{"url":"http://public2.vulnerablecode.io/api/packages/97433?format=json","purl":"pkg:deb/debian/golang-github-nats-io-jwt@2.8.1-1?distro=trixie","type":"deb","namespace":"debian","name":"golang-github-nats-io-jwt","version":"2.8.1-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71188?format=json","vulnerability_id":"VCID-cywt-wn2v-2khn","summary":"The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code).","references":[{"reference_url":"https://advisories.nats.io/CVE/CVE-2020-26521.txt","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://advisories.nats.io/CVE/CVE-2020-26521.txt"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26521","reference_id":"","reference_type":"","scores":[{"value":"0.00682","scoring_system":"epss","scoring_elements":"0.7203","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00682","scoring_system":"epss","scoring_elements":"0.72067","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00682","scoring_system":"epss","scoring_elements":"0.72042","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00682","scoring_system":"epss","scoring_elements":"0.72055","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00682","scoring_system":"epss","scoring_elements":"0.72078","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00682","scoring_system":"epss","scoring_elements":"0.72071","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26521"},{"reference_url":"https://github.com/nats-io/jwt","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nats-io/jwt"},{"reference_url":"https://github.com/nats-io/jwt/pull/107","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nats-io/jwt/pull/107"},{"reference_url":"https://github.com/nats-io/jwt/security/advisories/GHSA-h2fg-54x9-5qhq","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nats-io/jwt/security/advisories/GHSA-h2fg-54x9-5qhq"},{"reference_url":"https://github.com/nats-io/nats-server/commit/9ff8bcde2e46009e98bd9e88f598af355f62c168","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nats-io/nats-server/commit/9ff8bcde2e46009e98bd9e88f598af355f62c168"},{"reference_url":"https://github.com/nats-io/nats-server/commits/master","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nats-io/nats-server/commits/master"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VT67XCLIIBYRT762SVFBYFFTQFVSM3SI","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VT67XCLIIBYRT762SVFBYFFTQFVSM3SI"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26521","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26521"},{"reference_url":"https://pkg.go.dev/vuln/GO-2022-0402","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2022-0402"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/11/02/2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/11/02/2"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988950","reference_id":"988950","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988950"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97432?format=json","purl":"pkg:deb/debian/golang-github-nats-io-jwt@2.2.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-nats-io-jwt@2.2.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97431?format=json","purl":"pkg:deb/debian/golang-github-nats-io-jwt@2.3.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-nats-io-jwt@2.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97434?format=json","purl":"pkg:deb/debian/golang-github-nats-io-jwt@2.7.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-nats-io-jwt@2.7.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97433?format=json","purl":"pkg:deb/debian/golang-github-nats-io-jwt@2.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-nats-io-jwt@2.8.1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-26521","GHSA-h2fg-54x9-5qhq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cywt-wn2v-2khn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71190?format=json","vulnerability_id":"VCID-h2bu-dnen-hybd","summary":"NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled.","references":[{"reference_url":"https://advisories.nats.io/CVE/CVE-2021-3127.txt","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://advisories.nats.io/CVE/CVE-2021-3127.txt"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3127","reference_id":"","reference_type":"","scores":[{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52747","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52701","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.5276","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52766","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52748","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52722","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3127"},{"reference_url":"https://github.com/nats-io/jwt","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nats-io/jwt"},{"reference_url":"https://github.com/nats-io/jwt/commit/6c72fdd73e82fa9ebb151d84773baf4e9164c4ab","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nats-io/jwt/commit/6c72fdd73e82fa9ebb151d84773baf4e9164c4ab"},{"reference_url":"https://github.com/nats-io/jwt/pull/149","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nats-io/jwt/pull/149"},{"reference_url":"https://github.com/nats-io/jwt/security/advisories/GHSA-62mh-w5cv-p88c","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nats-io/jwt/security/advisories/GHSA-62mh-w5cv-p88c"},{"reference_url":"https://github.com/nats-io/nats-server/security/advisories/GHSA-j756-f273-xhp4","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nats-io/nats-server/security/advisories/GHSA-j756-f273-xhp4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97432?format=json","purl":"pkg:deb/debian/golang-github-nats-io-jwt@2.2.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-nats-io-jwt@2.2.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97431?format=json","purl":"pkg:deb/debian/golang-github-nats-io-jwt@2.3.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-nats-io-jwt@2.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97434?format=json","purl":"pkg:deb/debian/golang-github-nats-io-jwt@2.7.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-nats-io-jwt@2.7.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97433?format=json","purl":"pkg:deb/debian/golang-github-nats-io-jwt@2.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-nats-io-jwt@2.8.1-1%3Fdistro=trixie"}],"aliases":["CVE-2021-3127","GHSA-62mh-w5cv-p88c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h2bu-dnen-hybd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71189?format=json","vulnerability_id":"VCID-kzcp-4a79-8kd1","summary":"The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled.","references":[{"reference_url":"https://advisories.nats.io/CVE/CVE-2020-26892.txt","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://advisories.nats.io/CVE/CVE-2020-26892.txt"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26892","reference_id":"","reference_type":"","scores":[{"value":"0.00554","scoring_system":"epss","scoring_elements":"0.68489","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00554","scoring_system":"epss","scoring_elements":"0.6849","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00554","scoring_system":"epss","scoring_elements":"0.68497","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00554","scoring_system":"epss","scoring_elements":"0.68475","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00554","scoring_system":"epss","scoring_elements":"0.68448","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00554","scoring_system":"epss","scoring_elements":"0.68493","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26892"},{"reference_url":"https://github.com/nats-io/jwt","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nats-io/jwt"},{"reference_url":"https://github.com/nats-io/jwt/commit/e11ce317263cef69619fc1ca743b195d02aa1d8a","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nats-io/jwt/commit/e11ce317263cef69619fc1ca743b195d02aa1d8a"},{"reference_url":"https://github.com/nats-io/jwt/security/advisories/GHSA-4w5x-x539-ppf5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nats-io/jwt/security/advisories/GHSA-4w5x-x539-ppf5"},{"reference_url":"https://github.com/nats-io/nats-server/commit/1e08b67f08e18cd844dce833a265aaa72500a12f","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nats-io/nats-server/commit/1e08b67f08e18cd844dce833a265aaa72500a12f"},{"reference_url":"https://github.com/nats-io/nats-server/commits/master","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nats-io/nats-server/commits/master"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VT67XCLIIBYRT762SVFBYFFTQFVSM3SI","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VT67XCLIIBYRT762SVFBYFFTQFVSM3SI"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26892","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26892"},{"reference_url":"https://pkg.go.dev/vuln/GO-2022-0380","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2022-0380"},{"reference_url":"https://www.openwall.com/lists/oss-security/2020/11/02/2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2020/11/02/2"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988950","reference_id":"988950","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988950"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97432?format=json","purl":"pkg:deb/debian/golang-github-nats-io-jwt@2.2.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-nats-io-jwt@2.2.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97431?format=json","purl":"pkg:deb/debian/golang-github-nats-io-jwt@2.3.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-nats-io-jwt@2.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97434?format=json","purl":"pkg:deb/debian/golang-github-nats-io-jwt@2.7.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-nats-io-jwt@2.7.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97433?format=json","purl":"pkg:deb/debian/golang-github-nats-io-jwt@2.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-nats-io-jwt@2.8.1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-26892","GHSA-4w5x-x539-ppf5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kzcp-4a79-8kd1"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-nats-io-jwt@2.8.1-1%3Fdistro=trixie"}