kjur security advisories
4 threat alerts tracking vulnerabilities and security advisories that affect kjur products.
Vulnios monitors kjur CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent kjur security news in one place, or click into an individual alert for full detail.
Critical Vulnerability: CVE-2021-30246 — kjur — jsrsasign
In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid. NOTE: there is no known practical attack.
criticalCVE-2021-30246Critical Vulnerability: CVE-2026-4599 — kjur — jsrsasign
Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functio
criticalCVE-2026-4599Critical Vulnerability: CVE-2020-14967 — kjur, netapp — jsrsasign, max_data
An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending '\0' bytes to ciphertexts
criticalCVE-2020-14967Critical Vulnerability: CVE-2020-14968 — kjur, netapp — jsrsasign, max_data
An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Its RSASSA-PSS (RSA-PSS) implementation does not detect signature manipulation/modification by prepending '\0' bytes to a si
criticalCVE-2020-14968
Track kjur exposure across your environment
Vulnios automatically cross-references your asset inventory against new kjur CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan