pkg:npm/jsonwebtoken

4 total CVEsHIGH1MEDIUM2

✅ Check your installed version

All known vulnerabilities

  • HIGH8.1CVE-2022-23539jsonwebtoken unrestricted key type could lead to legacy keys usage
    from 0, < 9.0.0
  • MEDIUM6.4CVE-2022-23540jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()
    from 0, < 9.0.0
  • MEDIUM5.0CVE-2022-23541jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC
    from 0, < 9.0.0
  • CVE-2015-9235Verification Bypass in jsonwebtoken
    from 0, < 4.2.2