jose vulnerabilities

JWA, JWS, JWE, JWT, JWK, JWKS for Node.js, Browser, Cloudflare Workers, Deno, Bun, and other Web-interoperable runtimes

  • latest version

    6.1.0

  • latest non vulnerable version

  • first published

    11 years ago

  • latest version published

    20 hours ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the jose package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Resource Exhaustion

    <2.0.7>=3.0.0 <4.15.5
    • M
    Denial of Service (DoS)

    <1.28.2>=2.0.0 <2.0.6>=3.0.0 <3.20.4>=4.0.0 <4.9.2
    • M
    Timing Attack

    <1.28.1>=2.0.0 <2.0.5>=3.0.0 <3.11.4

    Package versions

    100 VERSIONS IN TOTAL See all versions
    versionpublisheddirect vulnerabilities
    6.1.027 Aug, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    6.0.1321 Aug, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    6.0.1215 Jul, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    6.0.115 May, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    6.0.1012 Mar, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    6.0.911 Mar, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    6.0.826 Feb, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    6.0.725 Feb, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    6.0.623 Feb, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    6.0.523 Feb, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L