Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/pyjwt@2.12.0
Typepypi
Namespace
Namepyjwt
Version2.12.0
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-gptc-c34t-g3e4
vulnerability_id VCID-gptc-c34t-g3e4
summary PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 ยง4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. This vulnerability is fixed in 2.12.0.
references
0
reference_url https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f
1
reference_url https://lists.debian.org/debian-lts-announce/2026/05/msg00008.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://lists.debian.org/debian-lts-announce/2026/05/msg00008.html
fixed_packages
0
url pkg:pypi/pyjwt@2.12.0
purl pkg:pypi/pyjwt@2.12.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@2.12.0
aliases CVE-2026-32597, GHSA-752w-5fwx-jx9f, PYSEC-2026-120
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gptc-c34t-g3e4
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@2.12.0