{"url":"http://public2.vulnerablecode.io/api/packages/995006?format=json","purl":"pkg:deb/debian/golang-github-golang-jwt-jwt@5.0.0%2Breally4.5.2-1","type":"deb","namespace":"debian","name":"golang-github-golang-jwt-jwt","version":"5.0.0+really4.5.2-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17062?format=json","vulnerability_id":"VCID-qp47-aewx-wufh","summary":"Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations\n### Summary\n\nUnclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they will ignore the embedded `jwt.ErrTokenSignatureInvalid` and thus potentially accept invalid tokens.\n\n### Fix\n\nWe have back-ported the error handling logic from the `v5` branch to the `v4` branch. In this logic, the `ParseWithClaims` function will immediately return in \"dangerous\" situations (e.g., an invalid signature), limiting the combined errors only to situations where the signature is valid, but further validation failed (e.g., if the signature is valid, but is expired AND has the wrong audience). This fix is part of the 4.5.1 release.\n\n### Workaround \n\nWe are aware that this changes the behaviour of an established function and is not 100 % backwards compatible, so updating to 4.5.1 might break your code. In case you cannot update to 4.5.0, please make sure that you are properly checking for all errors (\"dangerous\" ones first), so that you are not running in the case detailed above.\n\n```Go\ntoken, err := /* jwt.Parse or similar */\nif token.Valid {\n\tfmt.Println(\"You look nice today\")\n} else if errors.Is(err, jwt.ErrTokenMalformed) {\n\tfmt.Println(\"That's not even a token\")\n} else if errors.Is(err, jwt.ErrTokenUnverifiable) {\n\tfmt.Println(\"We could not verify this token\")\n} else if errors.Is(err, jwt.ErrTokenSignatureInvalid) {\n\tfmt.Println(\"This token has an invalid signature\")\n} else if errors.Is(err, jwt.ErrTokenExpired) || errors.Is(err, jwt.ErrTokenNotValidYet) {\n\t// Token is either expired or not active yet\n\tfmt.Println(\"Timing is everything\")\n} else {\n\tfmt.Println(\"Couldn't handle this token:\", err)\n}\n```","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-51744.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-51744.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51744","reference_id":"","reference_type":"","scores":[{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18601","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18644","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18666","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18779","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18761","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18749","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18799","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.1885","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18897","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18892","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18841","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.1876","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18984","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.19036","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51744"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/golang-jwt/jwt","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/golang-jwt/jwt"},{"reference_url":"https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-05T16:11:29Z/"}],"url":"https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c"},{"reference_url":"https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-05T16:11:29Z/"}],"url":"https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51744","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51744"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086792","reference_id":"1086792","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086792"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2323735","reference_id":"2323735","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2323735"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11351","reference_id":"RHSA-2025:11351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11351"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2737","reference_id":"RHSA-2026:2737","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2737"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3406","reference_id":"RHSA-2026:3406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/995006?format=json","purl":"pkg:deb/debian/golang-github-golang-jwt-jwt@5.0.0%2Breally4.5.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-golang-jwt-jwt@5.0.0%252Breally4.5.2-1"}],"aliases":["CVE-2024-51744","GHSA-29wx-vh33-7x7r"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qp47-aewx-wufh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29174?format=json","vulnerability_id":"VCID-s5gr-zsbz-xkbe","summary":"jwt-go allows excessive memory allocation during header parsing\n### Summary\n\nFunction [`parse.ParseUnverified`](https://github.com/golang-jwt/jwt/blob/c035977d9e11c351f4c05dfeae193923cbab49ee/parser.go#L138-L139) currently splits (via a call to [strings.Split](https://pkg.go.dev/strings#Split)) its argument (which is untrusted data) on periods.\n\nAs a result, in the face of a malicious request whose _Authorization_ header consists of `Bearer ` followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: [CWE-405: Asymmetric Resource Consumption (Amplification)](https://cwe.mitre.org/data/definitions/405.html)\n\n### Details\n\nSee [`parse.ParseUnverified`](https://github.com/golang-jwt/jwt/blob/c035977d9e11c351f4c05dfeae193923cbab49ee/parser.go#L138-L139) \n\n### Impact\n\nExcessive memory allocation","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30204.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30204.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30204","reference_id":"","reference_type":"","scores":[{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27767","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27879","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27961","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.2801","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28027","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28018","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28075","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28118","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28111","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28069","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28002","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28206","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28163","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29962","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30204"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/golang-jwt/jwt","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/golang-jwt/jwt"},{"reference_url":"https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T14:10:18Z/"}],"url":"https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3"},{"reference_url":"https://github.com/golang-jwt/jwt/commit/bf316c48137a1212f8d0af9288cc9ce8e59f1afb","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T14:10:18Z/"}],"url":"https://github.com/golang-jwt/jwt/commit/bf316c48137a1212f8d0af9288cc9ce8e59f1afb"},{"reference_url":"https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T14:10:18Z/"}],"url":"https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30204","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30204"},{"reference_url":"https://security.netapp.com/advisory/ntap-20250404-0002","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20250404-0002"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2354195","reference_id":"2354195","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2354195"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11396","reference_id":"RHSA-2025:11396","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11396"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11573","reference_id":"RHSA-2025:11573","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11573"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11669","reference_id":"RHSA-2025:11669","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11669"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11749","reference_id":"RHSA-2025:11749","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11749"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13900","reference_id":"RHSA-2025:13900","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13900"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14048","reference_id":"RHSA-2025:14048","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14048"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14855","reference_id":"RHSA-2025:14855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15332","reference_id":"RHSA-2025:15332","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15332"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15673","reference_id":"RHSA-2025:15673","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15673"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15872","reference_id":"RHSA-2025:15872","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15872"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16101","reference_id":"RHSA-2025:16101","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16101"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16595","reference_id":"RHSA-2025:16595","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16595"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17671","reference_id":"RHSA-2025:17671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18241","reference_id":"RHSA-2025:18241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18242","reference_id":"RHSA-2025:18242","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18242"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23057","reference_id":"RHSA-2025:23057","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23057"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23534","reference_id":"RHSA-2025:23534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23534"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