-
Notifications
You must be signed in to change notification settings - Fork 8
Expand file tree
/
Copy path.nsprc
More file actions
10 lines (10 loc) · 787 Bytes
/
.nsprc
File metadata and controls
10 lines (10 loc) · 787 Bytes
1
2
3
4
5
6
7
8
9
10
{
"GHSA-848j-6mx2-7j84": {
"notes": "CVE-2025-14505: elliptic ECDSA signature corruption can lead to private key recovery if attacker obtains both faulty and correct signatures for identical inputs. Accepted risk: dev-only transitive dependency (node-stdlib-browser -> crypto-browserify -> browserify-sign), not used for signing in this project, no fix available.",
"expiry": "2026-08-15"
},
"GHSA-vpq2-c234-7xj6": {
"notes": "CVE-2026-3449: @tootallnate/once promise hangs on AbortSignal abort (CVSS 1.9, availability only). Transitive dep via http-proxy-agent in dev-only packages (test-electron, jsdom) and BigQuery driver; worst case is a single stalled HTTP proxy request, no data leak or code execution.",
"expiry": "2026-09-17"
}
}