diff --git a/javascript/ql/lib/change-notes/2023-04-13-Forge-truncated-sha512-hash b/javascript/ql/lib/change-notes/2023-04-13-Forge-truncated-sha512-hash
new file mode 100644
index 00000000000..391b0bb7109
--- /dev/null
+++ b/javascript/ql/lib/change-notes/2023-04-13-Forge-truncated-sha512-hash
@@ -0,0 +1,5 @@
+---
+category: minorAnalysis
+---
+* The Forge module in `CryptoLibraries.qll` now correctly classifies SHA-512/224,
+* SHA-512/256, and SHA-512/384 hashes used in message digests as NonKeyCiphers.
\ No newline at end of file
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/CryptoLibraries.qll b/javascript/ql/lib/semmle/javascript/frameworks/CryptoLibraries.qll
index 2fab10eacac..00332b6530e 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/CryptoLibraries.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/CryptoLibraries.qll
@@ -627,6 +627,10 @@ private module Forge {
         // require("forge").md.md5.create().update('The quick brown fox jumps over the lazy dog');
         this =
           getAnImportNode().getMember("md").getMember(algorithmName).getMember("create").getACall()
+        or
+        // require("forge").sha512.sha256.create().update('The quick brown fox jumps over the lazy dog');
+        this =
+          getAnImportNode().getMember("md").getMember(algorithmName).getAMember().getMember("create").getACall()
       )
     }