Jpadilla Pyjwt
8 CVEs affecting Jpadilla Pyjwt. Latest disclosed: 2026-05-28. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-32597 | High | 7.5 | 2026-03-13 | PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11… |
CVE-2026-48526 | High | 7.4 | 2026-05-28 | PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC a… |
CVE-2022-29217 | High | 7.4 | 2022-05-24 | PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choo… |
CVE-2026-48523 | Medium | 5.4 | 2026-05-28 | PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode() or jwt.decode_… |
CVE-2026-48525 | Medium | 5.3 | 2026-05-28 | PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option ("b64": false… |
CVE-2026-48522 | Medium | 4.2 | 2026-05-28 | PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen() which uses Python… |
CVE-2026-48524 | Low | 3.7 | 2026-05-28 | PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.get_signing_key() forces a fresh HTTP request to the JWKS endpoint for every J… |
CVE-2024-53861 | Low | 2.2 | 2024-11-29 | pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for `iss` checking, resulting in `"acb"` being accepted for `"_abc_"`… |