You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
node forge
About this tag
Node Forge is a popular JavaScript cryptography library used for SSL/TLS, X.509 certificates, and ASN.1 parsing. Recent discussions on WindowsForum highlight three critical vulnerabilities patched in version 1.3.2: CVE-2025-12816, an ASN.1 validation bypass that desynchronizes the library's validator and lets attackers bypass cryptographic checks; CVE-2025-66031, a denial-of-service flaw exploiting unbounded ASN.1 recursion to crash Node.js processes; and CVE-2025-66030, an OID parsing issue where integer truncation allows OID spoofing. These threads cover patch details, supply-chain risks, and remediation steps for developers and IT teams using Node Forge in their applications.
A critical interpretation‑conflict flaw in the widely used JavaScript cryptography library node‑forge lets attackers craft malicious ASN.1 objects that desynchronize the library’s ASN.1 validator and bypass downstream cryptographic checks — a vulnerability tracked as CVE‑2025‑12816 that has been...
A newly disclosed high‑severity vulnerability in the popular JavaScript cryptography library node‑forge (tracked as CVE‑2025‑66031) enables unbounded ASN.1 recursion that can be trivially abused to crash Node.js processes parsing untrusted DER inputs — and the fix landed quickly in node‑forge...
A recently disclosed vulnerability in the widely used JavaScript cryptography library node-forge—tracked as CVE-2025-66030—allows specially crafted ASN.1 Object Identifier (OID) values to be mis-parsed due to integer truncation, letting an attacker spoof OIDs and potentially bypass downstream...