VulnerableCode.io REST API

Lookup for vulnerable packages by Package URL.

GET /api/packages/26922?format=api

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/packages/26922?format=api",
    "purl": "pkg:pypi/pyjwt@1.6.3",
    "type": "pypi",
    "namespace": "",
    "name": "pyjwt",
    "version": "1.6.3",
    "qualifiers": {},
    "subpath": "",
    "is_vulnerable": true,
    "next_non_vulnerable_version": "2.12.0",
    "latest_non_vulnerable_version": "2.12.0",
    "affected_by_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8874?format=api",
            "vulnerability_id": "VCID-dq17-gzkv-1bdb",
            "summary": "PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29217.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29217.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29217",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00311",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54212",
                            "published_at": "2026-04-29T12:55:00Z"
                        },
                        {
                            "value": "0.00311",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54222",
                            "published_at": "2026-04-24T12:55:00Z"
                        },
                        {
                            "value": "0.00311",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54259",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.00311",
                            "scoring_system": "epss",
                            "scoring_elements": "0.5428",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.00311",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54236",
                            "published_at": "2026-04-26T12:55:00Z"
                        },
                        {
                            "value": "0.00311",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54257",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.00311",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54275",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.00311",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54226",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.00311",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54229",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.00311",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54178",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.00311",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54202",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.00311",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54172",
                            "published_at": "2026-04-02T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29217"
                },
                {
                    "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
                        }
                    ],
                    "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"
                },
                {
                    "reference_url": "https://github.com/jpadilla/pyjwt",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/jpadilla/pyjwt"
                },
                {
                    "reference_url": "https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:55Z/"
                        }
                    ],
                    "url": "https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc"
                },
                {
                    "reference_url": "https://github.com/jpadilla/pyjwt/releases/tag/2.4.0",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:55Z/"
                        }
                    ],
                    "url": "https://github.com/jpadilla/pyjwt/releases/tag/2.4.0"
                },
                {
                    "reference_url": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:55Z/"
                        }
                    ],
                    "url": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24"
                },
                {
                    "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/pyjwt/PYSEC-2022-202.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pyjwt/PYSEC-2022-202.yaml"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PK7IQCBVNLYJEFTPHBBPFP72H4WUFNX",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PK7IQCBVNLYJEFTPHBBPFP72H4WUFNX"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PK7IQCBVNLYJEFTPHBBPFP72H4WUFNX/",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PK7IQCBVNLYJEFTPHBBPFP72H4WUFNX/"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HIYEYZRQEP6QTHT3EHH3RGFYJIHIMAO",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HIYEYZRQEP6QTHT3EHH3RGFYJIHIMAO"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HIYEYZRQEP6QTHT3EHH3RGFYJIHIMAO/",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HIYEYZRQEP6QTHT3EHH3RGFYJIHIMAO/"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29217",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29217"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011747",
                    "reference_id": "1011747",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011747"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088544",
                    "reference_id": "2088544",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088544"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PK7IQCBVNLYJEFTPHBBPFP72H4WUFNX/",
                    "reference_id": "5PK7IQCBVNLYJEFTPHBBPFP72H4WUFNX",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:55Z/"
                        }
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PK7IQCBVNLYJEFTPHBBPFP72H4WUFNX/"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HIYEYZRQEP6QTHT3EHH3RGFYJIHIMAO/",
                    "reference_id": "6HIYEYZRQEP6QTHT3EHH3RGFYJIHIMAO",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:55Z/"
                        }
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HIYEYZRQEP6QTHT3EHH3RGFYJIHIMAO/"
                },
                {
