vulnerability in javascript-datastructures-algorithms

While working on javascript-datastructures-algorithms project, I found a vulnerability in the cipher-base package [CVE-2025-9287](https://vulert.com/vuln-db/CVE-2025-9287) (used by javascript-datastructures-algorithms project). This issue is caused by missing input type checks in the create-hash polyfill of Node.js createHash, which can allow hash state rewinding, leading to collisions, DoS, or even private key extraction in cryptographic libraries.

[CVE Link](https://vulert.com/vuln-db/CVE-2025-9287) 
[CVE Report](https://vulert.com/vuln-scan/list/c7caa51d-f940-440b-b05c-861cb955e5ae?sort_order=desc&sort_by=created_at)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

vulnerability in javascript-datastructures-algorithms #235

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

vulnerability in javascript-datastructures-algorithms #235

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions