PYSEC-2026-120

PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting...

CVE-2026-32597 PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting...

Harbor 跨站脚本漏洞

Harbor is an open source registry from Harbor Open Source. Protects artifacts with policies and role-based access control, ensures images are scanned and free of vulnerabilities, and signs images as trusted. A cross-site scripting vulnerability exists in Harbor versions 2.11.2 and earlier,...

CVE-2024-32986

PWAsForFirefox is a tool to install, manage and use Progressive Web Apps PWAs in Mozilla Firefox. Due to improper sanitization of web app properties such as name, description, shortcuts, web apps were able to inject additional lines into XDG Desktop Entries on Linux and AppInfo.ini on...

AZL-35312 CVE-2023-25667 affecting package tensorflow for versions less than 2.11.1-1

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when 2^31 = numframes height width channels 2^32, for example Full HD screencast of at least 346 frames. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...