QuantumScan
mscdex/ssh2
The ssh2 library contains 22 critical and 53 high-severity post-quantum cryptography vulnerabilities across 9 files. Core cryptographic protocols rely on quantum-vulnerable algorithms including RSA-2048, ECDSA, SHA-1 based key exchange, and legacy ciphers that will be broken by quantum computers. Immediate migration planning is required for regulatory compliance and long-term security.
| File | Algorithm | Severity |
|---|---|---|
| lib/protocol/constants.js:57 | SHA-1 | critical |
| lib/protocol/constants.js:59 | SHA-1 | critical |
| lib/protocol/constants.js:135 | SHA-1 | critical |
| lib/protocol/constants.js:138 | MD5 | critical |
| lib/protocol/constants.js:142 | SHA-1 | critical |
| lib/protocol/constants.js:143 | MD5 | critical |
| lib/protocol/constants.js:112 | 3DES / TripleDES | critical |
| lib/protocol/constants.js:60 | SHA-1 | critical |
| test/test-keygen.js:25 | RSA key ≤ 2048 bits | critical |
| test/test-keygen.js:31 | RSA key ≤ 2048 bits | critical |
Anyone with this link can view the risk score and top findings — no sign-in required. Source code stays private.
https://quantumscan.io/en/share/5ccf92e3-93bb-4279-888f-5e51e3fd3d3fShow your project's post-quantum readiness in the README. The badge updates automatically after every new scan.
Preview
[](https://github.com/mscdex/ssh2)<a href="https://github.com/mscdex/ssh2"><img src="https://quantumscan.io/api/badge/mscdex/ssh2.svg" alt="Post-Quantum Readiness" /></a>Add badge to your README
Show your quantum-safety score directly on GitHub.
[](https://quantumscan.io/en/scan/5ccf92e3-93bb-4279-888f-5e51e3fd3d3f)Save your results & track future changes
Create a free account to get drift alerts, compliance PDF exports, and scan history.
- Weekly drift alerts when new vulnerabilities appear
- Track risk score over time across all your repos
- Export DORA / NIS2 compliance PDF for auditors
Free forever for design partners · No credit card