Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/jsonwebtoken@4.1.0
Typenpm
Namespace
Namejsonwebtoken
Version4.1.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version9.0.0
Latest_non_vulnerable_version9.0.0
Affected_by_vulnerabilities
0
url VCID-2293-mydj-7bg4
vulnerability_id VCID-2293-mydj-7bg4
summary jsonwebtoken: Insecure default algorithm in jwt.verify() could lead to signature validation bypass
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23540.json
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23540.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23540
reference_id
reference_type
scores
0
value 0.00024
scoring_system epss
scoring_elements 0.06924
published_at 2026-06-05T12:55:00Z
1
value 0.00024
scoring_system epss
scoring_elements 0.06891
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23540
2
reference_url https://github.com/auth0/node-jsonwebtoken
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/auth0/node-jsonwebtoken
3
reference_url https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T16:23:30Z/
url https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3
4
reference_url https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T16:23:30Z/
url https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23540
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23540
6
reference_url https://security.netapp.com/advisory/ntap-20240621-0007
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240621-0007
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2169378
reference_id 2169378
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2169378
8
reference_url https://github.com/advisories/GHSA-qwph-4952-7xr6
reference_id GHSA-qwph-4952-7xr6
reference_type
scores
url https://github.com/advisories/GHSA-qwph-4952-7xr6
9
reference_url https://security.netapp.com/advisory/ntap-20240621-0007/
reference_id ntap-20240621-0007
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T16:23:30Z/
url https://security.netapp.com/advisory/ntap-20240621-0007/
10
reference_url https://access.redhat.com/errata/RHSA-2023:3742
reference_id RHSA-2023:3742
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3742
fixed_packages
0
url pkg:npm/jsonwebtoken@9.0.0
purl pkg:npm/jsonwebtoken@9.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/jsonwebtoken@9.0.0
aliases CVE-2022-23540, GHSA-qwph-4952-7xr6
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2293-mydj-7bg4
1
url VCID-54h7-2gp7-1yb9
vulnerability_id VCID-54h7-2gp7-1yb9
summary 
JWT Verification bypass with "none" algorithm
It is possible for an attacker to create his own signed token with any payload he wants and have it considered valid using the "none" algorithm.
references
0
reference_url https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/
reference_id
reference_type
scores
url https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/
1
reference_url https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687
reference_id
reference_type
scores
url https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687
2
reference_url https://www.timmclean.net/2015/02/25/jwt-alg-none.html
reference_id
reference_type
scores
url https://www.timmclean.net/2015/02/25/jwt-alg-none.html
fixed_packages
0
url pkg:npm/jsonwebtoken@4.2.2
purl pkg:npm/jsonwebtoken@4.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2293-mydj-7bg4
1
vulnerability VCID-56kh-94nv-5khy
2
vulnerability VCID-6mrt-me4e-6fh2
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/jsonwebtoken@4.2.2
aliases GMS-2015-4
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-54h7-2gp7-1yb9
2
url VCID-56kh-94nv-5khy
vulnerability_id VCID-56kh-94nv-5khy
summary jsonwebtoken: Unrestricted key type could lead to legacy keys usagen
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23539.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23539.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23539
reference_id
reference_type
scores
0
value 0.00082
scoring_system epss
scoring_elements 0.24202
published_at 2026-06-05T12:55:00Z
1
value 0.00082
scoring_system epss
scoring_elements 0.24104
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23539
2
reference_url https://github.com/auth0/node-jsonwebtoken
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/auth0/node-jsonwebtoken
3
reference_url https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:31:06Z/
url https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3
4
reference_url https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:31:06Z/
url https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23539
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23539
6
reference_url https://security.netapp.com/advisory/ntap-20240621-0007
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240621-0007
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2155978
reference_id 2155978
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2155978
8
reference_url https://github.com/advisories/GHSA-8cf7-32gw-wr33
reference_id GHSA-8cf7-32gw-wr33
reference_type
scores
url https://github.com/advisories/GHSA-8cf7-32gw-wr33
9
reference_url https://security.netapp.com/advisory/ntap-20240621-0007/
reference_id ntap-20240621-0007
