47 matches found
Debian dla-4564 : python3-jwt - security update
The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4564 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4564-1 [email protected] https://www.debian.org/lts/security/...
Security Bulletin: IBM Edge Data Collector uses PyJWT-2.10.1-py3-none-any.whl, pyjwt-2.11.0-py3-none-any.whl which is vulnerable to CVE-2026-32597.
Summary IBM Edge Data Collector uses PyJWT-2.10.1-py3-none-any.whl, pyjwt-2.11.0-py3-none-any.whl which is vulnerable to CVE-2026-32597. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-32597 DESCRIPTION: PyJWT is a JSON Web Token implementatio...
fence-agents security update
An update is available for fence-agents. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The fence-agents packages provide a collection of scripts for handling...
RLSA-2026:12176 Important: fence-agents security update
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fixes: cryptography: cryptography Subgroup Attack Due to Missing Subgroup...
RockyLinux 8 : fence-agents (RLSA-2026:12176)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:12176 advisory. cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves CVE-2026-26007 pyjwt: PyJWT accepts unknown crit header...
Important: fence-agents security update
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fixes: cryptography: cryptography Subgroup Attack Due to Missing Subgroup...
ALSA-2026:12176 Important: fence-agents security update
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fixes: cryptography: cryptography Subgroup Attack Due to Missing Subgroup...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in pyjwt-2.11.0-py3-none-any.whl
Summary IBM Watson Discovery Cartridge affected by vulnerability in pyjwt-2.11.0-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-32597 DESCRIPTION: PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit Critical Header Parameter defined in RFC...
Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.
Summary Maximo AI Service uses mlflow-3.1.0-py3-none-any.whl, fast-xml-parser-4.5.3.tgz, nltk-3.9.1-py3-none-any.whl, tar-7.4.3.tgz, tar-7.5.9.tgz, PyJWT-2.10.1-py3-none-any.whl, pyasn1-0.6.2-py3-none-any.whl, fast-xml-parser-5.3.6.tgz, jackson-core-2.19.4.jar,...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : PyJWT vulnerability (USN-8133-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8133-1 advisory. It was discovered that PyJWT did not validate the critical header parameter, contrary to the RFC...
DEBIAN-CVE-2026-32597
PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting...
Linux Distros Unpatched Vulnerability : CVE-2026-32597
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 4.1.11. When...
CVE-2026-32597
PyJWT prior to 2.12.0 does not validate the crit header (RFC 7515 §4.1.11). If a JWS contains a crit array with extensions PyJWT cannot understand, the library accepts the token instead of rejecting it, violating the MUST requirement. This CVE affects PyJWT and is fixed in version 2.12.0. Remedia...
acapy-agent (>=1.1.1 <=1.5.1rc1), acapy-agent-jamie-testing (=1.3.1rc1) +471 more potentially affected by CVE-2026-32597 via pyjwt (>=2.0.0 <=2.11.0)
pyjwt PYPI version =2.0.0, =1.1.1, =0.1.1, =0.1.31, =0.1.0, =0.5.0, =1.89.5, =0.1.0, =0.0.1, =0.1.59, =0.2.47, =24.12.0, =1.29.7, =1.37.0 - anote-generate =0.3.0 and more Source cves: CVE-2026-32597 Source advisory: SNYK:PYTHON-PYJWT-15518059...
Security Bulletin: IBM Edge Data Collector uses PyJWT-2.10.0-py3-none-any.whl which is vulnerable to CVE-2024-53861.
Summary IBM Edge Data Collector uses PyJWT-2.10.0-py3-none-any.whl which is vulnerable to CVE-2024-53861. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-53861 DESCRIPTION: pyjwt is a JSON Web Token implementation in Python. An...
EUVD-2017-0103
Malware in sbrugna...
Incorrect Comparison
PyJWT is vulnerable to Incorrect Comparison. The vulnerability is due to improper handling of the iss claim check caused by the use of in for string comparison instead of strict equality, potentially allowing incorrect issuer values to pass validation...
The vulnerability of the JWT implementation in Python PyJWT, related to the use of cryptographic algorithms containing defects, allows attackers to compromise the integrity of the data.
The vulnerability of the JWT implementation in Python PyJWT is related to the absence of blocking for certain formats of the secret key. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the data...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : PyJWT vulnerability (USN-5526-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5526-1 advisory. Aapo Oksman discovered that PyJWT incorrectly handled signatures constructed from SSH public keys. A remote attacker could use this to for...
SUSE SLED15 / SLES15 Security Update : python-PyJWT (SUSE-SU-2022:2402-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:2402-1 advisory. - PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an...