← Back

Browserify

browserify

3 CVEs • 3 products

Products (3)

Click to collapse
Toggle
Browserify Sign
browserify-sign
1 CVE
Cipher Base
cipher-base
1 CVE
Sha.js
sha.js
1 CVE

CVEs (3)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-9288
1Browserify
1Sha.js
Nov 3, 2025
Aug 20, 2025
9.1 CRITICAL· v4
9.1 CRITICAL· v3
N/A· v2
Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11.
CVE-2025-9287
1Browserify
1Cipher Base
Nov 3, 2025
Aug 20, 2025
9.1 CRITICAL· v4
9.1 CRITICAL· v3
N/A· v2
Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4.
CVE-2023-46234
2Browserify
Debian
2Browserify Sign
Debian Linux
Apr 10, 2025
Oct 26, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allow...Show more
browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.Show less