Skip to content
QuantumScanPublic scan report

Repository

jpadilla/pyjwt

Scanned on May 13, 2026

78

Risk score/ 100

High risk

Summary

PyJWT library extensively uses quantum-vulnerable cryptographic algorithms including RSA, ECDSA (NIST P-256/384/521, secp256k1), and EdDSA across 95 identified instances. As a JWT implementation library, its core functionality relies entirely on classical public-key cryptography that will become insecure against quantum attacks, requiring comprehensive algorithm migration to maintain long-term security guarantees.

Critical

0

High

95

Medium

0

Low

2

Top findings

  • HighECDSA

    tests/test_utils.py:55

    ML-DSA (CRYSTALS-Dilithium) or SLH-DSA (SPHINCS+)

  • HighECDSA

    jwt/algorithms.py:159

    ML-DSA (CRYSTALS-Dilithium) or SLH-DSA (SPHINCS+)

  • HighRSA

    jwt/algorithms.py:115

    ML-KEM (CRYSTALS-Kyber) for key encapsulation

  • HighECDSA

    tests/test_utils.py:56

    ML-DSA (CRYSTALS-Dilithium) or SLH-DSA (SPHINCS+)

  • HighECDSA

    tests/test_utils.py:57

    ML-DSA (CRYSTALS-Dilithium) or SLH-DSA (SPHINCS+)

+ 92 more findings in the full report

Scan your own repository

Free. Results in ~90 seconds. CBOM + DORA/NIS2 PDF included.

Start a free scan