jsrsasign

opensource free pure JavaScript cryptographic library supports RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp and CAdES and JSON Web Signature(JWS)/Token(JWT)/Key(JWK)

Latest 11.1.3

NPM

90%

Total Score

Maintainer Stability

100

Dependencies

100

Maturity

100

Supply Chain

100

Attestations

Are you affected? Scan for Free

Vulnerabilities

Title	Versions	Severity
AIKIDO-2026-10527 Pre-CVE Found by Aikido Intel before public disclosure or CVE publication. jsrsasign is vulnerable to Observable Timing Discrepancy in versions 4.10.0 - 11.1.2.	4.10.0 - 11.1.2	Low
AIKIDO-2026-10488 Pre-CVE Found by Aikido Intel before public disclosure or CVE publication. jsrsasign is vulnerable to Denial of Service (DoS) in versions 6.1.2 - 11.1.1.	6.1.2 - 11.1.1	Medium
AIKIDO-2026-10490 Pre-CVE Found by Aikido Intel before public disclosure or CVE publication. jsrsasign is vulnerable to Improper Verification of Cryptographic Signature in versions 7.1.0 - 11.1.1.	7.1.0 - 11.1.1	High
AIKIDO-2026-10489 Pre-CVE Found by Aikido Intel before public disclosure or CVE publication. jsrsasign is vulnerable to Insecure Randomness in versions 4.1.2 - 11.1.1.	4.1.2 - 11.1.1	High
CVE-2026-4600 jsrsasign is vulnerable to Improper Verification of Cryptographic Signature in versions 0.0.0 - 11.1.1.	0.0.0 - 11.1.1	High