Com.nimbusds:nimbus-jose-jwt
This hub aggregates every CVE we track for Com.nimbusds:nimbus-jose-jwt, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
6
CVEs tracked
1
Critical
3
High
0
In CISA KEV
Severity distribution
HIGH3LOW1MEDIUM1CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 6 most recently published vulnerabilities affecting Com.nimbusds:nimbus-jose-jwt.
- CVE-2025-53864Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because...5.8
- CVE-2023-52428In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (...7.5
- CVE-2019-17195Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authen...9.8
- CVE-2017-12973Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.3.1
- CVE-2017-12972In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Aut...7.5
- CVE-2017-12974Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Atta...7.5
Product normalization is registry-driven with AI assist and human review. How it works