{"id":364117,"url":"https://bitbucket.org/connect2id/nimbus-jose-jwt","last_synced_at":"2026-06-20T14:30:47.304Z","repository":{"id":61593644,"uuid":"{90cd478b-ba58-44d2-9d68-ecbae0204b88}","full_name":"connect2id/nimbus-jose-jwt","owner":"connect2id","description":"Java library for Javascript Object Signing and Encryption (JOSE) and JSON Web Tokens (JWT)","archived":null,"fork":false,"pushed_at":null,"size":12789,"stargazers_count":null,"open_issues_count":null,"forks_count":null,"subscribers_count":null,"default_branch":"master","last_synced_at":"2023-05-17T00:37:19.298Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://connect2id.com/products/nimbus-jose-jwt","language":"java","has_issues":true,"has_wiki":true,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":null,"icon_url":"https://bitbucket.org/connect2id/nimbus-jose-jwt/avatar/","metadata":{},"created_at":"2012-09-14T12:48:34.290Z","updated_at":"2023-04-22T14:33:30.353Z","dependencies_parsed_at":"2022-10-19T16:00:46.098Z","dependency_job_id":null,"html_url":"https://bitbucket.org/connect2id/nimbus-jose-jwt","commit_stats":null,"previous_names":[],"tags_count":11,"template":null,"template_full_name":null,"purl":"pkg:bitbucket/connect2id/nimbus-jose-jwt","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/Bitbucket.org/repositories/connect2id%2Fnimbus-jose-jwt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/Bitbucket.org/repositories/connect2id%2Fnimbus-jose-jwt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/Bitbucket.org/repositories/connect2id%2Fnimbus-jose-jwt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/Bitbucket.org/repositories/connect2id%2Fnimbus-jose-jwt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/Bitbucket.org/owners/connect2id","download_url":"https://bitbucket.org/connect2id/nimbus-jose-jwt/get/master.zip","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/Bitbucket.org/repositories/connect2id%2Fnimbus-jose-jwt/sbom","scorecard":null,"host":{"name":"Bitbucket.org","url":"https://bitbucket.org","kind":"bitbucket","repositories_count":1704869,"owners_count":0,"icon_url":"https://github.com/atlassian.png","version":null,"created_at":"2022-05-30T11:31:42.608Z","updated_at":"2022-08-01T09:46:20.820Z","status":"online","status_checked_at":"2026-04-17T02:00:07.441Z","response_time":90,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.532Z","robots_txt_url":"https://bitbucket.org/robots.txt","online":true,"can_crawl_api":false,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/Bitbucket.org","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/Bitbucket.org/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/Bitbucket.org/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/Bitbucket.org/owners"}},"owner":null,"packages":[{"id":5112464,"name":"com.nimbusds:nimbus-jose-jwt","ecosystem":"maven","description":"Java library for Javascript Object Signing and Encryption (JOSE) and JSON Web Tokens (JWT)","homepage":"https://bitbucket.org/connect2id/nimbus-jose-jwt","licenses":"The Apache Software License, Version 2.0","normalized_licenses":["Apache-2.0"],"repository_url":"https://bitbucket.org/connect2id/nimbus-jose-jwt","keywords_array":[],"namespace":"com.nimbusds","versions_count":302,"first_release_published_at":"2013-01-17T17:49:44.000Z","latest_release_published_at":"2025-08-14T06:37:34.000Z","latest_release_number":"10.4.2","last_synced_at":"2026-06-12T04:01:59.092Z","created_at":"2022-07-31T06:11:16.187Z","updated_at":"2026-06-19T08:12:45.802Z","registry_url":"https://central.sonatype.com/artifact/com.nimbusds/nimbus-jose-jwt/","install_command":null,"documentation_url":"https://appdoc.app/artifact/com.nimbusds/nimbus-jose-jwt/","metadata":{"distribution_repositories":["https://oss.sonatype.org/service/local/staging/deploy/maven2/","https://oss.sonatype.org/content/repositories/snapshots"]},"repo_metadata":{"id":61593644,"uuid":"{90cd478b-ba58-44d2-9d68-ecbae0204b88}","full_name":"connect2id/nimbus-jose-jwt","owner":"connect2id","description":"Java library for