Connect2id Nimbus Josejwt
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Connect2id Nimbus Josejwt.
By the Year
In 2026 there have been 0 vulnerabilities in Connect2id Nimbus Josejwt. Last year, in 2025 Nimbus Josejwt had 1 security vulnerability published. Right now, Nimbus Josejwt is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 5.80 |
| 2024 | 1 | 7.50 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 0.00 |
It may take a day or so for new Nimbus Josejwt vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Connect2id Nimbus Josejwt Security Vulnerabilities
Connect2id Nimbus JOSE+JWT <=10.0.1 DoS via uncontrolled recursion
CVE-2025-53864
5.8 - Medium
- July 11, 2025
Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2id product could have checked the JSON object nesting depth, regardless of what limits (if any) were imposed by Gson.
Stack Exhaustion
Java: Nimbus JOSE+JWT <9.37.2 DoS via large JWE p2c header
CVE-2023-52428
7.5 - High
- February 11, 2024
In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT
CVE-2019-17195
- October 15, 2019
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Connect2id Nimbus Josejwt or by Connect2id? Click the Watch button to subscribe.
