Security

Report a vulnerability

SECURITY.md

Security Policy

Supported Versions

Version	Supported
1.5.1+	✅
< 1.5.1	❌

Reporting a Vulnerability

Please use the GitHub feature to report security vulnerabilities.

Expect a response within 2 business days (not on week ends or holidays).

If the vulnerbaility is confirmed and accepted you will be given instruction on any embargo or disclosure timeline.

JWT bomb Attack in `deserialize` function
GHSA-j857-7rvv-vj97 published Mar 6, 2024 by simo5

Moderate
DoS with algorithms that use PBKDF2 due to unbounded PBES2 Count value
GHSA-cw2r-4p82-qv79 published Dec 26, 2023 by simo5

Moderate
Token substitution can lead to authentication bypass
GHSA-gwp4-mcv4-w95j published Sep 19, 2022 by simo5

Moderate

Learn more about advisories related to latchset/jwcrypto in the GitHub Advisory Database