Javascript Object Signing and Encryption (JOSE) and JSON Web Tokens (JWT)","archived":null,"fork":false,"pushed_at":null,"size":12789,"stargazers_count":null,"open_issues_count":null,"forks_count":null,"subscribers_count":null,"default_branch":"master","last_synced_at":"2023-05-17T00:37:19.298Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://connect2id.com/products/nimbus-jose-jwt","language":"java","has_issues":true,"has_wiki":true,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":null,"icon_url":"https://bitbucket.org/connect2id/nimbus-jose-jwt/avatar/","metadata":{},"created_at":"2012-09-14T12:48:34.290Z","updated_at":"2023-04-22T14:33:30.353Z","dependencies_parsed_at":"2022-10-19T16:00:46.098Z","dependency_job_id":null,"html_url":"https://bitbucket.org/connect2id/nimbus-jose-jwt","commit_stats":null,"previous_names":[],"tags_count":11,"template":null,"template_full_name":null,"purl":"pkg:bitbucket/connect2id/nimbus-jose-jwt","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/Bitbucket.org/repositories/connect2id%2Fnimbus-jose-jwt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/Bitbucket.org/repositories/connect2id%2Fnimbus-jose-jwt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/Bitbucket.org/repositories/connect2id%2Fnimbus-jose-jwt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/Bitbucket.org/repositories/connect2id%2Fnimbus-jose-jwt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/Bitbucket.org/owners/connect2id","download_url":"https://bitbucket.org/connect2id/nimbus-jose-jwt/get/master.zip","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/Bitbucket.org/repositories/connect2id%2Fnimbus-jose-jwt/sbom","scorecard":null,"host":{"name":"Bitbucket.org","url":"https://bitbucket.org","kind":"bitbucket","repositories_count":1704869,"owners_count":0,"icon_url":"https://github.com/atlassian.png","version":null,"created_at":"2022-05-30T11:31:42.608Z","updated_at":"2022-08-01T09:46:20.820Z","status":"online","status_checked_at":"2025-08-21T02:00:09.460Z","response_time":140,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.532Z","robots_txt_url":"https://bitbucket.org/robots.txt","online":true,"can_crawl_api":false,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/Bitbucket.org","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/Bitbucket.org/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/Bitbucket.org/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/Bitbucket.org/owners"},"tags":[]},"repo_metadata_updated_at":"2026-02-11T15:30:16.820Z","dependent_packages_count":806,"downloads":null,"downloads_period":null,"dependent_repos_count":6282,"rankings":{"downloads":null,"dependent_repos_count":0.11340867195639977,"dependent_packages_count":0.09637733429510299,"stargazers_count":null,"forks_count":null,"docker_downloads_count":0.0238438727258155,"average":0.07787662632577276},"purl":"pkg:maven/com.nimbusds/nimbus-jose-jwt","advisories":[{"uuid":"GSA_kwCzR0hTQS14d21nLTJnOTgtdzd2Oc4ABKC7","url":"https://github.com/advisories/GHSA-xwmg-2g98-w7v9","title":"Nimbus JOSE + JWT is vulnerable to DoS attacks when processing deeply nested JSON","description":"Connect2id Nimbus JOSE + JWT before 10.0.2 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2id product could have checked the JSON object nesting depth, regardless of what limits (if any) were imposed by Gson.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2025-07-11T03:30:34.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.8,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L","references":["https://nvd.nist.gov/vuln/detail/CVE-2025-53864","https://github.com/google/gson/commit/1039427ff0100293dd3cf967a53a55282c0fef6b","https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/583/stackoverflowerror-due-to-deeply-nested","https://github.com/google/gson/compare/gson-parent-2.11.0...gson-parent-2.12.0","https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/f7fb882cc08f027c9ceb874acec3b51c6222861c","https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/593