xml-crypto

npm3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting xml-cryptopage 1 of 1

CVE-2024-32962CRITICALCVSS 10.0EG 10.0✓ Fixed in 6.0.0
2024-05-02
xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of the w3 …
CVE-2025-29774CRITICALCVSS 9.3EG 0.0✓ Fixed in 2.1.6
2025-03-14
xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that…
CVE-2025-29775CRITICALCVSS 9.3EG 0.0✓ Fixed in 2.1.6
2025-03-14
xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that…

Check whether xml-crypto is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for xml-crypto CVEs against the assets you own.

Start Free Scan →