23535","reference_id":"RHSA-2025:23535","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23535"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23916","reference_id":"RHSA-2025:23916","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23916"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3344","reference_id":"RHSA-2025:3344","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3344"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3411","reference_id":"RHSA-2025:3411","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3411"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3503","reference_id":"RHSA-2025:3503","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3503"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3565","reference_id":"RHSA-2025:3565","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3565"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3569","reference_id":"RHSA-2025:3569","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3569"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3607","reference_id":"RHSA-2025:3607","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3607"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3616","reference_id":"RHSA-2025:3616","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3616"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3618","reference_id":"RHSA-2025:3618","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3618"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3698","reference_id":"RHSA-2025:3698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3740","reference_id":"RHSA-2025:3740","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3743","reference_id":"RHSA-2025:3743","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3743"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3775","reference_id":"RHSA-2025:3775","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3775"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3790","reference_id":"RHSA-2025:3790","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3790"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3808","reference_id":"RHSA-2025:3808","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3808"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3811","reference_id":"RHSA-2025:3811","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3811"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3813","reference_id":"RHSA-2025:3813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3813"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3814","reference_id":"RHSA-2025:3814","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3814"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3820","reference_id":"RHSA-2025:3820","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3820"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3905","reference_id":"RHSA-2025:3905","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3905"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3906","reference_id":"RHSA-2025:3906","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3906"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3907","reference_id":"RHSA-2025:3907","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3907"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3928","reference_id":"RHSA-2025:3928","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3928"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3929","reference_id":"RHSA-2025:3929","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3929"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3930","reference_id":"RHSA-2025:3930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3993","reference_id":"RHSA-2025:3993","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3993"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4008","reference_id":"RHSA-2025:4008","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4008"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4012","reference_id":"RHSA-2025:4012","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4012"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4019","reference_id":"RHSA-2025:4019","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4019"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4171","reference_id":"RHSA-2025:4171","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4171"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4177","reference_id":"RHSA-2025:4177","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4177"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4188","reference_id":"RHSA-2025:4188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4204","reference_id":"RHSA-2025:4204","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4204"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4250","reference_id":"RHSA-2025:4250","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4250"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4409","reference_id":"RHSA-2025:4409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4422","reference_id":"RHSA-2025:4422","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4422"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4462","reference_id":"RHSA-2025:4462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4473","reference_id":"RHSA-2025:4473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4502","reference_id":"RHSA-2025:4502","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4502"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4569","reference_id":"RHSA-2025:4569","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4569"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4666","reference_id":"RHSA-2025:4666","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4666"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4669","reference_id":"RHSA-2025:4669","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4669"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4677","reference_id":"RHSA-2025:4677","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4677"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4810","reference_id":"RHSA-2025:4810","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4810"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7404","reference_id":"RHSA-2025:7404","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7404"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7407","reference_id":"RHSA-2025:7407","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7407"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7425","reference_id":"RHSA-2025:7425","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7425"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7475","reference_id":"RHSA-2025:7475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7479","reference_id":"RHSA-2025:7479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7503","reference_id":"RHSA-2025:7503","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7503"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7702","reference_id":"RHSA-2025:7702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7967","reference_id":"RHSA-2025:7967","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7967"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8075","reference_id":"RHSA-2025:8075","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8075"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8244","reference_id":"RHSA-2025:8244","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8244"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8267","reference_id":"RHSA-2025:8267","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8267"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8384","reference_id":"RHSA-2025:8384","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8384"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8390","reference_id":"RHSA-2025:8390","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8390"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8392","reference_id":"RHSA-2025:8392","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8392"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8510","reference_id":"RHSA-2025:8510","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8510"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8542","reference_id":"RHSA-2025:8542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8552","reference_id":"RHSA-2025:8552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8560","reference_id":"RHSA-2025:8560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8691","reference_id":"RHSA-2025:8691","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8691"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9167","reference_id":"RHSA-2025:9167","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9167"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9259","reference_id":"RHSA-2025:9259","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9259"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9388","reference_id":"RHSA-2025:9388","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9388"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9541","reference_id":"RHSA-2025:9541","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9541"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9646","reference_id":"RHSA-2025:9646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2155","reference_id":"RHSA-2026:2155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2164","reference_id":"RHSA-2026:2164","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2164"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2172","reference_id":"RHSA-2026:2172","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2172"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3718","reference_id":"RHSA-2026:3718","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3718"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/995006?format=json","purl":"pkg:deb/debian/golang-github-golang-jwt-jwt@5.0.0%2Breally4.5.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-golang-jwt-jwt@5.0.0%252Breally4.5.2-1"}],"aliases":["CVE-2025-30204","GHSA-mh63-6h87-95cp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s5gr-zsbz-xkbe"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-golang-jwt-jwt@5.0.0%252Breally4.5.2-1"}