Security: nearform/fast-jwt
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
Incomplete fix for CVE-2023-48223: JWT Algorithm Confusion via Whitespace-Prefixed RSA Public KeyGHSA-mvf2-f6gm-w987 published
Apr 2, 2026 by antoatta85Critical -
Security Report: fast-jwt accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)GHSA-hm7r-c7qw-ghp6 published
Apr 2, 2026 by antoatta85High -
Cache Confusion via cacheKeyBuilder Collisions Can Return Claims From a Different Token (Identity/Authorization Mixup)GHSA-rp9m-7r4c-75qg published
Apr 2, 2026 by antoatta85Critical -
Addendum: Stateful RegExp (/g or /y) causes non-deterministic allowed-claim validation (logical DoS)GHSA-3j8v-cgw4-2g6q published
Apr 9, 2026 by antoatta85Moderate -
ReDoS in fast-jwt when using RegExp in allowed* leading to CPU exhaustion during token verificationGHSA-cjw9-ghj4-fwxf published
Apr 9, 2026 by antoatta85Moderate -
JWT improper iss claim validationGHSA-gm45-q3v2-6cf8 published
Mar 19, 2025 by simonebModerate -
JWT Algorithm ConfusionGHSA-c2ff-88x2-x9pg published
Nov 20, 2023 by simonebModerate
Learn more about advisories related to nearform/fast-jwt in the GitHub Advisory Database