VYPR

crates.io package

jsonwebtoken

pkg:cargo/jsonwebtoken

Vulnerabilities (1)

  • CVE-2026-25537Feb 4, 2026
    affected < 10.3.0fixed 10.3.0

    jsonwebtoken is a JWT lib in rust. Prior to version 10.3.0, there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim (such as nbf or exp) is provided with an incorrect JSON type (Like a String instead of a Number)