jwcrypto is vulnerable to authorization bypass. The vulnerability is due to JWT auto-detecting the token type; under certain circumstances, itβs possible to substitute a signed JWS token with a JWE token encrypted with the public key used for signature validation.