Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to improper validation of the crit header parameter. An attacker can bypass critical header checks by crafting a JSON Web Signature JWS token with unrecognized critical extensions. Po...

CVE-2026-32597

PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting...

CVE-2026-32597

PyJWT prior to 2.12.0 does not validate the crit header (RFC 7515 §4.1.11). If a JWS contains a crit array with extensions PyJWT cannot understand, the library accepts the token instead of rejecting it, violating the MUST requirement. This CVE affects PyJWT and is fixed in version 2.12.0. Remedia...

CVE-2026-32597

PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting...

pyjwt 安全漏洞

pyjwt is a Python library developed by José Padilla from the United States. It allows for the encoding and decoding of JSON Web Tokens JWTs. pyjwt has security vulnerabilities, stemming from the lack of validation for the crit header parameter. This vulnerability may allow the acceptance of JWS...

TencentOS Server 4: python-jwt (TSSA-2026:0119)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0119 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Security Bulletin: IBM Edge Data Collector uses PyJWT-2.10.0-py3-none-any.whl which is vulnerable to CVE-2024-53861.

Summary IBM Edge Data Collector uses PyJWT-2.10.0-py3-none-any.whl which is vulnerable to CVE-2024-53861. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-53861 DESCRIPTION: pyjwt is a JSON Web Token implementation in Python. An...

EUVD-2025-32985

Malicious code in pyjwt npm...

Malicious Package

Overview pyjwt is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious code in pyjwt (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1303df275ef90069cbd133d9486d1bd0732a401442c275a2c1ca4765fa940d5f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-48036 Malicious code in pyjwt (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1303df275ef90069cbd133d9486d1bd0732a401442c275a2c1ca4765fa940d5f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2017-0103

Malware in sbrugna...

EUVD-2022-0213

Malicious code in bioql PyPI...

EUVD-2024-3440

Malicious code in bioql PyPI...

EUVD-2025-23303

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-45768

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses th...

CVE-2025-45768

A flaw was found in pyjwt. The library uses weak encryption, allowing an attacker to potentially decrypt sensitive data. A network-based attacker can exploit this vulnerability without authentication, possibly resulting in a denial of service or data exposure. This weakness stems from the use of...

SUSE CVE-2025-45768

pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcement...

PYSEC-2025-183

pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcement...

aap-client-python (>=0.1.1 <=0.1.3), abdelrahman-obfuscate (>=1.0.0 <=1.0.1) +1192 more potentially affected by CVE-2025-45768 via pyjwt (>=0.2.1 <=2.10.1)

pyjwt PYPI version =0.2.1, =0.1.1, =1.0.0, =2.0.0, =1.1.1, =0.8.44.4, =0.1.1, =0.1.1, =0.1.31, =0.1.0, =0.5.0, =0.6.2rc6 and more Source cves: CVE-2025-45768 Source advisory: OSV:PYSEC-2025-183...