jwcrypto

PyPI4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting jwcryptopage 1 of 1

CVE-2016-6298MEDIUMCVSS 5.3EG 5.3✓ Fixed in 0.4.0
2016-09-01
vulnerable: 0.2.0, 0.2.1, 0.3.0, 0.3.1
The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MM…
CVE-2023-6681MEDIUMCVSS 5.3EG 5.3✓ Fixed in 1.5.1
2024-02-12
vulnerable: 0.2.0 ... 1.5.0 (21 versions)
A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount o…
CVE-2024-28102MEDIUMCVSS 6.8EG 6.8✓ Fixed in 1.5.6
2024-03-21
vulnerable: 0.2.0 ... 1.5.5 (26 versions)
JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server pro…
CVE-2026-39373MEDIUMCVSS 5.3EG 5.3✓ Fixed in 1.5.7
2026-04-07
vulnerable: 0.2.0 ... 1.5.6 (27 versions)
JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for CVE-2024-28102…

Check whether jwcrypto is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for jwcrypto CVEs against the assets you own.

Start Free Scan →