Browse all 6 CVE security advisories affecting panva. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Panva develops cryptographic libraries for Node.js, primarily enabling secure TLS/SSL implementations. Historically, its vulnerabilities have commonly included remote code execution flaws, cross-site scripting issues, and privilege escalation weaknesses. The project has demonstrated a pattern of security concerns, with six CVEs recorded to date, often stemming from input validation failures and improper handling of cryptographic operations. While no major public security incidents have been widely documented, the consistent occurrence of vulnerabilities in critical security components suggests ongoing challenges in maintaining robust cryptographic implementations within the Node.js ecosystem.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-28176 | jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext — joseCWE-400 | 4.9 | Medium | 2024-03-09 |
| CVE-2022-36083 | JOSE vulnerable to resource exhaustion via specifically crafted JWE — joseCWE-400 | 5.3 | Medium | 2022-09-07 |
| CVE-2021-29446 | Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-cjs-runtime — jose-node-cjs-runtimeCWE-203 | 5.9 | Medium | 2021-04-16 |
| CVE-2021-29445 | Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-esm-runtime — jose-node-esm-runtimeCWE-203 | 5.9 | Medium | 2021-04-16 |
| CVE-2021-29444 | Padding Oracle Attack due to Observable Timing Discrepancy in jose-browser-runtime — joseCWE-203 | 5.9 | Medium | 2021-04-16 |
| CVE-2021-29443 | Padding Oracle Attack due to Observable Timing Discrepancy in jose — joseCWE-203 | 5.9 | Medium | 2021-04-16 |
This page lists every published CVE security advisory associated with panva. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.