                    "reference_url": "https://security.archlinux.org/AVG-2781",
                    "reference_id": "AVG-2781",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "Unknown",
                            "scoring_system": "archlinux",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://security.archlinux.org/AVG-2781"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-ffqj-6fqr-9h24",
                    "reference_id": "GHSA-ffqj-6fqr-9h24",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-ffqj-6fqr-9h24"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/5526-1/",
                    "reference_id": "USN-5526-1",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/5526-1/"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/26933?format=api",
                    "purl": "pkg:pypi/pyjwt@2.4.0",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-shhe-tubm-f7f8"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@2.4.0"
                }
            ],
            "aliases": [
                "CVE-2022-29217",
                "GHSA-ffqj-6fqr-9h24",
                "PYSEC-2022-202"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dq17-gzkv-1bdb"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/24430?format=api",
            "vulnerability_id": "VCID-shhe-tubm-f7f8",
            "summary": "PyJWT accepts unknown `crit` header extensions\n## Summary\n\nPyJWT does not validate the `crit` (Critical) Header Parameter defined in\nRFC 7515 §4.1.11. When a JWS token contains a `crit` array listing\nextensions that PyJWT does not understand, the library accepts the token\ninstead of rejecting it. This violates the **MUST** requirement in the RFC.\n\nThis is the same class of vulnerability as CVE-2025-59420 (Authlib),\nwhich received CVSS 7.5 (HIGH).\n\n---\n\n## RFC Requirement\n\nRFC 7515 §4.1.11:\n\n> The \"crit\" (Critical) Header Parameter indicates that extensions to this\n> specification and/or [JWA] are being used that **MUST** be understood and\n> processed. [...] If any of the listed extension Header Parameters are\n> **not understood and supported** by the recipient, then the **JWS is invalid**.\n\n---\n\n## Proof of Concept\n\n```python\nimport jwt  # PyJWT 2.8.0\nimport hmac, hashlib, base64, json\n\n# Construct token with unknown critical extension\nheader = {\"alg\": \"HS256\", \"crit\": [\"x-custom-policy\"], \"x-custom-policy\": \"require-mfa\"}\npayload = {\"sub\": \"attacker\", \"role\": \"admin\"}\n\ndef b64url(data):\n    return base64.urlsafe_b64encode(data).rstrip(b\"=\").decode()\n\nh = b64url(json.dumps(header, separators=(\",\", \":\")).encode())\np = b64url(json.dumps(payload, separators=(\",\", \":\")).encode())\nsig = b64url(hmac.new(b\"secret\", f\"{h}.{p}\".encode(), hashlib.sha256).digest())\ntoken = f\"{h}.{p}.{sig}\"\n\n# Should REJECT — x-custom-policy is not understood by PyJWT\ntry:\n    result = jwt.decode(token, \"secret\", algorithms=[\"HS256\"])\n    print(f\"ACCEPTED: {result}\")\n    # Output: ACCEPTED: {'sub': 'attacker', 'role': 'admin'}\nexcept Exception as e:\n    print(f\"REJECTED: {e}\")\n```\n\n**Expected:** `jwt.exceptions.InvalidTokenError: Unsupported critical extension: x-custom-policy`\n**Actual:** Token accepted, payload returned.\n\n### Comparison with RFC-compliant library\n\n```python\n# jwcrypto — correctly rejects\nfrom jwcrypto import jwt as jw_jwt, jwk\nkey = jwk.JWK(kty=\"oct\", k=b64url(b\"secret\"))\njw_jwt.JWT(jwt=token, key=key, algs=[\"HS256\"])\n# raises: InvalidJWSObject('Unknown critical header: \"x-custom-policy\"')\n```\n\n---\n\n## Impact\n\n- **Split-brain verification** in mixed-library deployments (e.g., API\n  gateway using jwcrypto rejects, backend using PyJWT accepts)\n- **Security policy bypass** when `crit` carries enforcement semantics\n  (MFA, token binding, scope restrictions)\n- **Token binding bypass** — RFC 7800 `cnf` (Proof-of-Possession) can be\n  silently ignored\n- See CVE-2025-59420 for full impact analysis\n\n---\n\n## Suggested Fix\n\nIn `jwt/api_jwt.py`, add validation in `_validate_headers()` or\n`decode()`:\n\n```python\n_SUPPORTED_CRIT = {\"b64\"}  # Add extensions PyJWT actually supports\n\ndef _validate_crit(self, headers: dict) -> None:\n    crit = headers.get(\"crit\")\n    if crit is None:\n        return\n    if not isinstance(crit, list) or len(crit) == 0:\n        raise InvalidTokenError(\"crit must be a non-empty array\")\n    for ext in crit:\n        if ext not in self._SUPPORTED_CRIT:\n            raise InvalidTokenError(f\"Unsupported critical extension: {ext}\")\n        if ext not in headers:\n            raise InvalidTokenError(f\"Critical extension {ext} not in header\")\n```\n\n---\n\n## CWE\n\n- CWE-345: Insufficient Verification of Data Authenticity\n- CWE-863: Incorrect Authorization\n\n## References\n\n- [RFC 7515 §4.1.11](https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.11)\n- [CVE-2025-59420 — Authlib crit bypass (CVSS 7.5)](https://osv.dev/vulnerability/GHSA-9ggr-2464-2j32)\n- [RFC 7800 — Proof-of-Possession Key Semantics](https://www.rfc-editor.org/rfc/rfc7800)",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32597.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32597.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32597",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.0001",
                            "scoring_system": "epss",
                            "scoring_elements": "0.01053",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.0001",
                            "scoring_system": "epss",
                            "scoring_elements": "0.01126",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.0001",
                            "scoring_system": "epss",
                            "scoring_elements": "0.01061",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.0001",
                            "scoring_system": "epss",
                            "scoring_elements": "0.01058",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.00013",
                            "scoring_system": "epss",
