GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
4 advisories
fast-jwt: JWT auth bypass due to empty HMAC secret accepted by async key resolver
Critical
CVE-2026-44351
was published
for
fast-jwt
(npm)
May 6, 2026
fast-jwt has a ReDoS when using RegExp in allowed* leading to CPU exhaustion during token verification
Moderate
CVE-2026-35041
was published
for
fast-jwt
(npm)
Apr 9, 2026
fast-jwt: Stateful RegExp (/g or /y) causes non-deterministic allowed-claim validation (logical DoS)
Moderate
CVE-2026-35040
was published
for
fast-jwt
(npm)
Apr 9, 2026
fast-jwt: Cache Confusion via cacheKeyBuilder Collisions Can Return Claims From a Different Token (Identity/Authorization Mixup)
Critical
CVE-2026-35039
was published
for
fast-jwt
(npm)
Apr 3, 2026
ProTip!
Advisories are also available from the
GraphQL API