Public scan reportRepository
jpadilla/pyjwt
Scanned on May 11, 2026
Risk score/ 100
High risk
Summary
PyJWT library exhibits high quantum vulnerability with 95 instances of quantum-susceptible algorithms including RSA, ECDSA (NIST P-256/384/521), and Ed25519. As a widely-used JWT implementation library, migration to post-quantum cryptography is critical to protect token integrity against future quantum attacks. The library's core cryptographic infrastructure requires comprehensive redesign to support NIST-approved PQC algorithms.
0
95
0
2
Top findings
- HighNIST P-521 curve
jwt/algorithms.py:162
- HighECDSA
jwt/api_jwk.py:45
ML-DSA (CRYSTALS-Dilithium) or SLH-DSA (SPHINCS+)
- HighRSA
tests/keys/__init__.py:48
ML-KEM (CRYSTALS-Kyber) for key encapsulation
- HighECDSA
tests/test_api_jws.py:218
ML-DSA (CRYSTALS-Dilithium) or SLH-DSA (SPHINCS+)
- HighPKCS#1 (RSA-based)
tests/test_algorithms.py:80
+ 92 more findings in the full report
Scan your own repository
Free. Results in ~90 seconds. CBOM + DORA/NIS2 PDF included.