Product
pyjwt project pyjwt
10 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-48526
CVE-2026-48525
CVE-2026-48524
CVE-2026-48523
CVE-2026-48522
CVE-2026-32597
CVE-2025-45768
CVE-2024-53861
CVE-2022-29217
CVE-2017-11424
< 2.13.0
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporti
>= 2.8.0 and <= 2.12.1
PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-p
< 2.13.0
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.get_signing_key() forces a fresh HTTP request to
>= 2.9.0 and < 2.12.1
PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass whe
< 2.13.0
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.reques
< 2.12.0
PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter
all versions
pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen b
all versions
pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for
iss checking, resulting in "acb">= 1.5.0 and < 2.4.0
PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker subm
<= 1.5.0
In PyJWT 1.5.0 and below the
invalid_strings check in HMACAlgorithm.prepare_key does not account for all PEM encoded public ke