indutny CVE Vulnerabilities & Metrics

Focus on indutny vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About indutny Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with indutny. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total indutny CVEs: 3
Earliest CVE date: 04 Jun 2020, 15:15 UTC
Latest CVE date: 10 Oct 2024, 01:15 UTC

Latest CVE reference: CVE-2024-48949

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical indutny CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 3.7

Max CVSS: 6.8

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	1
4.0-6.9	2
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS indutny CVEs

These are the five CVEs with the highest CVSS scores for indutny, sorted by severity first and recency.

CVE-2020-13822 indutny Published on 04 Jun 2020, 15:15 UTC (CVSS: 6.8)
The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.
CVE-2020-28498 indutny Published on 02 Feb 2021, 19:15 UTC (CVSS: 4.3)
The package elliptic before 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the potential for the private key used in this implementation to be revealed after a number of ECDH operations are performed.
CVE-2024-48949 indutny Published on 10 Oct 2024, 01:15 UTC (CVSS: 0)
The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation.

All CVEs for indutny

CVE-2024-48949 indutny vulnerability CVSS: 0 10 Oct 2024, 01:15 UTC

The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation.

CVE-2020-28498 indutny vulnerability CVSS: 4.3 02 Feb 2021, 19:15 UTC

The package elliptic before 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the potential for the private key used in this implementation to be revealed after a number of ECDH operations are performed.

CVE-2020-13822 indutny vulnerability CVSS: 6.8 04 Jun 2020, 15:15 UTC

The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.