latchset/jwcrypto

Scanned on Jun 25, 2026

Risk score/ 100

Critical risk

Summary

The jwcrypto library implements JOSE (JWS/JWE) standards using exclusively quantum-vulnerable algorithms including RSA, ECDSA, and ECDH across all cryptographic operations. With 5 critical findings of inadequate RSA key sizes (≤2048 bits) and 36 high-severity quantum-vulnerable patterns, this library provides no post-quantum security for JWT signatures, encryption, or key exchange.

Critical

High

Medium

Low

Top findings

CriticalCWE-326RSA key ≤ 2048 bits
jwcrypto/jwa.py:251
Raw evidence
```
keysize = 2048
```
CriticalCWE-326RSA key ≤ 2048 bits
jwcrypto/jwa.py:262
Raw evidence
```
description = "RSASSA-PKCS1-v1_5 using SHA-512"
```
CriticalCWE-326RSA key ≤ 2048 bits
jwcrypto/jwa.py:263
Raw evidence
```
keysize = 2048
```
CriticalCWE-326RSA key ≤ 2048 bits
jwcrypto/jwa.py:239
Raw evidence
```
keysize = 2048
```
CriticalCWE-326RSA key ≤ 2048 bits
jwcrypto/jwa.py:227
Raw evidence
```
keysize = 512
```

+ 36 more findings in the full report

Scan your own repository

Free. Results in ~90 seconds. CBOM + DORA/NIS2 PDF included.

Start a free scan