VulnerableCode Package Details - pkg:npm/jsonwebtoken@8.5.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-2293-mydj-7bg4 Aliases: CVE-2022-23540 GHSA-qwph-4952-7xr6	jsonwebtoken: Insecure default algorithm in jwt.verify() could lead to signature validation bypass	9.0.0 Affected by 0 other vulnerabilities.
VCID-56kh-94nv-5khy Aliases: CVE-2022-23539 GHSA-8cf7-32gw-wr33	jsonwebtoken: Unrestricted key type could lead to legacy keys usagen	9.0.0 Affected by 0 other vulnerabilities.
VCID-6mrt-me4e-6fh2 Aliases: CVE-2022-23541 GHSA-hjrf-2m68-5959	jsonwebtoken: Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC	9.0.0 Affected by 0 other vulnerabilities.
VCID-v6pe-g7kr-wyd9 Aliases: CVE-2022-23529 GHSA-27h2-hvpr-p74q	jsonwebtoken: Insecure input validation in jwt.verify function	9.0.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-2293-mydj-7bg4
Aliases:
CVE-2022-23540
GHSA-qwph-4952-7xr6

jsonwebtoken: Insecure default algorithm in jwt.verify() could lead to signature validation bypass

9.0.0
Affected by 0 other vulnerabilities.

VCID-56kh-94nv-5khy
Aliases:
CVE-2022-23539
GHSA-8cf7-32gw-wr33

jsonwebtoken: Unrestricted key type could lead to legacy keys usagen

9.0.0
Affected by 0 other vulnerabilities.

VCID-6mrt-me4e-6fh2
Aliases:
CVE-2022-23541
GHSA-hjrf-2m68-5959

jsonwebtoken: Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC

9.0.0
Affected by 0 other vulnerabilities.

VCID-v6pe-g7kr-wyd9
Aliases:
CVE-2022-23529
GHSA-27h2-hvpr-p74q

jsonwebtoken: Insecure input validation in jwt.verify function

9.0.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-07T20:48:07.308075+00:00	GHSA Importer	Affected by	VCID-6mrt-me4e-6fh2	https://github.com/advisories/GHSA-hjrf-2m68-5959	38.6.0
2026-06-07T20:48:07.223062+00:00	GHSA Importer	Affected by	VCID-56kh-94nv-5khy	https://github.com/advisories/GHSA-8cf7-32gw-wr33	38.6.0
2026-06-07T20:48:07.181914+00:00	GHSA Importer	Affected by	VCID-v6pe-g7kr-wyd9	https://github.com/advisories/GHSA-27h2-hvpr-p74q	38.6.0
2026-06-06T03:20:16.972321+00:00	GitLab Importer	Affected by	VCID-2293-mydj-7bg4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/jsonwebtoken/CVE-2022-23540.yml	38.6.0
2026-06-05T17:13:52.402070+00:00	GitLab Importer	Affected by	VCID-56kh-94nv-5khy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/jsonwebtoken/CVE-2022-23539.yml	38.6.0
2026-06-05T17:13:51.597512+00:00	GitLab Importer	Affected by	VCID-6mrt-me4e-6fh2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/jsonwebtoken/CVE-2022-23541.yml	38.6.0