Google Firebase Php-jwt — known CVE vulnerabilities
Every CVE whose affected-product data names Google Firebase Php-jwt, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2021-46743 — CVSS 9.1 (critical): In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple…
CVE-2025-45769 — CVSS 6.5 (medium): php-jwt v6.11.0 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to…