Libjwt Libjwt

2 CVEs affecting Libjwt Libjwt. Latest disclosed: 2026-03-27. Critical: 1, High: 0.

Top CVEs affecting Libjwt Libjwt
CVESeverityScorePublishedSummary
CVE-2024-25189Critical9.82024-02-08libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.
CVE-2026-33996Medium5.52026-03-27LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value wh…