Every CVE whose affected-product data names Auth0 Jsonwebtoken, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2015-9235 — CVSS 9.8 (critical): In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an…
CVE-2022-23540 — CVSS 6.4 (medium): In versions `<=8.5.1` of `jsonwebtoken` library, lack of algorithm definition in the `jwt.verify()` function can lead to signature…
CVE-2022-23539 — CVSS 5.9 (medium): Versions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification…
CVE-2022-23541 — CVSS 5.0 (medium): jsonwebtoken is an implementation of JSON Web Tokens. Versions `<= 8.5.1` of `jsonwebtoken` library can be misconfigured so that passing a…