Ecosyste.ms: Packages

An open API service providing package, version and dependency metadata of many open source software ecosystems and registries.

Top 1.4% on pypi.org
Top 0.3% downloads on pypi.org
Top 0.2% dependent packages on pypi.org
Top 0.3% dependent repos on pypi.org
Top 4.4% forks on pypi.org
Top 0.1% docker downloads on pypi.org

pypi.org : jwcrypto

Implementation of JOSE Web standards

Registry - Source - Documentation - JSON
purl: pkg:pypi/jwcrypto
License: LGPL-3.0+
Latest release: 3 months ago
First release: almost 9 years ago
Dependent packages: 86
Dependent repositories: 1,962
Downloads: 1,979,968 last month
Stars: 413 on GitHub
Forks: 116 on GitHub
Docker dependents: 227
Docker downloads: 837,267,574
Total Commits: 303
Committers: 41
Average commits per author: 7.39
Development Distribution Score (DDS): 0.254
More commit stats: commits.ecosyste.ms
See more repository details: repos.ecosyste.ms
Last synced: 7 days ago

Moderate
GSA_kwCzR0hTQS1jdzJyLTRwODItcXY3Oc4AA4Dz
DoS with algorithms that use PBKDF2 due to unbounded PBES2 Count value
Ecosystems: pypi
Packages: jwcrypto
Source: github
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS13ZzMzLXg5MzQtM2doaM4AAc86
jwcrypto lacks the Random Filling protection mechanism
Ecosystems: pypi
Packages: jwcrypto
Source: github
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1nd3A0LW1jdjQtdzk1as4AAu95
jwcrypto token substitution can lead to authentication bypass
Ecosystems: pypi
Packages: jwcrypto
Source: github
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qODU3LTdydnYtdmo5N84AA5zv
JWCrypto vulnerable to JWT bomb Attack in `deserialize` function
Ecosystems: pypi
Packages: jwcrypto
Source: github
Published: 3 months ago