VYPR

npm package

jws

pkg:npm/jws

Vulnerabilities (2)

  • CVE-2025-65945Dec 4, 2025
    affected < 3.2.3fixed 3.2.3

    auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they us

  • CVE-2016-1000223higSep 1, 2020
    affected < 3.0.0fixed 3.0.0

    Affected versions of the `jws` package allow users to select what algorithm the server will use to verify a provided JWT. A malicious actor can use this behaviour to arbitrarily modify the contents of a JWT while still passing verification. For the common use case of the JWT as a