Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm

jsonwebtoken

npm

JSON Web Token implementation (symmetric and asymmetric)

View on github.com · View on npmjs.org

Moderate Security Advisories for jsonwebtoken in npm Clear Filters

Moderate
almost 3 years ago

jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC GSA_kwCzR0hTQS1oanJmLTJtNjgtNTk1Oc4AAwgh

npm jsonwebtoken
Moderate
almost 3 years ago

jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify() GSA_kwCzR0hTQS1xd3BoLTQ5NTItN3hyNs4AAwgg

npm jsonwebtoken

Filter by Severity

Moderate 2 High 1 Critical 1