Search CVE reports

Toggle filters

1 – 3 of 3 results

CVE-2025-45767

Medium priority
Needs evaluation

jose v6.0.10 was discovered to contain weak encryption. NOTE: this is disputed by a third party because the claim of “do not meet recommended security standards” does not reflect guidance in a final publication.

1 affected package

node-jose

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
node-jose Needs evaluation Needs evaluation
Show less packages

CVE-2024-28176

Medium priority
Needs evaluation

jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more....

1 affected package

node-jose

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
node-jose Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2022-36083

Medium priority
Vulnerable

JOSE is “JSON Web Almost Everything” - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime’s native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The PBKDF2-based JWE key management algorithms...

2 affected packages

jose, node-jose

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
jose Needs evaluation Not affected Not affected Not affected
node-jose Not affected Vulnerable Not in release Not in release
Show less packages