CVE-2025-45768

PYSEC-2025-183 · CVE-2025-45768

Published Jul 31, 2025 · Modified May 21, 2026

Description

pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library (admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcement).

References

WEB https://github.com/jpadilla
REPORT https://gist.github.com/ZupeiNie/6f65e564f2067b876321d3dfdbb76569
PACKAGE https://github.com/jpadilla/pyjwt

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes