PyJWT: Public-key JWK accepted as HMAC secret enables forged HS256 tokens when mixed families are allowed

High severity GitHub Reviewed Published May 21, 2026 in jpadilla/pyjwt • Updated Jun 15, 2026

No open alerts for this advisory

Give feedback on Dependabot alerts