All jsonwebtoken CVEs — Complete Vulnerability History
jsonwebtoken is the most widely-used npm package for creating and verifying JSON Web Tokens. Authentication libraries are high-value targets — all known CVEs are serious and relate to algorithm confusion or improper verification.
npm
15M+ weekly downloads
4 CVEs total
2 CRITICAL
🔴 CISA KEV
CVE history — all 4 known vulnerabilities
🔴 1 CVE on CISA KEV — actively exploited in real attacks
| CVE ID | Year | Severity | Description | Fix |
|---|---|---|---|---|
| CVE-2015-9235 | 2015 | CRITICAL | Algorithm confusion — none algorithm accepted | Fixed in 4.2.2 |
| CVE-2022-23539 | 2022 | MEDIUM | Insecure comparison when secret is a string | Fixed in 9.0.0 |
| CVE-2022-23540 | 2022 | 🔴CRITICAL | Algorithm confusion — weak key accepted — CISA KEV | Fixed in 9.0.0 |
| CVE-2022-23541 | 2022 | MEDIUM | Improper handling of multiple signatures | Fixed in 9.0.0 |
Current safe version
✓ Update to 9.0.0
The latest safe version addresses all 4 known CVEs listed above.
Before and after
Vulnerable:
"jsonwebtoken": "8.5.1"
Fixed:
"jsonwebtoken": "9.0.0"
Then run: npm install
Paste your manifest — see your exact installed version against this full CVE list.
Scan with PackageFix →Free · No signup · No CLI · Runs in your browser
Common questions
Why does jsonwebtoken have so many algorithm confusion CVEs?
JWT algorithm confusion is a class of vulnerability that's been known since 2015. The 'none' algorithm issue (CVE-2015-9235) was the first — where passing alg: none in a token header could bypass signature verification. The 2022 batch were new variants. The fix in 9.0.0 explicitly requires you to specify which algorithms are acceptable.
What changed in jsonwebtoken 9.0.0?
The verify() function now requires an explicit algorithms array. You can no longer omit it and have the library accept whatever algorithm the token claims. This is the single most important security change in the package's history.
How do I migrate to jsonwebtoken 9.0.0?
Add algorithms explicitly to all verify() calls: jwt.verify(token, secret, { algorithms: ['HS256'] }). Never pass the algorithm from the token header itself — always use a hardcoded list you control.
Is CVE-2022-23540 being actively exploited?
Yes — it's on the CISA KEV catalog. Algorithm confusion attacks against JWT implementations are actively used to bypass authentication in web applications. If you're on jsonwebtoken < 9.0.0, this is an urgent update.