Vuln
·
Scope
Home
Packages
KEV
Critical
Insights
Jobs
Pricing
EN
中
Loading…
npm/jsonwebtoken — 4 CVEs · VulnScope
pkg:npm/
jsonwebtoken
4 total CVEs
HIGH
1
MEDIUM
2
✅ Check your installed version
Check
All known vulnerabilities
HIGH
8.1
CVE-2022-23539
jsonwebtoken unrestricted key type could lead to legacy keys usage
from 0, < 9.0.0
MEDIUM
6.4
CVE-2022-23540
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()
from 0, < 9.0.0
MEDIUM
5.0
CVE-2022-23541
jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC
from 0, < 9.0.0
—
Verification Bypass in jsonwebtoken
from 0, < 4.2.2
CVE-2015-9235