VYPR

apk package

chainguard/py3-pyjwt

pkg:apk/chainguard/py3-pyjwt

Vulnerabilities (2)

  • CVE-2025-45768Jul 31, 2025
    affected < 0fixed 0

    pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library (admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcemen

  • CVE-2024-53861Nov 29, 2024
    affected < 2.10.1-r0fixed 2.10.1-r0

    pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for `iss` checking, resulting in `"acb"` being accepted for `"_abc_"`. This is a bug introduced in version 2.10.0: checking the "iss" claim changed from `isinstance(issuer, list)` to `isinst