jsrsasign

opensource free pure JavaScript cryptographic library supports RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp and CAdES and JSON Web Signature(JWS)/Token(JWT)/Key(JWK)

Latest 11.1.3

NPM

90%

Total Score

Maintainer Stability

100

Dependencies

100

Maturity

100

Supply Chain

100

Attestations

Vulnerabilities

Title	Versions	Severity
AIKIDO-2026-10488 Pre-CVE Found by Aikido Intel before public disclosure or CVE publication. New jsrsasign is vulnerable to Denial of Service (DoS) in versions 6.1.2 - 11.1.1.	6.1.2 - 11.1.1	Medium
AIKIDO-2026-10490 Pre-CVE Found by Aikido Intel before public disclosure or CVE publication. New jsrsasign is vulnerable to Improper Verification of Cryptographic Signature in versions 7.1.0 - 11.1.1.	7.1.0 - 11.1.1	High
AIKIDO-2026-10489 Pre-CVE Found by Aikido Intel before public disclosure or CVE publication. New jsrsasign is vulnerable to Insecure Randomness in versions 4.1.2 - 11.1.1.	4.1.2 - 11.1.1	High
CVE-2026-4600 jsrsasign is vulnerable to Improper Verification of Cryptographic Signature in versions 0.0.0 - 11.1.1.	0.0.0 - 11.1.1	High
CVE-2026-4599 jsrsasign is vulnerable to Incomplete Comparison with Missing Factors in versions 7.0.0 - 11.1.1.	7.0.0 - 11.1.1	Critical