VYPR

Python Jose

by Python Jose Project

Source repositories

CVEs (2)

  • CVE-2016-7036CriJan 23, 2017
    risk 0.57cvss 9.8epss 0.02

    python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys.

  • CVE-2025-61152MedOct 10, 2025
    risk 0.42cvss 6.5epss 0.00

    python-jose thru 3.3.0 allows JWT tokens with 'alg=none' to be decoded and accepted without any cryptographic signature verification. A malicious actor can craft a forged token with arbitrary claims (e.g., is_admin=true) and bypass authentication checks, leading to privilege…

VYPR — Vulnerability Intelligence