VYPR
Vendor

Panva

Products
3
CVEs
7
Across products
7
Status
Private

Products

3

Recent CVEs

7
  • CVE-2025-45767HigAug 1, 2025
    risk 0.46cvss 7.0epss 0.00

    jose v6.0.10 was discovered to contain weak encryption. NOTE: this is disputed by a third party because the claim of "do not meet recommended security standards" does not reflect guidance in a final publication.

  • CVE-2021-29446MedApr 16, 2021
    risk 0.38cvss 5.9epss 0.01

    jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if…

  • CVE-2021-29445MedApr 16, 2021
    risk 0.38cvss 5.9epss 0.01

    jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if…

  • CVE-2021-29444MedApr 16, 2021
    risk 0.38cvss 5.9epss 0.01

    jose-browser-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if…

  • CVE-2021-29443MedApr 16, 2021
    risk 0.38cvss 5.9epss 0.01

    jose is an npm library providing a number of cryptographic operations. In vulnerable versions AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed…

  • CVE-2022-36083MedSep 7, 2022
    risk 0.28cvss 5.3epss 0.01

    JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named `p2c` PBES2…

  • CVE-2024-28176MedMar 9, 2024
    risk 0.25cvss 4.9epss 0.02

    jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has been identified in the JSON Web…