github.com/go-jose/go-jose/v4

Go3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/go-jose/go-jose/v4page 1 of 1

CVE-2024-28180MEDIUMCVSS 4.3EG 4.3✓ Fixed in 4.0.1
2024-03-09
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt…
CVE-2025-27144MEDIUMCVSS 6.6EG 0.0✓ Fixed in 4.0.5
2025-02-24
Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.…
CVE-2026-34986HIGHCVSS 7.5EG 7.5✓ Fixed in 4.1.4
2026-04-06
Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.…

Check whether github.com/go-jose/go-jose/v4 is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/go-jose/go-jose/v4 CVEs against the assets you own.

Start Free Scan →