VYPR
Vendor

Bitcoinjs

Products
1
CVEs
2
Across products
2
Status
Private

Products

1

Recent CVEs

2
  • CVE-2024-49365HigJul 1, 2025
    risk 0.46cvss epss 0.00

    tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a malicious JSON-stringifyable message can be made passing on verify(), when global Buffer is the buffer package. This affects only environments where require('buffer') is the NPM buffer package.…

  • CVE-2024-49364HigJul 1, 2025
    risk 0.46cvss epss 0.00

    tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a private key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is the buffer package. This affects only environments where require('buffer') is the NPM buffer…