{"package":"github.com/golang-jwt/jwt","ecosystem":"go","latest_version":"v3.2.2+incompatible","description":"Go implementation of JSON Web Tokens (JWT).","license":"MIT","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://pkg.go.dev/github.com/golang-jwt/jwt","repository":"https://github.com/golang-jwt/jwt","downloads_weekly":9046,"health":{"score":45,"risk":"high","breakdown":{"maintenance":0,"popularity":6,"security":20,"maturity":9,"community":10},"deprecated":false,"max_score":100},"vulnerabilities":{"count":2,"critical":0,"high":1,"medium":0,"low":1,"details":[{"vuln_id":"CVE-2025-30204","severity":"high","summary":"jwt-go allows excessive memory allocation during header parsing","affected_versions":">=5.0.0-rc.1,<5.2.2|<4.5.2|>=3.2.0,<=3.2.2","fixed_version":"4.5.2","source":"osv","published_at":"2025-03-21T22:04:00Z","in_kev":false,"epss_prob":0.00113,"epss_percentile":0.29493,"threat_tier":"theoretical"},{"vuln_id":"CVE-2025-30204","severity":"unknown","summary":"Excessive memory allocation during header parsing in github.com/golang-jwt/jwt","affected_versions":"<4.5.2|>=5.0.0-rc.1,<5.2.2","fixed_version":"5.2.2","source":"osv","published_at":"2025-03-26T17:24:24Z","in_kev":false,"epss_prob":0.00113,"epss_percentile":0.29493,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"v3.2.2+incompatible","total_count":16,"recent":["v1.0.2","v3.2.1+incompatible","v2.6.0+incompatible","v1.0.0","v2.5.0+incompatible","v2.1.0+incompatible","v3.2.2+incompatible","v2.0.0+incompatible","v2.3.0+incompatible","v2.4.0+incompatible","v3.0.0+incompatible","v2.2.0+incompatible","v3.1.0+incompatible","v3.2.0+incompatible","v2.7.0+incompatible","v1.0.1"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":120,"first_published":null,"last_published":"2021-07-30T20:54:04Z","dependencies_count":0,"dependencies":[]},"github_stats":{"stars":9056,"forks":426,"open_issues":42,"is_archived":false,"pushed_at":"2026-05-01T10:36:02Z","subscribers_count":36},"bundle":null,"typescript":null,"known_issues":{"bugs_count":1,"bugs_severity":{"medium":1},"status_breakdown":{"fixed":1},"link":"/api/bugs/go/github.com/golang-jwt/jwt?version=v3.2.2+incompatible","scope":"version","details":[{"title":"Excessive memory allocation during header parsing in github.com/golang-jwt/jwt","severity":"medium","status":"fixed","affected_version":null,"fixed_version":"4.5.2","url":"https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp"}]},"historical_compromise":null,"recommendation":{"action":"update_required","issues":["1 high severity vulnerabilities"],"use_version":"v3.2.2+incompatible","version_hint":"Update to >= 5.2.2 to fix known vulnerabilities","summary":"github.com/golang-jwt/jwt@v3.2.2+incompatible has vulnerabilities — update to latest","alternatives":[{"name":"github.com/golang-jwt/jwt/v5","reason":"jwt v4 is superseded - v5 is the current major","builtin":false}]},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":765,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":true,"bus_factor_3m":6,"active_contributors_12m":11,"primary_author_ratio":0.41379310344827586,"owner_account_age_days":1803,"is_archived":false,"stars":9036,"alerts":[]},"malicious":{"is_malicious":false},"scorecard":{"available":true,"score":6.5,"tier":"moderate"},"quality":{"available":false},"alternatives_link":{"url":"/api/alternatives/go/github.com/golang-jwt/jwt","count":1},"co_used_with":[{"package":"JuicyPixels","occurrences":6},{"package":"ohai","occurrences":6},{"package":"@subsquid/util-internal","occurrences":1},{"package":"yarn","occurrences":1}],"version_history_summary":{"total_versions":16,"first_release_age_days":4338,"last_release_days_ago":1736,"avg_days_between_releases":289,"release_velocity":"stale"}}