Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

52007 matches found

OSV
OSVadded 2026/05/28 4:16 p.m.3 views

DEBIAN-CVE-2026-48523

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

5.4CVSS5.8AI score0.00014EPSS
Exploits1References1
PyPA
PyPAadded 2026/05/28 4:16 p.m.5 views

PYSEC-2026-177

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited...

3.7CVSS5.8AI score0.00057EPSS
Exploits0References1Affected Software1
OSV
OSVadded 2026/05/28 4:16 p.m.2 views

PYSEC-2026-178

PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option "b64": false, RFC 7797, PyJWT performs Base64URL decoding of the compact-serialization payload segment before enforcing the detached-payload rules. For...

5.3CVSS5.8AI score0.00054EPSS
Exploits1References1
NVD
NVDadded 2026/05/28 4:16 p.m.10 views

CVE-2026-48524

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited...

3.7CVSS0.00057EPSS
Exploits0References1
PyPA
PyPAadded 2026/05/28 4:16 p.m.4 views

PYSEC-0000-CVE-2026-48522

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no...

4.2CVSS5.9AI score0.00034EPSS
Exploits1References1Affected Software1
OSV
OSVadded 2026/05/28 4:16 p.m.1 views

PYSEC-2026-176

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

5.4CVSS5.8AI score0.00014EPSS
Exploits1References1
OSV
OSVadded 2026/05/28 4:16 p.m.2 views

PYSEC-2026-179

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...

7.4CVSS5.8AI score0.00017EPSS
Exploits1References1
OSV
OSVadded 2026/05/28 4:16 p.m.3 views

DEBIAN-CVE-2026-48526

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...

7.4CVSS5.8AI score0.00017EPSS
Exploits1References1
NVD
NVDadded 2026/05/28 4:16 p.m.14 views

CVE-2026-48526

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...

7.4CVSS0.00017EPSS
Exploits1References1
PyPA
PyPAadded 2026/05/28 4:16 p.m.5 views

PYSEC-0000-CVE-2026-48523

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

5.4CVSS5.8AI score0.00014EPSS
Exploits1References1Affected Software1
PyPA
PyPAadded 2026/05/28 4:16 p.m.5 views

PYSEC-0000-CVE-2026-48524

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited...

3.7CVSS5.8AI score0.00057EPSS
Exploits0References1Affected Software1
OSV
OSVadded 2026/05/28 4:16 p.m.1 views

PYSEC-2026-177

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited...

3.7CVSS5.8AI score0.00057EPSS
Exploits0References1
PyPA
PyPAadded 2026/05/28 4:16 p.m.5 views

PYSEC-2026-179

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...

7.4CVSS5.8AI score0.00017EPSS
Exploits1References1Affected Software1
NVD
NVDadded 2026/05/28 4:16 p.m.8 views

CVE-2026-48522

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no...

4.2CVSS0.00034EPSS
Exploits1References1
OSV
OSVadded 2026/05/28 4:16 p.m.3 views

UBUNTU-CVE-2026-48526

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...

7.4CVSS5.8AI score0.00017EPSS
Exploits1References3
OSV
OSVadded 2026/05/28 4:16 p.m.2 views

UBUNTU-CVE-2026-48525

PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option "b64": false, RFC 7797, PyJWT performs Base64URL decoding of the compact-serialization payload segment before enforcing the detached-payload rules. For...

5.3CVSS5.8AI score0.00054EPSS
Exploits1References3
Rockylinux
Rockylinuxadded 2026/05/28 3:43 p.m.11 views

ruby:4.0 security update

An update is available for module.ruby, module.rubygem-mysql2, module.rubygem-pg, rubygem-mysql2, ruby, rubygem-pg. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE li...

9.1CVSS6.7AI score0.00048EPSS
Exploits0
OSV
OSVadded 2026/05/28 3:43 p.m.6 views

RLSA-2026:19186 Important: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

7.5CVSS7.3AI score0.00035EPSS
Exploits0References2
OSV
OSVadded 2026/05/28 3:43 p.m.6 views

RLSA-2026:19353 Important: opentelemetry-collector security update

Collector with the supported components for a Rocky Enterprise Software Foundation build of OpenTelemetry Security Fixes: net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to...

9.1CVSS5.8AI score0.00044EPSS
Exploits1References9
OSV
OSVadded 2026/05/28 3:43 p.m.5 views

RLSA-2026:20596 Important: ruby:4.0 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection CVE-2026-33210 erb: ERB: Arbitrary...

9.1CVSS6.7AI score0.00048EPSS
Exploits0References3
Rows per page
Query Builder