Lucene search
+L

34 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.17 views

Amazon Linux 2023 : python3-jwt, python3-jwt+crypto (ALAS2023-2026-1842)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1842 advisory. PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate u...

7.4CVSS5.9AI score0.00394EPSS
Exploits1References4
EUVD
EUVD
added 2026/06/15 7:27 p.m.16 views

EUVD-2026-32918

PyJWT: Algorithm allow-list bypass when decoding with PyJWK / PyJWKClient keys...

5.4CVSS5.1AI score0.00127EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2026/05/28 4:16 p.m.7 views

360solutions-bc-mcp (>=0.5.3 <=0.5.6), 3di-cmd-client (>=0.0.1a0 <=0.0.3) +1475 more potentially affected by CVE-2026-48526 via pyjwt (>=0.2.1 <=2.12.1)

pyjwt PYPI version =0.2.1, =0.5.3, =0.0.1a0, =0.1.1, =1.0.0, =2.0.0, =1.1.1, =0.8.44.4, =0.1.0, =0.1.1, =0.1.1, =0.1.5 - affo-user-service =1.0.4 and more Source cves: CVE-2026-48526 Source advisory: OSV:PYSEC-2026-179...

7.4CVSS5.7AI score0.00394EPSS
Exploits1
OSV
OSV
added 2026/05/28 4:16 p.m.9 views

PYSEC-2026-177

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited...

3.7CVSS5.8AI score0.00222EPSS
Exploits0References1
OSV
OSV
added 2026/05/28 4:16 p.m.11 views

DEBIAN-CVE-2026-48522

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no...

4.2CVSS6AI score0.00181EPSS
Exploits1References1
OSV
OSV
added 2026/05/28 4:16 p.m.20 views

UBUNTU-CVE-2026-48526

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...

7.4CVSS5.8AI score0.00394EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/05/06 6:40 a.m.9 views

pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This...

7.5CVSS6.6AI score0.00269EPSS
Exploits1References5
Photon
Photon
added 2026/04/10 12:0 a.m.6 views

Important Photon OS Security Update - PHSA-2026-5.0-0816

Updates of 'rubygem-rdiscount', 'python3-PyJWT' packages of Photon OS have been released...

6.1AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/09 10:57 a.m.10 views

Security Bulletin: Multiple Vulnerabilities in IBM watsonx Code Assistant On Prem

Summary Multiple vulnerabilities were addressed in IBM watsonx Code Assistant On Prem V5.3.1 Patch 1 Vulnerability Details CVEID:CVE-2024-58340 DESCRIPTION: LangChain versions up to and including 0.3.1 contain a regular expression denial-of-service ReDoS vulnerability in the MRKLOutputParser.pars...

9.8CVSS6AI score0.00808EPSS
Exploits4Affected Software1
OSV
OSV
added 2026/03/30 3:2 p.m.5 views

USN-8133-1 pyjwt vulnerability

It was discovered that PyJWT did not validate the critical header parameter, contrary to the RFC specification expectations. A remote attacker could possibly use this issue to bypass certain authentication checks and restrictions...

7.5CVSS5.8AI score0.00269EPSS
Exploits1References2
Fedora
Fedora
added 2026/03/22 12:54 a.m.7 views

[SECURITY] Fedora 43 Update: python-ujson-5.12.0-1.fc43

UltraJSON is an ultra fast JSON encoder and decoder written in pure C with bindings for Python...

7.5CVSS5.8AI score0.00479EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/02/18 12:0 a.m.7 views

SUSE SLES15 Security Update : protobuf (SUSE-SU-2026:0563-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0563-1 advisory. - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173. Tenable has extracted the...

8.2CVSS6.7AI score0.00613EPSS
Exploits0References4
OSV
OSV
added 2026/02/17 9:42 a.m.2 views

SUSE-SU-2026:20490-1 Security update for protobuf

This update for protobuf fixes the following issues: - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173...

8.2CVSS5.8AI score0.00613EPSS
Exploits0References3
OSV
OSV
added 2026/02/16 4:19 p.m.7 views

SUSE-SU-2026:0563-1 Security update for protobuf

This update for protobuf fixes the following issues: - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173...

8.2CVSS5.3AI score0.00613EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/04 6:34 p.m.8 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in PyJWT-2.10.1-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in PyJWT-2.10.1-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-45768 DESCRIPTION: pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the...

7CVSS5.3AI score0.0016EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.19 views

PT-2026-25090

Name of the Vulnerable Software and Affected Versions PyJWT versions prior to 2.12.0 Description PyJWT is a Python implementation for handling JSON Web Tokens JWT. Before version 2.12.0, the library did not properly validate the 'crit' Critical Header Parameter as defined in RFC 7515 §4.1.11...

7.8CVSS5.8AI score0.00269EPSS
Exploits1References270
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-7799

Malicious code in bioql PyPI...

8.8CVSS8.1AI score0.01543EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-5366

Malicious code in bioql PyPI...

9.8CVSS9.5AI score0.0353EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-27607

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Python JSON Logger is a JSON Formatter for Python Logging. Between 30 December 2024 and 4 March 2025 Python JSON Logger was vulnerable to RCE through a missing...

8.8CVSS7.1AI score0.01543EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/25 11:47 p.m.13 views

Security Bulletin: IBM Cognos Analytics is affected by a security vulnerability in Python JSON Logger (CVE-2025-27607)

Summary There is a vulnerability in Python JSON Logger used by IBM Cognos Analytics CVE-2025-27607. This Security Bulletin relates only to the direct usage of third-party components by IBM Cognos Analytics, and not any nested dependencies within the product. Vulnerability Details...

8.8CVSS6.7AI score0.01543EPSS
Exploits1Affected Software1
Rows per page
Query Builder