DEBIAN-CVE-2026-48522

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no...

PYSEC-2026-177

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited...

UBUNTU-CVE-2026-48526

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...

EUVD-2026-32918

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This...

Important Photon OS Security Update - PHSA-2026-5.0-0816

Updates of 'python3-PyJWT', 'rubygem-rdiscount' packages of Photon OS have been released...

Security Bulletin: Multiple Vulnerabilities in IBM watsonx Code Assistant On Prem

Summary Multiple vulnerabilities were addressed in IBM watsonx Code Assistant On Prem V5.3.1 Patch 1 Vulnerability Details CVEID:CVE-2024-58340 DESCRIPTION: LangChain versions up to and including 0.3.1 contain a regular expression denial-of-service ReDoS vulnerability in the MRKLOutputParser.pars...

USN-8133-1 pyjwt vulnerability

It was discovered that PyJWT did not validate the critical header parameter, contrary to the RFC specification expectations. A remote attacker could possibly use this issue to bypass certain authentication checks and restrictions...

[SECURITY] Fedora 43 Update: python-ujson-5.12.0-1.fc43

UltraJSON is an ultra fast JSON encoder and decoder written in pure C with bindings for Python...

SUSE SLES15 Security Update : protobuf (SUSE-SU-2026:0563-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0563-1 advisory. - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173. Tenable has extracted the...

SUSE-SU-2026:20490-1 Security update for protobuf

This update for protobuf fixes the following issues: - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173...

SUSE-SU-2026:0563-1 Security update for protobuf

This update for protobuf fixes the following issues: - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in PyJWT-2.10.1-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in PyJWT-2.10.1-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-45768 DESCRIPTION: pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the...

PT-2026-25090

Name of the Vulnerable Software and Affected Versions PyJWT versions prior to 2.12.0 Description PyJWT is a Python implementation for handling JSON Web Tokens JWT. Before version 2.12.0, the library did not properly validate the 'crit' Critical Header Parameter as defined in RFC 7515 §4.1.11...

EUVD-2025-7799

Malicious code in bioql PyPI...

EUVD-2022-5366

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-27607

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Python JSON Logger is a JSON Formatter for Python Logging. Between 30 December 2024 and 4 March 2025 Python JSON Logger was vulnerable to RCE through a missing...

Security Bulletin: IBM Cognos Analytics is affected by a security vulnerability in Python JSON Logger (CVE-2025-27607)

Summary There is a vulnerability in Python JSON Logger used by IBM Cognos Analytics CVE-2025-27607. This Security Bulletin relates only to the direct usage of third-party components by IBM Cognos Analytics, and not any nested dependencies within the product. Vulnerability Details...

CVE-2025-27607

A flaw was found in the Python JSON Logger library python-json-logger. In affected versions, python-json-logger was vulnerable to remote code execution RCE due to a missing dependency. This issue occurred because msgspec-python313-pre was deleted by the owner, leaving the name open to being claim...

CVE-2025-27607

Python JSON Logger is a JSON Formatter for Python Logging. Between 30 December 2024 and 4 March 2025 Python JSON Logger was vulnerable to RCE through a missing dependency. This occurred because msgspec-python313-pre was deleted by the owner leaving the name open to being claimed by a third party...