VYPR

sjcl

by sjcl

npm: sjcl

Source repositories

CVEs (1)

  • CVE-2026-4258HigMar 17, 2026
    risk 0.42cvss 7.5epss 0.00

    All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey(). An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and…