Vulnerability Database
Blog
FAQ
Docs
arrow_forward
search
light_mode
dark_mode
Vulnerabilities
search
All ecosystems
770139
AlmaLinux
5255
Alpaquita
11478
Alpine
4352
Android
3403
Azure Linux
12016
BellSoft Hardened Containers
572
Bitnami
8321
Chainguard
9230
CleanStart
1780
CRAN
14
crates.io
2561
Debian
59730
Echo
6669
GHC
3
GIT
93401
GitHub Actions
54
Go
8148
Hackage
32
Hex
182
Julia
989
Linux
25415
Mageia
6011
Maven
6690
MinimOS
88251
npm
222401
NuGet
1770
opam
19
openEuler
7186
openSUSE
13457
OSS-Fuzz
3958
Packagist
6664
Pub
11
PyPI
22646
Red Hat
21212
Rocky Linux
3624
Root
17390
RubyGems
4550
SUSE
21325
SwiftURL
58
TuxCare
5651
Ubuntu
57187
VSCode
20
Wolfi
6453
ID
Packages
Summary
Published
arrow_upward
Attributes
PYSEC-2026-1814
PyPI/pyjwt
PyJWT Issuer field partial matches allowed
6 days ago
Fix available
Severity - 2.1 (Low)
GHSA-w7vc-732c-9m39
PyPI/pyjwt
PyJWT: Unauthenticated DoS via unbounded Base64URL decoding of unused payload segment in b64=false detached JWS
15 Jun
Fix available
Severity - 5.3 (Medium)
GHSA-993g-76c3-p5m4
PyPI/pyjwt
PyJWKClient: missing scheme allowlist enables CVE-2024-21643-class SSRF + token forgery via file://, ftp://, data: schemes
15 Jun
Fix available
Severity - 4.2 (Medium)
GHSA-xgmm-8j9v-c9wx
PyPI/pyjwt
PyJWT: Public-key JWK accepted as HMAC secret enables forged HS256 tokens when mixed families are allowed
15 Jun
Fix available
Severity - 7.4 (High)
GHSA-jq35-7prp-9v3f
PyPI/pyjwt
PyJWT: Algorithm allow-list bypass when decoding with
`
PyJWK
`
/
`
PyJWKClient
`
keys
15 Jun
Fix available
Severity - 5.4 (Medium)
GHSA-fhv5-28vv-h8m8
PyPI/pyjwt
PyJWKClient unbounded JWKS endpoint requests via attacker-controlled kid values (DoS)
15 Jun
Fix available
Severity - 3.7 (Low)
PYSEC-2026-179
PyPI/pyjwt
See record for full details
28 May
Fix available
Severity - 7.4 (High)
PYSEC-2026-178
PyPI/pyjwt
See record for full details
28 May
Fix available
Severity - 5.3 (Medium)
PYSEC-2026-177
PyPI/pyjwt
See record for full details
28 May
Fix available
Severity - 3.7 (Low)
PYSEC-2026-176
PyPI/pyjwt
See record for full details
28 May
Fix available
Severity - 5.4 (Medium)
PYSEC-2026-175
PyPI/pyjwt
See record for full details
28 May
Fix available
Severity - 4.2 (Medium)
GHSA-752w-5fwx-jx9f
PyPI/pyjwt
PyJWT accepts unknown
`
crit
`
header extensions
13 Mar
Fix available
Severity - 7.5 (High)
PYSEC-2026-120
PyPI/pyjwt
See record for full details
13 Mar
Fix available
Severity - 7.5 (High)
PYSEC-2025-183
PyPI/pyjwt
See record for full details
31 Jul 2025
No fix available
Severity - 7.0 (High)
GHSA-75c5-xw7c-p5pm
PyPI/pyjwt
PyJWT Issuer field partial matches allowed
02 Dec 2024
Fix available
Severity - 2.1 (Low)
GHSA-ffqj-6fqr-9h24
PyPI/pyjwt
Key confusion through non-blocklisted public key formats
24 May 2022
Fix available
Severity - 7.4 (High)
Load more...
(1 page left)
PyPI - OSV