jsonwebtoken

9.0.0Last updated on Dec 21, 2022
JSON Web Token implementation (symmetric and asymmetric)

Used on 70 websites

Top usage distribution

66
8.5.0
66
8.5.1
4
8.2.1
4
8.2.2
4
8.4.0
3
8.2.0
3
8.3.0
1
5.5.0

Vulnerabilities

jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()
>=0 <9.0.0
jsonwebtoken unrestricted key type could lead to legacy keys usage
>=0 <9.0.0
jsonwebtoken has insecure input validation in jwt.verify function
>=0 <9.0.0
jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC
>=0 <9.0.0
Verification Bypass in jsonwebtoken
>=0 <4.2.2

Versions

Sort by
9.0.0 Dec 21, 2022
1Website
42 KBUnpacked size
15Modules
8.5.1 Mar 18, 2019
66Websites
72 KBUnpacked size
13Modules
8.5.0 Feb 20, 2019
66Websites
71 KBUnpacked size
13Modules
8.4.0 Nov 14, 2018
4Websites
68 KBUnpacked size
12Modules
8.3.0 Jun 11, 2018
3Websites
60 KBUnpacked size
12Modules