Search for packages
| purl | pkg:composer/gree/jose@2.2.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-615h-tbr1-mqhe
Aliases: GMS-2016-132 |
Improper Authentication Critical vulnerabilities in JSON Web Token libraries. |
Affected by 0 other vulnerabilities. |
|
VCID-bgt6-t5fn-tkbz
Aliases: CVE-2016-5431 GHSA-xm5f-hc9r-76f3 |
Key confusion attack The PHP JOSE Library is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens. |
Affected by 0 other vulnerabilities. |
|
VCID-ppxj-pz4f-bqdj
Aliases: GHSA-9gxv-x7rp-r2hc |
gree/jose - "None" Algorithm treated as valid in tokens Several widely-used JSON Web Token (JWT) libraries, including node-jsonwebtoken, pyjwt, namshi/jose, php-jwt, and jsjwt, are affected by critical vulnerabilities that could allow attackers to bypass the verification step when using asymmetric keys (RS256, RS384, RS512, ES256, ES384, ES512). |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-05T21:43:15.742273+00:00 | GHSA Importer | Affected by | VCID-ppxj-pz4f-bqdj | https://github.com/advisories/GHSA-9gxv-x7rp-r2hc | 38.6.0 |
| 2026-06-04T20:24:05.051726+00:00 | GitLab Importer | Affected by | VCID-bgt6-t5fn-tkbz | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/gree/jose/CVE-2016-5431.yml | 38.6.0 |
| 2026-06-04T16:21:40.211351+00:00 | GitLab Importer | Affected by | VCID-ppxj-pz4f-bqdj | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/gree/jose/GHSA-9gxv-x7rp-r2hc.yml | 38.6.0 |
| 2026-06-02T04:36:38.727726+00:00 | GitLab Importer | Affected by | VCID-615h-tbr1-mqhe | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/gree/jose/GMS-2016-132.yml | 38.6.0 |