Vulnerability	Vulnerable Version
H Improper Verification of Cryptographic Signature sm-crypto is a sm-crypto Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the SM2 signature verification process. An attacker can bypass signature validation by forging signatures for arbitrary public keys. How to fix Improper Verification of Cryptographic Signature? Upgrade `sm-crypto` to version 0.4.0 or higher.	<0.4.0
C Insufficient Verification of Data Authenticity sm-crypto is a sm-crypto Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the SM2 decryption logic. An attacker can recover sensitive private key material by repeatedly interacting with the decryption interface. How to fix Insufficient Verification of Data Authenticity? Upgrade `sm-crypto` to version 0.3.14 or higher.	<0.3.14
H Improper Verification of Cryptographic Signature sm-crypto is a sm-crypto Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the `SM2 signature verification` process. An attacker can create a new valid signature for a previously signed message by manipulating an existing signature. How to fix Improper Verification of Cryptographic Signature? Upgrade `sm-crypto` to version 0.3.14 or higher.	<0.3.14

Go back to all versions of this package