Jose
This hub aggregates every CVE we track for Jose, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
7
CVEs tracked
0
Critical
2
High
0
In CISA KEV
Severity distribution
MEDIUM5HIGH2
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
2024-072026-06
Latest CVEs
The 7 most recently published vulnerabilities affecting Jose.
- CVE-2026-34240jose vulnerable to untrusted JWK header key acceptance during signature verification7.5
- CVE-2023-50967latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.7.5
- CVE-2023-50966erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value in a JOSE header.5.3
- CVE-2024-28176jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext4.9
- CVE-2022-36083JOSE vulnerable to resource exhaustion via specifically crafted JWE5.3
- CVE-2021-29444Padding Oracle Attack due to Observable Timing Discrepancy in jose-browser-runtime5.9
- CVE-2021-29443Padding Oracle Attack due to Observable Timing Discrepancy in jose5.9
Product normalization is registry-driven with AI assist and human review. How it works