CVE-2026-48526

PyJWT (Python) prior to 2.13.0 did not validate the use of JSON Web Keys in HMAC verification, allowing an attacker to use the issuer public key as the HMAC secret during token verification. This could enable forging tokens when mixing RS/EC/JWK and HS algorithms. The issue is fixed in PyJWT 2.13...

CVE-2026-48526 PyJWT: Public-key JWK accepted as HMAC secret enables forged HS256 tokens when mixed families are allowed

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...

GHSA-C32J-VQHX-RX3X ruby-jwt: Empty-key HMAC bypass; cross-language sibling of CVE-2026-44351

JWT.decodetoken, '', true, algorithm: 'HS256' accepts an attacker-forged token. OpenSSL::HMAC.digest'SHA256', '', payload returns a valid digest under an empty key, and no raise InvalidKeyError if key.empty? precondition exists in the HMAC algorithm. JWT.decodetoken, "", true, algorithm: 'HS256' ...

ruby-jwt: Empty-key HMAC bypass; cross-language sibling of CVE-2026-44351

JWT.decodetoken, '', true, algorithm: 'HS256' accepts an attacker-forged token. OpenSSL::HMAC.digest'SHA256', '', payload returns a valid digest under an empty key, and no raise InvalidKeyError if key.empty? precondition exists in the HMAC algorithm. JWT.decodetoken, "", true, algorithm: 'HS256' ...

GHSA-Q6MH-RQWH-G786 Note Mark has a JWT Secret Weakness that allows Full Account Takeover via Token Forgery

Summary No minimum length or entropy is enforced on the JWTSECRET configuration value. The application accepts any base64-decodable secret regardless of size, including secrets as short as 1 byte. HS256 secrets below 32 bytes are brute-forceable offline, allowing attackers to recover the signing...

fast-jwt: Incomplete fix for CVE-2023-48223: JWT Algorithm Confusion via Whitespace-Prefixed RSA Public Key

Summary The fix for GHSA-c2ff-88x2-x9pg CVE-2023-48223 is incomplete. The publicKeyPemMatcher regex in fast-jwt/src/crypto.js uses a ^ anchor that is defeated by any leading whitespace in the key string, re-enabling the exact same JWT algorithm confusion attack that the CVE patched. Details The f...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to improper validation of the crit header parameter. An attacker can bypass critical header checks by crafting a JSON Web Signature JWS token with unrecognized critical extensions. Po...

Security Bulletin: auth0/node-jws HS256 signature verification bypass via improper HMAC secret handling (≤3.2.2, 4.0.0)

Summary auth0/node-jws HS256 signature verification bypass due to improper HMAC secret handling versions ≤ 3.2.2 and 4.0.0 Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION: auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0,...

Security Bulletin: IBM Edge Data Collector uses jws-3.2.2.tgz which are vulnerable to CVE-2025-65945.

Summary IBM Edge Data Collector uses jws-3.2.2.tgz which are vulnerable to CVE-2025-65945. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION: auth0/node-jws is a JSON Web Signature implementation for Node.js. In...

CVE-2025-65945 auth0/node-jws improper HMAC signature verification vulnerability

auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the...

CVE-2025-65945 auth0/node-jws improper HMAC signature verification vulnerability

auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the...

PT-2025-49117

Name of the Vulnerable Software and Affected Versions auth0/node-jws versions 3.2.2 and earlier auth0/node-jws version 4.0.0 Description auth0/node-jws is a JSON Web Signature implementation for Node.js. A flaw exists in signature verification when using the HS256 algorithm under specific...

node-jws 数据伪造问题漏洞

node-jws is a JSON Web signature library open-sourced by Auth0. A data forgery issue vulnerability exists in node-jws versions 3.2.2 and earlier and 4.0.0, which stems from improper HS256 algorithm signature validation and could lead to signature validation bypass...

EUVD-2021-15796

Malware in sbrugna...

EUVD-2023-2883

Malicious code in bioql PyPI...

EUVD-2023-2944

Malicious code in bioql PyPI...

CVE-2023-48223

fast-jwt prior to v3.3.2 contains a publicKeyPemMatcher bug that fails to cover all PEM formats for public keys, enabling an algorithm-confusion attack (HS256 signed with an RSA public key) when RS256 is used and the verifier does not explicitly specify an algorithm. A patch in v3.3.2 fixes this ...

Json Web Token (JWT) Bypass

json-web-token is vulnerable to Json Web Token JWT Bypass. The vulnerability is due to an insecure mechanism used while verifying the signature of a JWT. The library blindly trusts the algorithm listed in the token without further verification. An attacker can forge a token using the HS256...

CVE-2023-23928

reason-jose is a JOSE implementation in ReasonML and OCaml.Jose.Jws.validate does not check HS256 signatures. This allows tampering of JWS header and payload data if the service does not perform additional checks. Such tampering could expose applications using reason-jose to authorization bypass...

Firebase PHP-JWT key/algorithm type confusion

In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue e.g., RS256 / HS256 exists via the kid aka Key ID header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way t...