HIGH 7.4 PyPI
GHSA-6c5p-j8vq-pqhj · CVE-2024-33663, PYSEC-2024-232 python-jose algorithm confusion with OpenSSH ECDSA keys
Modified: 5/11/2026
package
PyPI / python-jose
pkg:pypi/python-jose
MEDIUM 5.3 PyPI
GHSA-cjwg-qfpm-7377 · CVE-2024-33664, PYSEC-2024-233 python-jose denial of service via compressed JWE content
Modified: 5/11/2026
CRITICAL 9.8 PyPI
GHSA-w799-prg3-cx77 · CVE-2016-7036, PYSEC-2017-28 python-jose failure to use a constant time comparison for HMAC keys
Modified: 10/16/2024
— PyPI
PYSEC-2017-28 · CVE-2016-7036, GHSA-w799-prg3-cx77 Modified: 6/10/2026
— PyPI
PYSEC-2024-232 · CVE-2024-33663, GHSA-6c5p-j8vq-pqhj Modified: 6/10/2026
— PyPI
PYSEC-2024-233 · CVE-2024-33664, GHSA-cjwg-qfpm-7377 Modified: 6/10/2026
MEDIUM 5.3 PyPI
PYSEC-2025-185 · CVE-2024-29370, GHSA-h4pw-wxh7-4vjj Modified: 6/10/2026