Perryts Perry vulnerabilities
2 known vulnerabilities affecting perryts/perry.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2026-53776P2CRITICALCVSS 9.1fixed in 0.5.11662026-06-16
CVE-2026-53776 [CRITICAL] CWE-613 CVE-2026-53776: Perry before 0.5.1166 contains a JWT validation vulnerability that allows remote attackers to bypass
Perry before 0.5.1166 contains a JWT validation vulnerability that allows remote attackers to bypass token expiration by exploiting the unconditional setting of validate_exp = false in the verify_decode helper within the stdlib JWT verification path. Attackers in possession of a previously issued bearer token can present expired tokens to any jwt.
nvd
CVE-2026-53777P3HIGHCVSS 8.1fixed in 0.5.11592026-06-11
CVE-2026-53777 [HIGH] CWE-22 CVE-2026-53777: Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server t
Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running process by supplying unsanitized path components in the artifact_name field of ArtifactReady WebSocket messages. Attackers controlling the server URL can deliver traversal payloads through
nvd