github.com/lestrrat-go/jwx
govv1.2.31Complete implementation of JWx (Javascript Object Signing and Encryption/JOSE) technologies for Go. #golang #jwt #jws #jwk #jwe
License MITpermissive55 versions73 maintainers0 deps2,362 weekly dl
lestrrat-go/jwx52
/ 100
Health
safe to use
github.com/lestrrat-go/[email protected] is safe to use (health: 52/100)
Update to >= 2.0.21 to fix known vulnerabilities
Health breakdown0 – 100
5/25
maintenance
6/20
popularity
21/25
security
15/15
maturity
5/15
community
Vulnerabilities
6
2 medium4 low
Advisories (6)
| Severity | ID | Summary | Fixed in |
|---|---|---|---|
| medium | CVE-2023-49290 | lestrrat-go/jwx's malicious parameters in JWE can cause a DOS | 2.0.18 |
| medium | CVE-2024-21664 | Parsing JSON serialized payload without protected field can lead to segfault | 2.0.19 |
| unknown | GHSA-rm8v-mxj3-5rmq | Padding oracle vulnerability in github.com/lestrrat-go/jwx | 2.0.11-0.20230614080639-c8b6bec919a1 |
| unknown | CVE-2023-49290 | Denial of service due to malicious parameters in github.com/lestrrat-go/jwx | 2.0.18 |
| unknown | CVE-2024-21664 | Panic due to nil pointer dereference in github.com/lestrrat-go/jwx/v2 | 2.0.19 |
| unknown | CVE-2024-28122 | JWX vulnerable to a denial of service attack using compressed JWE message in github.com/lestrrat-go/jwx | 2.0.21 |
Health History
Dependency Tree
License Audit
API access
Get this data programmatically — free, no authentication.
curl https://depscope.dev/api/check/go/github.com/lestrrat-go/jwxLast updated · 2025-04-09T10:38:17Z