Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/pyjwt@2.0.0a1
Typepypi
Namespace
Namepyjwt
Version2.0.0a1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.12.0
Latest_non_vulnerable_version2.12.0
Affected_by_vulnerabilities
0
url VCID-gptc-c34t-g3e4
vulnerability_id VCID-gptc-c34t-g3e4
summary PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 ยง4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. This vulnerability is fixed in 2.12.0.
references
0
reference_url https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f
1
reference_url https://lists.debian.org/debian-lts-announce/2026/05/msg00008.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://lists.debian.org/debian-lts-announce/2026/05/msg00008.html
fixed_packages
0
url pkg:pypi/pyjwt@2.12.0
purl pkg:pypi/pyjwt@2.12.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@2.12.0
aliases CVE-2026-32597, GHSA-752w-5fwx-jx9f, PYSEC-2026-120
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gptc-c34t-g3e4
1
url VCID-pfq1-5wrt-a3cd
vulnerability_id VCID-pfq1-5wrt-a3cd
summary
references
0
reference_url https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc
reference_id
reference_type
scores
url https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc
1
reference_url https://github.com/jpadilla/pyjwt/releases/tag/2.4.0
reference_id
reference_type
scores
url https://github.com/jpadilla/pyjwt/releases/tag/2.4.0
2
reference_url https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24
reference_id
reference_type
scores
url https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PK7IQCBVNLYJEFTPHBBPFP72H4WUFNX/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PK7IQCBVNLYJEFTPHBBPFP72H4WUFNX/
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HIYEYZRQEP6QTHT3EHH3RGFYJIHIMAO/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HIYEYZRQEP6QTHT3EHH3RGFYJIHIMAO/
5
reference_url https://security.archlinux.org/AVG-2781
reference_id AVG-2781
reference_type
scores
0
value Unknown
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2781
fixed_packages
0
url pkg:pypi/pyjwt@2.4.0
purl pkg:pypi/pyjwt@2.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gptc-c34t-g3e4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@2.4.0
aliases CVE-2022-29217, GHSA-ffqj-6fqr-9h24, PYSEC-2022-202
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pfq1-5wrt-a3cd
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@2.0.0a1