                            "scoring_elements": "0.02299",
                            "published_at": "2026-04-26T12:55:00Z"
                        },
                        {
                            "value": "0.00013",
                            "scoring_system": "epss",
                            "scoring_elements": "0.02306",
                            "published_at": "2026-04-24T12:55:00Z"
                        },
                        {
                            "value": "0.00013",
                            "scoring_system": "epss",
                            "scoring_elements": "0.02343",
                            "published_at": "2026-04-29T12:55:00Z"
                        },
                        {
                            "value": "9e-05",
                            "scoring_system": "epss",
                            "scoring_elements": "0.00914",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "9e-05",
                            "scoring_system": "epss",
                            "scoring_elements": "0.00913",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "9e-05",
                            "scoring_system": "epss",
                            "scoring_elements": "0.00917",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "9e-05",
                            "scoring_system": "epss",
                            "scoring_elements": "0.0092",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "9e-05",
                            "scoring_system": "epss",
                            "scoring_elements": "0.00906",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "9e-05",
                            "scoring_system": "epss",
                            "scoring_elements": "0.00901",
                            "published_at": "2026-04-12T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32597"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32597",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32597"
                },
                {
                    "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
                        }
                    ],
                    "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"
                },
                {
                    "reference_url": "https://github.com/jpadilla/pyjwt",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/jpadilla/pyjwt"
                },
                {
                    "reference_url": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T14:48:42Z/"
                        }
                    ],
                    "url": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32597",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32597"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130662",
                    "reference_id": "1130662",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130662"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447194",
                    "reference_id": "2447194",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447194"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-752w-5fwx-jx9f",
                    "reference_id": "GHSA-752w-5fwx-jx9f",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-752w-5fwx-jx9f"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:10140",
                    "reference_id": "RHSA-2026:10140",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:10140"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:10141",
                    "reference_id": "RHSA-2026:10141",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:10141"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:10184",
                    "reference_id": "RHSA-2026:10184",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:10184"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:12176",
                    "reference_id": "RHSA-2026:12176",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:12176"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:6568",
                    "reference_id": "RHSA-2026:6568",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:6568"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:6720",
                    "reference_id": "RHSA-2026:6720",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:6720"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:6912",
                    "reference_id": "RHSA-2026:6912",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:6912"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:6926",
                    "reference_id": "RHSA-2026:6926",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:6926"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:8437",
                    "reference_id": "RHSA-2026:8437",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:8437"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:8746",
                    "reference_id": "RHSA-2026:8746",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:8746"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:8747",
                    "reference_id": "RHSA-2026:8747",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:8747"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:8748",
                    "reference_id": "RHSA-2026:8748",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:8748"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/8133-1/",
                    "reference_id": "USN-8133-1",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/8133-1/"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/67619?format=api",
                    "purl": "pkg:pypi/pyjwt@2.12.0",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@2.12.0"
                }
            ],
            "aliases": [
                "CVE-2026-32597",
                "GHSA-752w-5fwx-jx9f"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-shhe-tubm-f7f8"
        }
    ],
    "fixing_vulnerabilities": [],
    "risk_score": "4.0",
    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@1.6.3"
}

Package Instance