Search for packages
| purl | pkg:composer/gree/jose@2.2.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-615h-tbr1-mqhe | Improper Authentication Critical vulnerabilities in JSON Web Token libraries. |
GMS-2016-132
|
| VCID-bgt6-t5fn-tkbz | Key confusion attack The PHP JOSE Library is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens. |
CVE-2016-5431
GHSA-xm5f-hc9r-76f3 |
| VCID-ys54-sq5r-fqgm | JWT Verification bypass It is possible for an attacker to bypass verification when "a token digitally signed with an asymetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family)". |
GMS-2015-7
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-04T18:05:33.151310+00:00 | GithubOSV Importer | Fixing | VCID-bgt6-t5fn-tkbz | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-xm5f-hc9r-76f3/GHSA-xm5f-hc9r-76f3.json | 38.6.0 |
| 2026-06-04T16:19:32.461292+00:00 | GitLab Importer | Fixing | VCID-bgt6-t5fn-tkbz | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/gree/jose/CVE-2016-5431.yml | 38.6.0 |
| 2026-06-02T04:36:38.731549+00:00 | GitLab Importer | Fixing | VCID-615h-tbr1-mqhe | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/gree/jose/GMS-2016-132.yml | 38.6.0 |
| 2026-06-02T04:36:22.515628+00:00 | GitLab Importer | Fixing | VCID-ys54-sq5r-fqgm | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/gree/jose/GMS-2015-7.yml | 38.6.0 |