jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()
>=0 <9.0.0
jsonwebtoken unrestricted key type could lead to legacy keys usage
>=0 <9.0.0
jsonwebtoken has insecure input validation in jwt.verify function
>=0 <9.0.0
jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC
>=0 <9.0.0
Verification Bypass in jsonwebtoken
>=0 <4.2.2