Is github.com/lestrrat-go/jwx/v2 safe to use?

github.com/lestrrat-go/jwx/v2 has 1 known vulnerabilities on the latest version (v2.1.6). DepScope rates its health at 58/100 (high risk).

What is the latest version of github.com/lestrrat-go/jwx/v2?

The latest version of github.com/lestrrat-go/jwx/v2 is v2.1.6, released 2025-04-29.

Does github.com/lestrrat-go/jwx/v2 have known vulnerabilities?

Yes. github.com/lestrrat-go/jwx/v2 has 1 known vulnerabilities. See depscope.dev/pkg/go/github.com/lestrrat-go/jwx/v2 for details.

Is github.com/lestrrat-go/jwx/v2 deprecated?

No, github.com/lestrrat-go/jwx/v2 is actively maintained. Latest release: v2.1.6 (2025-04-29).

What are alternatives to github.com/lestrrat-go/jwx/v2?

DepScope has no curated alternatives for github.com/lestrrat-go/jwx/v2 at this time.

What license does github.com/lestrrat-go/jwx/v2 use?

github.com/lestrrat-go/jwx/v2 is licensed under MIT.

github.com/lestrrat-go/jwx/v2

govv2.1.6

Complete implementation of JWx (Javascript Object Signing and Encryption/JOSE) technologies for Go. #golang #jwt #jws #jwk #jwe

License MITpermissive32 versions73 maintainers0 deps2,370 weekly dl

lestrrat-go/jwx/v2

/ 100

Health

safe to use

github.com/lestrrat-go/jwx/[email protected] is safe to use (health: 58/100)

Update to >= 2.0.11-0.20230614080639-c8b6bec919a1 to fix known vulnerabilities

Health breakdown0 – 100

5/25

maintenance

6/20

popularity

25/25

security

12/15

maturity

10/15

community

Vulnerabilities

1 low

Advisories (1)

Severity	ID	Summary	Fixed in
unknown	GHSA-rm8v-mxj3-5rmq	Padding oracle vulnerability in github.com/lestrrat-go/jwx	2.0.11-0.20230614080639-c8b6bec919a1

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/go/github.com/lestrrat-go/jwx/v2

Last updated · 2025-04-29T08:17:11Z