Aigent.ly

Threat Intelligence

Live CVE feed

136 threats tracked across 6 launch stacks — sourced from NVD, GHSA, CISA KEV, and OSV.

Stack exposure — click to filter
Next.js
3crit/37high
Express / Node.js
6crit/15high
FastAPI / Python
2crit/8high
NestJS
0crit/12high
Nuxt
2crit/15high
React SPA
0crit/20high
AllCritical + HighCriticalHighMediumLow
Clear
1threats · All threats
Get guardrails →
HighCVE-2022-23539
6 rules

jsonwebtoken unrestricted key type could lead to legacy keys usage

Overview Versions <=8.5.1 of jsonwebtoken library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. Am I affected? You are affected if you are using an algorithm and a key type other than the combinations mentioned below | Key type | algorithm | |----------|------------------------------------------| | ec | ES256, ES384, ES512

OWASP A02OWASP WEB
Get guardrail →

Showing 11 of 1 threats