VulnerableCode Package Details - pkg:deb/debian/golang-github-golang-jwt-jwt-v5@5.2.2-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-s5gr-zsbz-xkbe	jwt-go allows excessive memory allocation during header parsing ### Summary Function [`parse.ParseUnverified`](https://github.com/golang-jwt/jwt/blob/c035977d9e11c351f4c05dfeae193923cbab49ee/parser.go#L138-L139) currently splits (via a call to [strings.Split](https://pkg.go.dev/strings#Split)) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose _Authorization_ header consists of `Bearer ` followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: [CWE-405: Asymmetric Resource Consumption (Amplification)](https://cwe.mitre.org/data/definitions/405.html) ### Details See [`parse.ParseUnverified`](https://github.com/golang-jwt/jwt/blob/c035977d9e11c351f4c05dfeae193923cbab49ee/parser.go#L138-L139) ### Impact Excessive memory allocation	CVE-2025-30204 GHSA-mh63-6h87-95cp

Vulnerability

Summary

Aliases

VCID-s5gr-zsbz-xkbe

jwt-go allows excessive memory allocation during header parsing ### Summary Function [`parse.ParseUnverified`](https://github.com/golang-jwt/jwt/blob/c035977d9e11c351f4c05dfeae193923cbab49ee/parser.go#L138-L139) currently splits (via a call to [strings.Split](https://pkg.go.dev/strings#Split)) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose _Authorization_ header consists of `Bearer ` followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: [CWE-405: Asymmetric Resource Consumption (Amplification)](https://cwe.mitre.org/data/definitions/405.html) ### Details See [`parse.ParseUnverified`](https://github.com/golang-jwt/jwt/blob/c035977d9e11c351f4c05dfeae193923cbab49ee/parser.go#L138-L139) ### Impact Excessive memory allocation

CVE-2025-30204
GHSA-mh63-6h87-95cp

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T09:07:54.376808+00:00	Debian Importer	Fixing	VCID-s5gr-zsbz-xkbe	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-11T18:06:59.274578+00:00	Debian Importer	Fixing	VCID-s5gr-zsbz-xkbe	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:25:42.841411+00:00	Debian Importer	Fixing	VCID-s5gr-zsbz-xkbe	https://security-tracker.debian.org/tracker/data/json	38.1.0