Nearform Fast-jwt
8 CVEs affecting Nearform Fast-jwt. Latest disclosed: 2026-05-13. Critical: 3, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-44351 | Critical | 9.1 | 2026-05-13 | fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6.2.4, a critical authentication-bypass vulnerability in fast-jwt's async key-resolver flo… |
CVE-2026-35039 | Critical | 9.1 | 2026-04-06 | fast-jwt provides fast JSON Web Token (JWT) implementation. From 0.0.1 to before 6.2.0, setting up a custom cacheKeyBuilder method which does not properly crea… |
CVE-2026-34950 | Critical | 9.1 | 2026-04-06 | fast-jwt provides fast JSON Web Token (JWT) implementation. In 6.1.0 and earlier, the publicKeyPemMatcher regex in fast-jwt/src/crypto.js uses a ^ anchor that… |
CVE-2026-35042 | High | 7.5 | 2026-04-06 | fast-jwt provides fast JSON Web Token (JWT) implementation. In 6.1.0 and earlier, fast-jwt does not validate the crit (Critical) Header Parameter defined in RF… |
CVE-2025-30144 | Medium | 6.5 | 2025-03-19 | fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 5.0.6, the fast-jwt library does not properly validate the iss claim based on the RFC 7519… |
CVE-2023-48223 | Medium | 5.9 | 2023-11-20 | fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to version 3.3.2, the fast-jwt library does not properly prevent JWT algorithm confusion for… |
CVE-2026-35040 | Medium | 5.3 | 2026-04-09 | fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6.2.1, using certain modifiers on RegExp objects in the allowedAud, allowedIss, allowedSub… |
CVE-2026-35041 | Medium | 4.2 | 2026-04-09 | fast-jwt provides fast JSON Web Token (JWT) implementation. From 5.0.0 to 6.2.0, a denial-of-service condition exists in fast-jwt when the allowedAud verificat… |