| CVE-2026-32597 |
high |
7.5 |
7.5 |
|
|
|
3mo ago |
RHSA-2026:12176: fence-agents security update (Important) |
| CVE-2017-11424 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
In PyJWT 1.5.0 and below the `invalid_strings` check in `HMACAlgorithm.prepare_key` does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed becau… |
| CVE-2026-48526 |
high |
7.4 |
7.4 |
|
|
|
7d ago |
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate… |
| CVE-2026-48523 |
medium |
5.4 |
5.4 |
|
|
|
7d ago |
PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode() or jwt.decode_complete() are called with a PyJWK key. … |
| CVE-2026-48525 |
medium |
5.3 |
5.3 |
|
|
|
7d ago |
PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option ("b64": false, RFC 7797), PyJWT performs Base64URL deco… |
| CVE-2026-48522 |
medium |
4.2 |
4.2 |
|
|
|
7d ago |
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen() which uses Python stdlib's default OpenerDirector registe… |
| CVE-2026-48524 |
low |
3.7 |
3.7 |
|
|
|
7d ago |
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.get_signing_key() forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no ra… |
