Browserify
Products
4Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-6547 | Cri | 0.52 | — | 0.00 | Jun 23, 2025 | Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation.This issue affects pbkdf2: <=3.1.2. | ||
| CVE-2025-6545 | Cri | 0.52 | — | 0.00 | Jun 23, 2025 | Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2. | ||
| CVE-2025-9288 | 0.00 | — | 0.01 | Aug 20, 2025 | Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11. | |||
| CVE-2025-9287 | 0.00 | — | 0.00 | Aug 20, 2025 | Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4. | |||
| CVE-2023-46234 | 0.00 | — | 0.01 | Oct 26, 2023 | browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be… |
- risk 0.52cvss —epss 0.00
Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation.This issue affects pbkdf2: <=3.1.2.
- risk 0.52cvss —epss 0.00
Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2.
- CVE-2025-9288Aug 20, 2025risk 0.00cvss —epss 0.01
Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11.
- CVE-2025-9287Aug 20, 2025risk 0.00cvss —epss 0.00
Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4.
- CVE-2023-46234Oct 26, 2023risk 0.00cvss —epss 0.01
browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be…