Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-fjrm-76x2-c4q4
  • PyPI/jwcrypto
 JWCrypto: JWE ZIP decompression bomb 08 Apr
  • No fix available
  • Severity - 5.3 (Medium)
GHSA-j857-7rvv-vj97
  • PyPI/jwcrypto
 JWCrypto vulnerable to JWT bomb Attack in `deserialize` function 06 Mar 2024
  • Fix available
  • Severity - 6.8 (Medium)
PYSEC-2024-104
  • PyPI/jwcrypto
 See record for full details 12 Feb 2024
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-cw2r-4p82-qv79
  • PyPI/jwcrypto
 DoS with algorithms that use PBKDF2 due to unbounded PBES2 Count value 28 Dec 2023
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-gwp4-mcv4-w95j
  • PyPI/jwcrypto
 jwcrypto token substitution can lead to authentication bypass 21 Sep 2022
  • Fix available
GHSA-wg33-x934-3ghh
  • PyPI/jwcrypto
 jwcrypto lacks the Random Filling protection mechanism 17 May 2022
  • Fix available
  • Severity - 6.0 (Medium)
PYSEC-2016-4
  • PyPI/jwcrypto
  • github.com/latchset/jwcrypto
 See record for full details 01 Sep 2016
  • Fix available