Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/com.nimbusds/nimbus-jose-jwt@4.39
purl pkg:maven/com.nimbusds/nimbus-jose-jwt@4.39
Next non-vulnerable version 9.37.2
Latest non-vulnerable version 10.0.2
Risk 4.5
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-vyx8-csfk-nqd1
Aliases:
CVE-2019-17195
GHSA-f6vf-pq8c-69m4
Improper Check for Unusual or Exceptional Conditions in Connect2id Nimbus JOSE+JWT Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
7.9
Affected by 1 other vulnerability.
VCID-w663-rgr4-ekdg
Aliases:
CVE-2023-52428
GHSA-gvpg-vgmx-xg6w
Denial of Service in Connect2id Nimbus JOSE+JWT In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.
9.37.2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-ut92-ya9x-dybz Improper Validation of Integrity Check Value Nimbus JOSE+JWT proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack. CVE-2017-12973
GHSA-jfmq-4g4m-99rh
VCID-v9st-5q6q-73f5 Insufficient Verification of Data Authenticity There is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC. CVE-2017-12972
GHSA-2qp9-wg27-9pcv

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T22:50:33.517540+00:00 GitLab Importer Affected by VCID-w663-rgr4-ekdg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2023-52428.yml 38.4.0
2026-04-16T20:58:01.247616+00:00 GitLab Importer Affected by VCID-vyx8-csfk-nqd1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2019-17195.yml 38.4.0
2026-04-16T20:37:50.437357+00:00 GitLab Importer Fixing VCID-v9st-5q6q-73f5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2017-12972.yml 38.4.0
2026-04-16T20:37:49.986605+00:00 GitLab Importer Fixing VCID-ut92-ya9x-dybz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2017-12973.yml 38.4.0
2026-04-12T00:09:58.932730+00:00 GitLab Importer Affected by VCID-w663-rgr4-ekdg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2023-52428.yml 38.3.0
2026-04-11T22:09:07.613111+00:00 GitLab Importer Affected by VCID-vyx8-csfk-nqd1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2019-17195.yml 38.3.0
2026-04-11T21:48:28.990389+00:00 GitLab Importer Fixing VCID-v9st-5q6q-73f5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2017-12972.yml 38.3.0
2026-04-11T21:48:28.443895+00:00 GitLab Importer Fixing VCID-ut92-ya9x-dybz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2017-12973.yml 38.3.0
2026-04-03T00:15:06.709700+00:00 GitLab Importer Affected by VCID-w663-rgr4-ekdg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2023-52428.yml 38.1.0
2026-04-02T22:21:46.184920+00:00 GitLab Importer Affected by VCID-vyx8-csfk-nqd1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2019-17195.yml 38.1.0
2026-04-02T22:02:24.002909+00:00 GitLab Importer Fixing VCID-v9st-5q6q-73f5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2017-12972.yml 38.1.0
2026-04-02T22:02:23.538037+00:00 GitLab Importer Fixing VCID-ut92-ya9x-dybz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2017-12973.yml 38.1.0
2026-04-01T16:39:32.473418+00:00 GitLab Importer Affected by VCID-vyx8-csfk-nqd1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2019-17195.yml 38.0.0
2026-04-01T16:01:39.364652+00:00 GHSA Importer Fixing VCID-ut92-ya9x-dybz https://github.com/advisories/GHSA-jfmq-4g4m-99rh 38.0.0
2026-04-01T16:01:32.781169+00:00 GHSA Importer Fixing VCID-v9st-5q6q-73f5 https://github.com/advisories/GHSA-2qp9-wg27-9pcv 38.0.0
2026-04-01T13:09:46.955911+00:00 GithubOSV Importer Fixing VCID-v9st-5q6q-73f5 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2qp9-wg27-9pcv/GHSA-2qp9-wg27-9pcv.json 38.0.0
2026-04-01T13:08:42.304651+00:00 GithubOSV Importer Fixing VCID-ut92-ya9x-dybz https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jfmq-4g4m-99rh/GHSA-jfmq-4g4m-99rh.json 38.0.0
2026-04-01T12:47:18.749521+00:00 GitLab Importer Fixing VCID-v9st-5q6q-73f5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2017-12972.yml 38.0.0
2026-04-01T12:47:18.737190+00:00 GitLab Importer Fixing VCID-ut92-ya9x-dybz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2017-12973.yml 38.0.0