/back-port-cve-2025-53864-fix-to-9x-branch","https://github.com/advisories/GHSA-xwmg-2g98-w7v9"],"source_kind":"github","identifiers":["GHSA-xwmg-2g98-w7v9","CVE-2025-53864"],"repository_url":"https://github.com/google/gson","blast_radius":0.0,"created_at":"2025-07-11T17:08:48.948Z","updated_at":"2026-06-19T07:03:35.449Z","epss_percentage":0.00143,"epss_percentile":0.34594,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14d21nLTJnOTgtdzd2Oc4ABKC7","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS14d21nLTJnOTgtdzd2Oc4ABKC7","packages":[{"ecosystem":"maven","package_name":"com.nimbusds:nimbus-jose-jwt","versions":[{"first_patched_version":"9.37.4","vulnerable_version_range":"\u003c 9.37.4"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14d21nLTJnOTgtdzd2Oc4ABKC7/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1ndnBnLXZnbXgteGc2d84AA5M9","url":"https://github.com/advisories/GHSA-gvpg-vgmx-xg6w","title":"Denial of Service in Connect2id Nimbus JOSE+JWT","description":"In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2024-02-11T06:30:27.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.7,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2023-52428","https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/3b3b77e","https://connect2id.com/products/nimbus-jose-jwt","https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/526","https://github.com/advisories/GHSA-gvpg-vgmx-xg6w"],"source_kind":"github","identifiers":["GHSA-gvpg-vgmx-xg6w","CVE-2023-52428"],"repository_url":"https://bitbucket.org/connect2id/nimbus-jose-jwt","blast_radius":33.043452008943625,"created_at":"2024-03-21T20:04:43.195Z","updated_at":"2026-06-07T16:05:50.739Z","epss_percentage":0.00105,"epss_percentile":0.28213,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ndnBnLXZnbXgteGc2d84AA5M9","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1ndnBnLXZnbXgteGc2d84AA5M9","packages":[{"ecosystem":"maven","package_name":"com.nimbusds:nimbus-jose-jwt","versions":[{"first_patched_version":"9.37.2","vulnerable_version_range":"\u003c 9.37.2"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ndnBnLXZnbXgteGc2d84AA5M9/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1qZm1xLTRnNG0tOTlyaM4AASBR","url":"https://github.com/advisories/GHSA-jfmq-4g4m-99rh","title":"Nimbus JOSE+JWT vulnerable to padding oracle attack","description":"Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.","origin":"UNSPECIFIED","severity":"LOW","published_at":"2022-05-13T01:42:51.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":3.1,"cvss_vector":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2017-12973","https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912","https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac","https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt","https://github.com/advisories/GHSA-jfmq-4g4m-99rh"],"source_kind":"github","identifiers":["GHSA-jfmq-4g4m-99rh","CVE-2017-12973"],"repository_url":"https://bitbucket.org/connect2id/nimbus-jose-jwt","blast_radius":0.0,"created_at":"2022-12-21T16:11:51.876Z","updated_at":"2026-06-18T16:10:49.330Z","epss_percentage":0.00332,"epss_percentile":0.56588,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qZm1xLTRnNG0tOTlyaM4AASBR","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1qZm1xLTRnNG0tOTlyaM4AASBR","packages":[{"ecosystem":"maven","package_name":"com.nimbusds:nimbus-jose-jwt","versions":[{"first_patched_version":"4.39","vulnerable_version_range":"\u003c 4.39"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qZm1xLTRnNG0tOTlyaM4AASBR/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS0ycXA5LXdnMjctOXBjds4AAQ1M","url":"https://github.com/advisories/GHSA-2qp9-wg27-9pcv","title":"Nimbus JOSE+JWT missing overflow check","description":"In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-13T01:30:32.