Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/com.nimbusds/nimbus-jose-jwt@9.37.2
purl pkg:maven/com.nimbusds/nimbus-jose-jwt@9.37.2
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-w663-rgr4-ekdg Denial of Service in Connect2id Nimbus JOSE+JWT In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component. CVE-2023-52428
GHSA-gvpg-vgmx-xg6w

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T22:50:34.051938+00:00 GitLab Importer Fixing VCID-w663-rgr4-ekdg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2023-52428.yml 38.4.0
2026-04-12T00:09:59.224445+00:00 GitLab Importer Fixing VCID-w663-rgr4-ekdg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2023-52428.yml 38.3.0
2026-04-03T00:15:07.391185+00:00 GitLab Importer Fixing VCID-w663-rgr4-ekdg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2023-52428.yml 38.1.0
2026-04-01T16:04:30.413052+00:00 GHSA Importer Fixing VCID-w663-rgr4-ekdg https://github.com/advisories/GHSA-gvpg-vgmx-xg6w 38.0.0
2026-04-01T12:52:29.424630+00:00 GitLab Importer Fixing VCID-w663-rgr4-ekdg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2023-52428.yml 38.0.0
2026-04-01T12:50:33.763560+00:00 GithubOSV Importer Fixing VCID-w663-rgr4-ekdg https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-gvpg-vgmx-xg6w/GHSA-gvpg-vgmx-xg6w.json 38.0.0