improper Verification of Cryptographic Signature
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript
CVE-2022-24771
7.5 - High
- March 18, 2022
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.
Improper Verification of Cryptographic Signature
forge is vulnerable to URL Redirection to Untrusted Site
CVE-2022-0122
6.1 - Medium
- January 06, 2022
forge is vulnerable to URL Redirection to Untrusted Site
Open Redirect
The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function
CVE-2020-7720
9.8 - Critical
- September 01, 2020
The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Digitalbazaar Forge or by Digitalbazaar? Click the Watch button to subscribe.
