Filtered by vendor Google
Subscriptions
Filtered by product Firebase Php-jwt
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-45769 | 1 Google | 1 Firebase Php-jwt | 2025-08-15 | 7.3 High |
| php-jwt v6.11.0 was discovered to contain weak encryption. | ||||
| CVE-2021-46743 | 1 Google | 1 Firebase Php-jwt | 2024-11-21 | 9.1 Critical |
| In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way to use the PHP-JWT library unsafely, but might not be considered a vulnerability in the library itself. | ||||
Page 1 of 1.