Node-forge developers security patch release for CVE-2025-12816
Security Patch Release
Summary
Hide ▲
Show ▼
The node-forge maintainers released version 1.3.2 to close CVE-2025-12816, reducing the risk of signature-verification bypass in applications that rely on the library's ASN.1 checks. The fix matters because versions 1.3.1 and earlier can accept malformed data that appears valid, undermining authentication and signed-data trust decisions. Developers are being told to upgrade immediately to the patched release.
Related Happenings
GitHub npm version 12 hardens installs and token management
Security Tool/Service
H score11
First: 09.07.2026 19:49
Last: 09.07.2026 19:49
Sources 1
About this happening:
**GitHub** released **npm version 12**, making install-time scripts opt-in by default and tightening **package publishing** controls to reduce **supply-chain risk**. The update al...
GitHub npm version 12 hardens installs and token management
Security Tool/ServiceAbout this happening: **GitHub** released **npm version 12**, making install-time scripts opt-in by default and tightening **package publishing** controls to reduce **supply-chain risk**. The update al...
Gitea Docker images security update (CVE-2026-20896)
Security Patch Release
H score51
First: 06.07.2026 19:28
Last: 06.07.2026 19:28
Sources 1
About this happening:
Gitea released **version 1.26.3** to fix **CVE-2026-20896**, closing a critical authentication-bypass risk in **Gitea Docker images**. The update removed the default **"*"** wildc...
Gitea Docker images security update (CVE-2026-20896)
Security Patch ReleaseAbout this happening: Gitea released **version 1.26.3** to fix **CVE-2026-20896**, closing a critical authentication-bypass risk in **Gitea Docker images**. The update removed the default **"*"** wildc...
Squid web proxy patch for CVE-2026-47729
Security Patch Release
H score20
First: 22.06.2026 17:29
Last: 22.06.2026 17:29
Sources 1
About this happening:
**Squid maintainers** merged a **null-terminator check** for **CVE-2026-47729** into the **development branch** and **v7**, closing the FTP-parser over-read that could expose shar...
Squid web proxy patch for CVE-2026-47729
Security Patch ReleaseAbout this happening: **Squid maintainers** merged a **null-terminator check** for **CVE-2026-47729** into the **development branch** and **v7**, closing the FTP-parser over-read that could expose shar...
Google Vertex AI SDK for Python security patch release (1.144.0–1.148.0)
Security Patch Release
H score15
First: 16.06.2026 22:05
Last: 16.06.2026 22:05
Sources 1
About this happening:
Google released staged fixes for **Google Cloud Vertex AI SDK for Python**, closing a **bucket-squatting** path that could hijack model uploads and enable code execution in Google...
Google Vertex AI SDK for Python security patch release (1.144.0–1.148.0)
Security Patch ReleaseAbout this happening: Google released staged fixes for **Google Cloud Vertex AI SDK for Python**, closing a **bucket-squatting** path that could hijack model uploads and enable code execution in Google...
Ivanti security patch release for CVE-2026-8043
Security Patch Release
H score25
First: 18.05.2026 13:54
Last: 18.05.2026 13:54
Sources 1
About this happening:
**Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
Ivanti security patch release for CVE-2026-8043
Security Patch ReleaseAbout this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
Timeline
-
26.11.2025 21:32 2 articles · 7mo ago
node-forge 1.3.2 patch release for CVE-2025-12816
Mitigation Patch Updatenode-forge maintainers released version 1.3.2 to fix CVE-2025-12816, an ASN.1 interpretation-conflict flaw in versions 1.3.1 and earlier that could let unauthenticated attackers craft malformed data to bypass cryptographic verification. Developers using node-forge were advised to upgrade to the patched release as soon as possible.
Show sources
- Popular Forge library gets fix for signature verification bypass flaw — www.bleepingcomputer.com — 26.11.2025 21:32
- Popular Forge library gets fix for signature verification bypass flaw — www.bleepingcomputer.com — 26.11.2025 21:32