DEBIAN-CVE-2025-45768

pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcement...

CVE-2025-45768

pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcement...

PYSEC-2025-183

pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcement...

CVE-2025-45768

pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcement...

UBUNTU-CVE-2025-45768

pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcement...

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength due to the HMAC and RSA key lengths used in the JSON Web Signature JWS implementation not meeting recommended security standards. Remediation Upgrade pyjwt to version 2.11.0 or higher. References - GitHub...

pyjwt 安全漏洞

pyjwt is a Python library by the individual developer José Padilla in the United States. It allows encoding and decoding of JSON Web Tokens JWT. A security vulnerability exists in pyjwt version v2.10.1, which stems from the presence of weak encryption...

CVE-2025-45768

pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcement...

CVE-2025-45768

pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcement...

PT-2025-31583

Name of the Vulnerable Software and Affected Versions pyjwt version 2.10.1 Description pyjwt version 2.10.1 contains weak encryption. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...

CVE-2025-45768

CVE-2025-45768 : PyJWT 2.10.1 is reported to have weak encryption; supplier disputes note that key length is chosen by the app using the library. The IBM bulletin for Watson Discovery Cartridge (ICP Discover) cites PyJWT-2.10.1 as affected and recommends upgrading to Watson Discovery Cartridge 5....

CVE-2025-45768

pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcement...

OPENSUSE-SU-2025:14987-1 python311-PyJWT-2.10.1-2.1 on GA media

These are all security issues fixed in the python311-PyJWT-2.10.1-2.1 package on the GA media of openSUSE Tumbleweed...

Linux Distros Unpatched Vulnerability : CVE-2022-29217

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choos...

Incorrect Comparison

PyJWT is vulnerable to Incorrect Comparison. The vulnerability is due to improper handling of the iss claim check caused by the use of in for string comparison instead of strict equality, potentially allowing incorrect issuer values to pass validation...

SUSE CVE-2024-53861

pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for iss checking, resulting in "acb" being accepted for "abc". This is a bug introduced in version 2.10.0: checking the "iss" claim changed from isinstanceissuer, list to isinstanceissuer, Sequence. Since st...

OPENSUSE-SU-2024:14540-1 python310-PyJWT-2.10.1-1.1 on GA media

These are all security issues fixed in the python310-PyJWT-2.10.1-1.1 package on the GA media of openSUSE Tumbleweed...

GHSA-75C5-XW7C-P5PM vulnerabilities

Vulnerabilities for packages: barman, py3-pyjwt, az...

GHSA-75C5-XW7C-P5PM PyJWT Issuer field partial matches allowed

Summary The wrong string if check is run for iss checking, resulting in "acb" being accepted for "abc". Details This is a bug introduced in version 2.10.0: checking the "iss" claim changed from isinstanceissuer, list to isinstanceissuer, Sequence. diff - if isinstanceissuer, list: + if...

GHSA-75C5-XW7C-P5PM vulnerabilities

Vulnerabilities for packages: az, py3-pyjwt...