VYPR

PyPI package

joserfc

pkg:pypi/joserfc

Vulnerabilities (2)

  • CVE-2026-27932Mar 3, 2026
    affected < 1.6.3fixed 1.6.3

    joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service (DoS) via CPU exhaustio

  • CVE-2025-65015Nov 18, 2025
    affected >= 1.3.3, < 1.3.5fixed 1.3.5

    joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the ExceededSizeError exception messages are embedded with non-decoded JWT token part