
jsonwebtoken
JSON Web Token implementation (symmetric and asymmetric)
Security Advisories for jsonwebtoken in npm
Moderate
almost 3 years ago
jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC
npm
jsonwebtoken
Moderate
almost 3 years ago
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()
npm
jsonwebtoken
High
almost 3 years ago
jsonwebtoken unrestricted key type could lead to legacy keys usage
npm
jsonwebtoken