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:31:06Z/
url https://security.netapp.com/advisory/ntap-20240621-0007/
10
reference_url https://access.redhat.com/errata/RHSA-2023:3265
reference_id RHSA-2023:3265
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3265
fixed_packages
0
url pkg:npm/jsonwebtoken@9.0.0
purl pkg:npm/jsonwebtoken@9.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/jsonwebtoken@9.0.0
aliases CVE-2022-23539, GHSA-8cf7-32gw-wr33
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-56kh-94nv-5khy
3
url VCID-5n9u-avux-mbhx
vulnerability_id VCID-5n9u-avux-mbhx
summary 
Use of a Broken or Risky Cryptographic Algorithm
In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9235.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9235.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-9235
reference_id
reference_type
scores
0
value 0.37481
scoring_system epss
scoring_elements 0.97275
published_at 2026-06-05T12:55:00Z
1
value 0.37481
scoring_system epss
scoring_elements 0.97271
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-9235
2
reference_url https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries
3
reference_url https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/
reference_id
reference_type
scores
url https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/
4
reference_url https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687
5
reference_url https://nodesecurity.io/advisories/17
reference_id
reference_type
scores
url https://nodesecurity.io/advisories/17
6
reference_url https://www.npmjs.com/advisories/17
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/17
7
reference_url https://www.timmclean.net/2015/02/25/jwt-alg-none.html
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.timmclean.net/2015/02/25/jwt-alg-none.html
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1584880
reference_id 1584880
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1584880
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-9235
reference_id CVE-2015-9235
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-9235
10
reference_url https://github.com/advisories/GHSA-c7hr-j4mj-j2w6
reference_id GHSA-c7hr-j4mj-j2w6
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-c7hr-j4mj-j2w6
fixed_packages
0
url pkg:npm/jsonwebtoken@4.2.2
purl pkg:npm/jsonwebtoken@4.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2293-mydj-7bg4
1
vulnerability VCID-56kh-94nv-5khy
2
vulnerability VCID-6mrt-me4e-6fh2
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/jsonwebtoken@4.2.2
aliases CVE-2015-9235, GHSA-c7hr-j4mj-j2w6
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5n9u-avux-mbhx
4
url VCID-6mrt-me4e-6fh2
vulnerability_id VCID-6mrt-me4e-6fh2
summary jsonwebtoken: Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23541.json
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23541.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23541
reference_id
reference_type
scores
0
value 0.0006
scoring_system epss
scoring_elements 0.19092
published_at 2026-06-05T12:55:00Z
1
value 0.0006
scoring_system epss
scoring_elements 0.19018
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23541
2
reference_url https://github.com/auth0/node-jsonwebtoken
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/auth0/node-jsonwebtoken
3
reference_url https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-03T17:50:35Z/
url https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3
4
reference_url https://github.com/auth0/node-jsonwebtoken/releases/tag/v9.0.0
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-03T17:50:35Z/
url https://github.com/auth0/node-jsonwebtoken/releases/tag/v9.0.0
5
reference_url https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-hjrf-2m68-5959
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-03T17:50:35Z/
url https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-hjrf-2m68-5959
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23541
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23541
7
reference_url https://security.netapp.com/advisory/ntap-20240621-0007
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240621-0007
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2169375
reference_id 2169375
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2169375
9
reference_url https://github.com/advisories/GHSA-hjrf-2m68-5959
reference_id GHSA-hjrf-2m68-5959
reference_type
scores
url https://github.com/advisories/GHSA-hjrf-2m68-5959
10
reference_url https://security.netapp.com/advisory/ntap-20240621-0007/
reference_id ntap-20240621-0007
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-03T17:50:35Z/
url https://security.netapp.com/advisory/ntap-20240621-0007/
11
reference_url https://access.redhat.com/errata/RHSA-2023:3742
reference_id RHSA-2023:3742
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3742
fixed_packages
0
url pkg:npm/jsonwebtoken@9.0.0
purl pkg:npm/jsonwebtoken@9.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/jsonwebtoken@9.0.0
aliases CVE-2022-23541, GHSA-hjrf-2m68-5959
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6mrt-me4e-6fh2
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/jsonwebtoken@4.1.0