{"package":"github.com/lestrrat-go/jwx","ecosystem":"go","latest_version":"v1.2.31","description":"Complete implementation of JWx (Javascript Object Signing and Encryption/JOSE) technologies for Go. #golang #jwt #jws #jwk #jwe","license":"MIT","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://pkg.go.dev/github.com/lestrrat-go/jwx","repository":"https://github.com/lestrrat-go/jwx","downloads_weekly":2362,"health":{"score":52,"risk":"high","breakdown":{"maintenance":5,"popularity":6,"security":21,"maturity":15,"community":5},"deprecated":false,"max_score":100},"vulnerabilities":{"count":6,"critical":0,"high":0,"medium":2,"low":4,"details":[{"vuln_id":"CVE-2023-49290","severity":"medium","summary":"lestrrat-go/jwx's malicious parameters in JWE can cause a DOS","affected_versions":"<1.2.27|<2.0.18","fixed_version":"2.0.18","source":"osv","published_at":"2023-12-05T23:29:26Z","in_kev":false,"epss_prob":0.00183,"epss_percentile":0.39694,"threat_tier":"theoretical"},{"vuln_id":"CVE-2024-21664","severity":"medium","summary":"Parsing JSON serialized payload without protected field can lead to segfault","affected_versions":">=1.0.8,<1.2.28|<2.0.19","fixed_version":"2.0.19","source":"osv","published_at":"2024-01-09T16:18:48Z","in_kev":false,"epss_prob":0.00178,"epss_percentile":0.39049,"threat_tier":"theoretical"},{"vuln_id":"GHSA-rm8v-mxj3-5rmq","severity":"unknown","summary":"Padding oracle vulnerability in github.com/lestrrat-go/jwx","affected_versions":"<1.2.26|<2.0.11-0.20230614080639-c8b6bec919a1","fixed_version":"2.0.11-0.20230614080639-c8b6bec919a1","source":"osv","published_at":"2023-06-22T16:36:11Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"CVE-2023-49290","severity":"unknown","summary":"Denial of service due to malicious parameters in github.com/lestrrat-go/jwx","affected_versions":"<1.2.27|<2.0.18","fixed_version":"2.0.18","source":"osv","published_at":"2023-12-11T15:08:59Z","in_kev":false,"epss_prob":0.00183,"epss_percentile":0.39694,"threat_tier":"theoretical"},{"vuln_id":"CVE-2024-21664","severity":"unknown","summary":"Panic due to nil pointer dereference in github.com/lestrrat-go/jwx/v2","affected_versions":">=1.0.8,<1.2.28|<2.0.19","fixed_version":"2.0.19","source":"osv","published_at":"2024-01-23T18:01:33Z","in_kev":false,"epss_prob":0.00178,"epss_percentile":0.39049,"threat_tier":"theoretical"},{"vuln_id":"CVE-2024-28122","severity":"unknown","summary":"JWX vulnerable to a denial of service attack using compressed JWE message in github.com/lestrrat-go/jwx","affected_versions":"<1.2.29|<2.0.21","fixed_version":"2.0.21","source":"osv","published_at":"2024-05-20T19:46:23Z","in_kev":false,"epss_prob":0.0015,"epss_percentile":0.35213,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"v1.2.31","total_count":55,"recent":["v1.0.4","v1.2.31","v1.1.5","v1.1.4","v0.9.1","v1.2.0","v1.2.9","v1.2.2","v1.2.22","v1.2.13","v1.2.17","v1.0.1","v1.2.11","v1.1.0","v1.0.7","v1.1.7","v1.2.27","v1.2.30","v1.2.24","v1.2.25"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":73,"first_published":null,"last_published":"2025-04-09T10:38:17Z","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"safe_to_use","issues":[],"use_version":"v1.2.31","version_hint":"Update to >= 2.0.21 to fix known vulnerabilities","summary":"github.com/lestrrat-go/jwx@v1.2.31 is safe to use (health: 52/100)"},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":20,"first_release_age_days":2537,"last_release_days_ago":386,"avg_days_between_releases":134,"release_velocity":"stale"}}