Skip to content
QuantumScanPublic scan report

Repository

mscdex/ssh2

Scanned on May 13, 2026

87

Risk score/ 100

Critical risk

Summary

The ssh2 library contains 22 critical and 53 high-severity post-quantum cryptography vulnerabilities across 9 files. Core cryptographic protocols rely on quantum-vulnerable algorithms including RSA-2048, ECDSA, SHA-1 based key exchange, and legacy ciphers that will be broken by quantum computers. Immediate migration planning is required for regulatory compliance and long-term security.

Critical

22

High

53

Medium

6

Low

1

Top findings

  • CriticalNullCipher

    test/test-protocol-crypto.js:10

  • CriticalSHA-1

    lib/protocol/constants.js:57

    SHA-256 or SHA3-256

  • CriticalRSA key ≤ 2048 bits

    test/test-keygen.js:25

  • CriticalSHA-1

    lib/protocol/constants.js:59

    SHA-256 or SHA3-256

  • CriticalSHA-1

    lib/protocol/constants.js:135

    SHA-256 or SHA3-256

+ 77 more findings in the full report

Scan your own repository

Free. Results in ~90 seconds. CBOM + DORA/NIS2 PDF included.

Start a free scan