Security Overview · bitcoinjs/tiny-secp256k1 · GitHub

Security

No security policy detected

This project has not set up a SECURITY.md file yet.

Report a vulnerability

verify() bypass when running in bundled environment
GHSA-5vhg-9xg4-cv9m published Jun 29, 2025 by junderw

Critical
Private key extraction when signing a malicious JSON-stringifyable message in bundled environment
GHSA-7mc2-6phr-23xc published Jun 29, 2025 by junderw

Critical

Learn more about advisories related to bitcoinjs/tiny-secp256k1 in the GitHub Advisory Database