Package impact
npm / jose-node-cjs-runtime
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-28176 | medium | — | 5.5 | 2y ago | RHSA-2024:5294: jose security update (Moderate) | |||
| CVE-2022-36083 | unknown | — | — | 4y ago | JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The PBKDF2-based J… | |||
| CVE-2021-29446 | unknown | — | — | 5y ago | Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-cjs-runtime |