sm-crypto

npm2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting sm-cryptopage 1 of 1

CVE-2026-23965HIGHCVSS 7.5EG 7.5✓ Fixed in 0.4.0
2026-01-22
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature forgery vulnerability exists in the SM2 signature verification logic of sm-crypto prior to version 0.4.0. Under default co…
CVE-2026-23966CRITICALCVSS 9.1EG 9.1✓ Fixed in 0.3.14
2026-01-22
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto prior to version 0.3.14. By interacting with the …

Check whether sm-crypto is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for sm-crypto CVEs against the assets you own.

Start Free Scan →