CVE-2025-45768

ADVISORY - nist

Summary

pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library (admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcement).

EPSS Score⁠: 0.00066 (0.204)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-311⁠

Missing Encryption of Sensitive Data

ADVISORY - redhat

CWE-311⁠

Missing Encryption of Sensitive Data

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.