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2017-12972","https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/0d2bd649ea386539220d4facfe1f65eb1dadb86c","https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/224/byte-to-bit-overflow-in-cbc","https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt","https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E","https://github.com/advisories/GHSA-2qp9-wg27-9pcv"],"source_kind":"github","identifiers":["GHSA-2qp9-wg27-9pcv","CVE-2017-12972"],"repository_url":"https://bitbucket.org/connect2id/nimbus-jose-jwt","blast_radius":0.0,"created_at":"2022-12-21T16:11:51.915Z","updated_at":"2026-06-09T13:10:11.453Z","epss_percentage":0.00149,"epss_percentile":0.3514,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0ycXA5LXdnMjctOXBjds4AAQ1M","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS0ycXA5LXdnMjctOXBjds4AAQ1M","packages":[{"ecosystem":"maven","package_name":"com.nimbusds:nimbus-jose-jwt","versions":[{"first_patched_version":"4.39","vulnerable_version_range":"\u003c 4.39"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0ycXA5LXdnMjctOXBjds4AAQ1M/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1wZnYyLTM3ZjctOW02d84AAQ1w","url":"https://github.com/advisories/GHSA-pfv2-37f7-9m6w","title":"Improper Verification of Cryptographic Signature in Nimbus JOSE+JWT","description":"Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack in environments where the JCE provider lacks the applicable curve validation.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-13T01:30:32.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2017-12974","https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/f3a7a801f0c6b078899fed9226368eb7b44e2b2f","https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/217/explicit-check-for-ec-public-key-on-curve","https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt","https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E","https://github.com/advisories/GHSA-pfv2-37f7-9m6w"],"source_kind":"github","identifiers":["GHSA-pfv2-37f7-9m6w","CVE-2017-12974"],"repository_url":"https://bitbucket.org/connect2id/nimbus-jose-jwt","blast_radius":0.0,"created_at":"2022-12-21T16:12:14.498Z","updated_at":"2026-04-28T20:09:22.993Z","epss_percentage":0.00141,"epss_percentile":0.34234,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wZnYyLTM3ZjctOW02d84AAQ1w","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1wZnYyLTM3ZjctOW02d84AAQ1w","packages":[{"ecosystem":"maven","package_name":"com.nimbusds:nimbus-jose-jwt","versions":[{"first_patched_version":"4.36","vulnerable_version_range":"\u003c 4.36"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wZnYyLTM3ZjctOW02d84AAQ1w/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY2dmYtcHE4Yy02OW00","url":"https://github.com/advisories/GHSA-f6vf-pq8c-69m4","title":"Improper Check for Unusual or Exceptional Conditions in Connect2id Nimbus JOSE+JWT","description":"Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.","origin":"UNSPECIFIED","severity":"CRITICAL","published_at":"2019-10-16T18:31:17.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":9.8,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2019-17195","https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/SECURITY-CHANGELOG.txt","https://connect2id.com/blog/nimbus-jose-jwt-7-9","https://lists.apache.org/thread.html/8768553cda5838f59ee3865cac546e824fa740e82d9dc2a7fc44e80d@%3Ccommon-dev.hadoop.apache.org%3E","https://lists.apache.org/thread.html/e10d43984f39327e443e875adcd4a5049193a7c010e81971908caf41@%3Ccommon-issues.hadoop.apache.org%3E","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://lists.apache.org/thread.html/r35f6301a3e6a56259224786dd9c2a935ba27ff6b494d15a3b66efe6a@%3Cdev.avro.apache.org%3E","https://lists.apache.org/thread.html/rcac26c2d4df22341fa6ebbfe93ba1eff77d2dcd3f6106a1dc1f9ac98@%3Cdev.avro.apache.org%3E","https://lists.apache.org/thread.html/r2667286c8ceffaf893b16829b9612d8f7c4ee6b30362c6c1b583e3c2@%3Ccommits.druid.apache.org%3E","https://lists.apache.org/thread.html/r33dc233634aedb04fa77db3eb79ea12d15ca4da89fa46a1c585ecb0b@%3Ccommits.druid.apache.org%3E","https://lists.apache.org/thread.html/r5e08837e695efd36be73510ce58ec05785dbcea077819d8acc2d990d@%3Ccommits.druid.apache.org%3E","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://github.com/advisories/GHSA-f6vf-pq8c-69m4"],"source_kind":"github","identifiers":["GHSA-f6vf-pq8c-69m4","CVE-2019-17195"],"repository_url":"https://bitbucket.org/connect2id/nimbus-jose-jwt","blast_radius":0.0,"created_at":"2022-12-21T16:13:27.719Z","updated_at":"2026-06-19T07:12:15.393Z","epss_percentage":0.0427,"epss_percentile":0.88863,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY2dmYtcHE4Yy02OW00","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY2dmYtcHE4Yy02OW00","packages":[{"ecosystem":"maven","package_name":"com.nimbusds:nimbus-jose-jwt","versions":[{"first_patched_version":"7.9","vulnerable_version_range":"\u003c 7.9"}],"purl":null,"statistics":{"dependent_packages_count":806,"dependent_repos_count":6282,"downloads":null,"downloads_period":null},"affected_versions":["2.10.1","2.11.0","2.12.0","2.13.0","2.13.1","2.14.0","2.15.0","2.15.1","2.15.2","2.17.1","2.17.2","2.18.1","2.18.2","2.19.1","2.22.1","2.26.1","3.1.1","3.1.2","3.2.1","3.2.2","3.8.1","3.8.2","3.9.1","3.9.2","4.0.1","4.1.1","4.3.1","4.11.1","4.11.2","4.13.1","4.15.1","4.16.1","4.16.2","4.26.1","4.27.1","4.31.1","4.34.1","4.34.2","4.36.1","4.37.1","4.39.1","4.39.2","4.41.1","4.41.2","4.41.3","6.0.1","6.0.2","6.1.1","6.3.1","6.4.1","6.4.2","6.5.1","7.0.1","7.2.1","7.5.1","7.8.1"],"unaffected_versions":["8.2.1","8.4.1","8.5.1","8.14.1","8.17.1","8.18.1","8.20.1","8.20.2","8.21.1","8.22.1","9.0.1","9.1.1","9.1.2","9.1.3","9.1.4","9.1.5","9.4.1","9.4.2","9.6.1","9.8.1","9.9.1","9.9.2","9.9.3","9.10.1","9.11.1","9.11.2","9.11.3","9.12.1","9.15.1","9.15.2","9.16.1","9.21.1","9.24.1","9.24.2","9.24.3","9.24.4","9.25.1","9.25.2","9.25.3","9.25.4","9.25.5","9.25.6","9.30.1","9.30.2","9.37.1","9.37.2","9.37.3","9.37.4","9.39.1","9.39.2","9.39.3","9.41.1","9.41.2","10.0.1","10.0.2","10.3.1","10.4.1","10.4.2"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY2dmYtcHE4Yy02OW00/related_packages","related_advisories":[]}],"docker_usage_url":"https://docker.ecosyste.ms/usage/maven/com.nimbusds:nimbus-jose-jwt","docker_dependents_count":6462,"docker_downloads_count":3562451130,"usage_url":"https://repos.ecosyste.ms/usage/maven/com.nimbusds:nimbus-jose-jwt","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/maven/com.nimbusds:nimbus-jose-jwt/dependencies","status":null,"funding_links":[],"critical":true,"issue_metadata":{"last_synced_at":"2025-07-02T15:35:58.426Z","issues_count":null,"pull_requests_count":null,"avg_time_to_close_issue":null,"avg_time_to_close_pull_request":null,"issues_closed_count":null,"pull_requests_closed_count":null,"pull_request_authors_count":null,"issue_authors_count":null,"avg_comments_per_issue":null,"avg_comments_per_pull_request":null,"merged_pull_requests_count":null,"bot_issues_count":null,"bot_pull_requests_count":null,"past_year_issues_count":null,"past_year_pull_requests_count":null,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":null,"past_year_issues_closed_count":null,"past_year_pull_requests_closed_count":null,"past_year_pull_request_authors_count":null,"past_year_issue_authors_count":null,"past_year_avg_comments_per_issue":null,"past_year_avg_comments_per_pull_request":null,"past_year_bot_issues_count":null,"past_year_bot_pull_requests_count":null,"past_year_merged_pull_requests_count":null,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/Bitbucket.org/repositories/connect2id%2Fnimbus-jose-jwt/issues","maintainers":[],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.nimbusds:nimbus-jose-jwt/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.nimbusds:nimbus-jose-jwt/version_numbers","latest_version_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.nimbusds:nimbus-jose-jwt/latest_version","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.nimbusds:nimbus-jose-jwt/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.nimbusds:nimbus-jose-jwt/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/com.nimbusds:nimbus-jose-jwt/codemeta","maintainers":[],"registry":{"name":"repo1.maven.org","url":"https://repo.maven.apache.org/maven2","ecosystem":"maven","default":true,"packages_count":608482,"maintainers_count":0,"namespaces_count":80807,"keywords_count":34879,"github":"maven-central","metadata":{"funded_packages_count":37828},"icon_url":"https://github.com/maven-central.png","created_at":"2022-07-21T16:40:13.074Z","updated_at":"2026-06-10T05:05:55.821Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/namespaces"}}],"commits":{"id":1741783,"full_name":"connect2id/nimbus-jose-jwt","default_branch":"master","total_commits":2326,"total_committers":67,"total_bot_commits":0,"total_bot_committers":0,"mean_commits":34.71641791044776,"dds":0.2300085984522786,"past_year_total_commits":61,"past_year_total_committers":3,"past_year_total_bot_commits":0,"past_year_total_bot_committers":0,"past_year_mean_commits":20.333333333333332,"past_year_dds":0.09836065573770492,"last_synced_at":"2025-12-28T03:13:18.258Z","last_synced_commit":"6a6d0b3d7cf3a7a9830cc8c1e8f54b7a993c706a","created_at":"2024-09-13T18:28:57.300Z","updated_at":"2025-12-28T03:13:17.975Z","committers":[{"name":"Vladimir Dzhuvinov","email":"vladimir@dzhuvinov.com","login":null,"count":1791},{"name":"Connect2id Support","email":"support@connect2id.com","login":null,"count":280},{"name":"Alexander Martynov","email":"alexander.martynov@dsr-corporation.com","login":null,"count":42},{"name":"epuzanov","email":"epuzanov@users.noreply.github.com","login":null,"count":35},{"name":"Justin Richer","email":"jricher@mitre.org","login":null,"count":34},{"name":"Sebastian Stenzel","email":"sebastian.stenzel@skymatic.de","login":null,"count":17},{"name":"Josh Cummings","email":"josh.cummings@gmail.com","login":null,"count":14},{"name":"Thomas Skjølberg","email":"thomas.skjolberg@gmail.com","login":null,"count":11},{"name":"Casey Lee","email":"casele@vsp.com","login":null,"count":5},{"name":"Cedric Staub","email":"cs@squareup.com","login":null,"count":5},{"name":"Marco Vermeulen","email":"vermeulen.mp@gmail.com","login":null,"count":5},{"name":"Nate Hart","email":"nhart@tableau.com","login":null,"count":5},{"name":"Quentin CASTEL","email":"quentin.castel@forgerock.com","login":null,"count":4},{"name":"Tim McLean","email":"tim@timmclean.net","login":null,"count":4},{"name":"Ville Kurkinen","email":"ville.kurkinen@f-secure.com","login":null,"count":4},{"name":"YV","email":"yv@connect2id.com","login":null,"count":4},{"name":"Justin Richer","email":"justin@bspk.io","login":null,"count":3},{"name":"Mikko Tommila","email":"mikko.tommila@nitorcreations.com","login":null,"count":3},{"name":"Strehle, Markus","email":"markus.strehle@sap.com","login":null,"count":3},{"name":"Dave Ortiz","email":"daveortiz@gmail.com","login":null,"count":2},{"name":"Dimitar A. Stoikov","email":"dstoikov@axway.com","login":null,"count":2},{"name":"Garry","email":"garry@cambridgesemantics.com","login":null,"count":2},{"name":"Gennadi Kudrjavtsev","email":"ydanneg@gmail.com","login":null,"count":2},{"name":"Peder T. Haagensli","email":"peder.haagensli@gmail.com","login":null,"count":2},{"name":"Sander Mak","email":"sander.mak@luminis.eu","login":null,"count":2},{"name":"Vedran Pavic","email":"vedran.pavic@gmail.com","login":null,"count":2},{"name":"Yi Zhao","email":"zhao.y@salesforce.com","login":null,"count":2},{"name":"toma","email":"tomavelev@gmail.com","login":null,"count":2},{"name":"Aleksei Doroganov","email":"ADoroganov@luxoft.com","login":null,"count":1},{"name":"Alex Soto","email":"alex.soto@scytl.com","login":null,"count":1},{"name":"Alexander Martynov","email":"87315034+asmarty@users.noreply.github.com","login":null,"count":1},{"name":"Angel Cervera Claudio","email":"angelcervera@silyan.com","login":null,"count":1},{"name":"Artun Subasi","email":"asubasi@gmail.com","login":null,"count":1},{"name":"Ben Cass","email":"ben.cass@mutualofomaha.com","login":null,"count":1},{"name":"Carlos Tasada","email":"carlos.tasada@personio.de","login":null,"count":1},{"name":"Chris Cowan","email":"agentme49@gmail.com","login":null,"count":1},{"name":"Davis Gallinghouse","email":"davis@squareup.com","login":null,"count":1},{"name":"Eric Edens","email":"ericeden@amazon.com","login":null,"count":1},{"name":"Esa Puttonen","email":"esa.puttonen@nitorcreations.com","login":null,"count":1},{"name":"Eugene Kuleshov","email":"ekuleshov@gmail.com","login":null,"count":1},{"name":"Fernando Gonzalez Callejas","email":"nfgc00@gmail.com","login":null,"count":1},{"name":"JaapBeetstra","email":"jaap@app-it-up.com","login":null,"count":1},{"name":"Jonathan Giles","email":"jonathan@jonathangiles.net","login":null,"count":1},{"name":"Jun Yu","email":"yujun.china@gmail.com","login":null,"count":1},{"name":"Justin Cranford","email":"justin.cranford@elastic.co","login":null,"count":1},{"name":"Justin Guerra","email":"jguerra@pandora.com","login":null,"count":1},{"name":"Kevin Wang","email":"kevin807359@gmail.com","login":null,"count":1},{"name":"Miguel Pontes","email":"mpontes@users.noreply.github.com","login":null,"count":1},{"name":"Misagh Moayyed","email":"mm1844@gmail.com","login":null,"count":1},{"name":"Omer Levi Hevroni","email":"omerl@soluto.com","login":null,"count":1},{"name":"Pankaj Yadav","email":"pyadav@cloudbees.com","login":null,"count":1},{"name":"Pedro Bueno","email":"pbuenoyerbes@cloudbees.com","login":null,"count":1},{"name":"Ralf Wagner","email":"ralf@yes.com","login":null,"count":1},{"name":"River Satya","email":"river@squareup.com","login":null,"count":1},{"name":"Samuel Gulliksson","email":"samuel.gulliksson@gmail.com","login":null,"count":1},{"name":"Sean Kavanagh","email":"skavanagh@cardinalcommerce.com","login":null,"count":1},{"name":"Serge Hauser","email":"serge.hauser@ergon.ch","login":null,"count":1},{"name":"Stefan Larsson","email":"stefan@ngti.nl","login":null,"count":1},{"name":"Stian Svedenborg","email":"stian.svedenborg@bidbax.no","login":null,"count":1},{"name":"Thomas Meyer","email":"thomas@m3y3r.de","login":null,"count":1},{"name":"Tobias Stadler","email":"ts.stadler@gmx.de","login":null,"count":1},{"name":"Toby Gilham","email":"toby.gilham@skybettingandgaming.com","login":null,"count":1},{"name":"Yinon Avraham","email":"yinonavraham@gmail.com","login":null,"count":1},{"name":"Yohei Ueki","email":"yueki1993@users.noreply.github.com","login":null,"count":1},{"name":"diamondq","email":"registration@michaelmansell.com","login":null,"count":1},{"name":"steven_upton","email":"steve.upton@ebasetech.com","login":null,"count":1},{"name":"stevenupton","email":"steve@upton.me.uk","login":null,"count":1}],"past_year_committers":[{"name":"Vladimir Dzhuvinov","email":"vladimir@dzhuvinov.com","login":null,"count":55},{"name":"Sebastian Stenzel","email":"sebastian.stenzel@skymatic.de","login":null,"count":4},{"name":"Peder T. Haagensli","email":"peder.haagensli@gmail.com","login":null,"count":2}],"commits_url":"https://commits.ecosyste.ms/api/v1/hosts/Bitbucket.org/repositories/connect2id%2Fnimbus-jose-jwt/commits","host":{"name":"Bitbucket.org","url":"https://bitbucket.org","kind":"bitbucket","last_synced_at":"2026-01-19T00:00:11.759Z","repositories_count":9609,"commits_count":759867,"contributors_count":30149,"owners_count":4664,"icon_url":"https://github.com/atlassian.png","host_url":"https://commits.ecosyste.ms/api/v1/hosts/Bitbucket.org","repositories_url":"https://commits.ecosyste.ms/api/v1/hosts/Bitbucket.org/repositories"}},"issues":{"table":{"full_name":"connect2id/nimbus-jose-jwt","html_url":"https://bitbucket.org/connect2id/nimbus-jose-jwt","last_synced_at":"2026-01-25T15:00:48.857Z","status":"error","issues_count":null,"pull_requests_count":null,"avg_time_to_close_issue":null,"avg_time_to_close_pull_request":null,"issues_closed_count":null,"pull_requests_closed_count":null,"pull_request_authors_count":null,"issue_authors_count":null,"avg_comments_per_issue":null,"avg_comments_per_pull_request":null,"merged_pull_requests_count":null,"bot_issues_count":null,"bot_pull_requests_count":null,"past_year_issues_count":null,"past_year_pull_requests_count":null,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":null,"past_year_issues_closed_count":null,"past_year_pull_requests_closed_count":null,"past_year_pull_request_authors_count":null,"past_year_issue_authors_count":null,"past_year_avg_comments_per_issue":null,"past_year_avg_comments_per_pull_request":null,"past_year_bot_issues_count":null,"past_year_bot_pull_requests_count":null,"past_year_merged_pull_requests_count":null,"created_at":"2023-05-16T21:47:27.194Z","updated_at":"2026-01-25T15:00:48.858Z","repository_url":"https://issues.ecosyste.ms/api/v1/hosts/Bitbucket.org/repositories/connect2id%2Fnimbus-jose-jwt","issues_url":"https://issues.ecosyste.ms/api/v1/hosts/Bitbucket.org/repositories/connect2id%2Fnimbus-jose-jwt/issues","issue_labels_count":{"table":{}},"pull_request_labels_count":{"table":{}},"issue_author_associations_count":{"table":{}},"pull_request_author_associations_count":{"table":{}},"issue_authors":{"table":{}},"pull_request_authors":{"table":{}},"host":{"table":{"name":"Bitbucket.org","url":"https://bitbucket.org","kind":"bitbucket","last_synced_at":"2026-01-25T00:00:08.483Z","repositories_count":0,"issues_count":0,"pull_requests_count":0,"authors_count":0,"icon_url":"https://github.com/atlassian.png","host_url":"https://issues.ecosyste.ms/api/v1/hosts/Bitbucket.org","repositories_url":"https://issues.ecosyste.ms/api/v1/hosts/Bitbucket.org/repositories","owners_url":"https://issues.ecosyste.ms/api/v1/hosts/Bitbucket.org/owners","authors_url":"https://issues.ecosyste.ms/api/v1/hosts/Bitbucket.org/authors"}},"past_year_issue_labels_count":{"table":{}},"past_year_pull_request_labels_count":{"table":{}},"past_year_issue_author_associations_count":{"table":{}},"past_year_pull_request_author_associations_count":{"table":{}},"past_year_issue_authors":{"table":{}},"past_year_pull_request_authors":{"table":{}},"maintainers":[],"active_maintainers":[]}},"events":null,"keywords":[],"dependencies":[{"ecosystem":"maven","filepath":"pom.xml","sha":null,"kind":"manifest","created_at":"2022-10-19T16:00:45.943Z","updated_at":"2022-10-19T16:00:45.943Z","repository_link":"https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/pom.xml","dependencies":[{"id":6419878140,"package_name":"com.github.stephenc.jcip:jcip-annotations","ecosystem":"maven","requirements":"1.0-1","direct":true,"kind":"runtime","optional":false},{"id":6419878141,"package_name":"com.google.code.gson:gson","ecosystem":"maven","requirements":"2.9.1","direct":true,"kind":"runtime","optional":false},{"id":6419878142,"package_name":"org.bouncycastle:bcprov-jdk15on","ecosystem":"maven","requirements":"1.70","direct":true,"kind":"runtime","optional":false},{"id":6419878143,"package_name":"org.bouncycastle:bcutil-jdk15on","ecosystem":"maven","requirements":"1.70","direct":true,"kind":"runtime","optional":false},{"id":6419878144,"package_name":"org.bouncycastle:bc-fips","ecosystem":"maven","requirements":"[1.0.2,2.0.0)","direct":true,"kind":"runtime","optional":false},{"id":6419878145,"package_name":"org.bouncycastle:bcpkix-jdk15on","ecosystem":"maven","requirements":"1.70","direct":true,"kind":"runtime","optional":false},{"id":6419878146,"package_name":"com.google.crypto.tink:tink","ecosystem":"maven","requirements":"1.7.0","direct":true,"kind":"runtime","optional":false},{"id":6419878147,"package_name":"org.bitbucket.b_c:jose4j","ecosystem":"maven","requirements":"0.4.1","direct":true,"kind":"test","optional":false},{"id":6419878148,"package_name":"net.jadler:jadler-all","ecosystem":"maven","requirements":"1.3.1","direct":true,"kind":"test","optional":false},{"id":6419878149,"package_name":"junit:junit","ecosystem":"maven","requirements":"4.13.2","direct":true,"kind":"test","optional":false}]}],"score":null,"created_at":"2025-09-03T16:45:27.446Z","updated_at":"2026-06-20T14:30:47.305Z","avatar_url":"https://bitbucket.org/connect2id/nimbus-jose-jwt/avatar/","language":"java","codemeta":null,"publiccode":null,"project_url":"https://summary.ecosyste.ms/api/v1/projects/364117","html_url":"https://summary.ecosyste.ms/projects/364117"}