PyJWT — CVE history (PyPI)
PyJWT
9 CVEs affect the PyJWT PyPI package (highest CVSS 7.5). Latest disclosed: 2026-05-28. Full CVE history sourced from NVD.
Summary
- Package
PyJWT(PyPI)- Total CVEs
9- Actively exploited (CISA KEV)
- 0
- Highest CVSS
7.5- Latest disclosed
- 2026-05-28
Recent CVEs (top 9)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-48526 | High | 7.4 | — | 2026-05-28 | PyJWT is a JSON Web Token implementation in Python. |
CVE-2026-48525 | Medium | 5.3 | — | 2026-05-28 | PyJWT is a JSON Web Token implementation in Python. |
CVE-2026-48524 | Low | 3.7 | — | 2026-05-28 | PyJWT is a JSON Web Token implementation in Python. |
CVE-2026-48523 | Medium | 5.4 | — | 2026-05-28 | PyJWT is a JSON Web Token implementation in Python. |
CVE-2026-48522 | Medium | 4.2 | — | 2026-05-28 | PyJWT is a JSON Web Token implementation in Python. |
CVE-2026-32597 | High | 7.5 | — | 2026-03-13 | PyJWT is a JSON Web Token implementation in Python. |
CVE-2024-53861 | Low | 2.2 | — | 2024-11-29 | pyjwt is a JSON Web Token implementation in Python. |
CVE-2022-29217 | High | 7.4 | — | 2022-05-24 | PyJWT is a Python implementation of RFC 7519. |
CVE-2017-11424 | High | 7.5 | — | 2017-08-24 | In PyJWT 1.5.0 and below the `invalid_strings` check in `HMACAlgorithm.prepare_key` does not account for all PEM encoded public keys. |
All-time worst (top 9 by CVSS)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-32597 | High | 7.5 | — | 2026-03-13 | PyJWT is a JSON Web Token implementation in Python. |
CVE-2017-11424 | High | 7.5 | — | 2017-08-24 | In PyJWT 1.5.0 and below the `invalid_strings` check in `HMACAlgorithm.prepare_key` does not account for all PEM encoded public keys. |
CVE-2026-48526 | High | 7.4 | — | 2026-05-28 | PyJWT is a JSON Web Token implementation in Python. |
CVE-2022-29217 | High | 7.4 | — | 2022-05-24 | PyJWT is a Python implementation of RFC 7519. |
CVE-2026-48523 | Medium | 5.4 | — | 2026-05-28 | PyJWT is a JSON Web Token implementation in Python. |
CVE-2026-48525 | Medium | 5.3 | — | 2026-05-28 | PyJWT is a JSON Web Token implementation in Python. |
CVE-2026-48522 | Medium | 4.2 | — | 2026-05-28 | PyJWT is a JSON Web Token implementation in Python. |
CVE-2026-48524 | Low | 3.7 | — | 2026-05-28 | PyJWT is a JSON Web Token implementation in Python. |
CVE-2024-53861 | Low | 2.2 | — | 2024-11-29 | pyjwt is a JSON Web Token implementation in Python. |