Launch Week Day 1: Announcing Security Design Review
Start for Free
npm

fast-jwt

View on npm registry
8 Total advisories
8 Vulnerabilities
0 Malware

Vulnerabilities

CRITICAL 9.1
npm

CVE-2026-44351

fast-jwt: JWT auth bypass due to empty HMAC secret accepted by async key resolver
MEDIUM 4.2
npm

CVE-2026-35041

fast-jwt has a ReDoS when using RegExp in allowed* leading to CPU exhaustion during token verification
MEDIUM 5.3
npm

CVE-2026-35040

fast-jwt: Stateful RegExp (/g or /y) causes non-deterministic allowed-claim validation (logical DoS)
CRITICAL 9.1
npm

CVE-2026-35039

fast-jwt: Cache Confusion via cacheKeyBuilder Collisions Can Return Claims From a Different Token (Identity/Authorization Mixup)
CRITICAL 9.1
npm

CVE-2026-34950

fast-jwt: Incomplete fix for CVE-2023-48223: JWT Algorithm Confusion via Whitespace-Prefixed RSA Public Key
HIGH 7.5
npm

CVE-2026-35042

fast-jwt accepts unknown `crit` header extensions (RFC 7515 violation)
MEDIUM 6.5
npm

CVE-2025-30144

Fast-JWT Improperly Validates iss Claims
MEDIUM 5.9
npm

CVE-2023-48223

JWT Algorithm Confusion

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes