Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm

jsonwebtoken

npm

JSON Web Token implementation (symmetric and asymmetric)

View on github.com · View on npmjs.org

Security Advisories for jsonwebtoken in npm

Moderate
almost 3 years ago

jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC GSA_kwCzR0hTQS1oanJmLTJtNjgtNTk1Oc4AAwgh

npm jsonwebtoken
Moderate
almost 3 years ago

jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify() GSA_kwCzR0hTQS1xd3BoLTQ5NTItN3hyNs4AAwgg

npm jsonwebtoken
High
almost 3 years ago

jsonwebtoken unrestricted key type could lead to legacy keys usage GSA_kwCzR0hTQS04Y2Y3LTMyZ3ctd3IzM84AAwgf

npm jsonwebtoken
Critical
about 7 years ago

Verification Bypass in jsonwebtoken MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM3aHItajRtai1qMnc2

npm jsonwebtoken

Filter by Severity

Moderate 2 High 1 Critical 1