Jpadilla Pyjwt vulnerabilities

CVE-2026-32597 [HIGH] CWE-345 CVE-2026-32597: PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the cri PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. Th

CVE-2024-53861 [HIGH] CWE-697 CVE-2024-53861: pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for `iss` pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for `iss` checking, resulting in `"acb"` being accepted for `"_abc_"`. This is a bug introduced in version 2.10.0: checking the "iss" claim changed from `isinstance(issuer, list)` to `isinstance(issuer, Sequence)`. Since str is a Sequnce, but not a list, `in` is a