Jsonwebtoken
This hub aggregates every CVE we track for Jsonwebtoken, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
5
CVEs tracked
1
Critical
1
High
0
In CISA KEV
Severity distribution
MEDIUM3HIGH1CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
2024-072026-06
Latest CVEs
The 5 most recently published vulnerabilities affecting Jsonwebtoken.
- CVE-2026-25537jsonwebtoken has Type Confusion that leads to potential authorization bypass7.5
- CVE-2022-23539jsonwebtoken unrestricted key type could lead to legacy keys usage5.9
- CVE-2022-23540jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()6.4
- CVE-2022-23541jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC5.0
- CVE-2015-9235In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the atta...9.8
Product normalization is registry-driven with AI assist and human review. How it works