Skip to content
QuantumScanPublic scan report

Repository

jpadilla/pyjwt

Scanned on Jun 5, 2026

73

Risk score/ 100

High risk

Summary

PyJWT library relies heavily on quantum-vulnerable cryptographic algorithms including ECDSA (multiple NIST curves and secp256k1) and RSA for JWT signing operations. With 90 high-severity findings across cryptographic implementation files, the library faces significant post-quantum security risks that will impact all downstream applications using JWT authentication.

Critical

0

High

90

Medium

0

Low

2

Top findings

  • HighECDSA

    jwt/algorithms.py:41

    ML-DSA (CRYSTALS-Dilithium) or SLH-DSA (SPHINCS+)

  • HighNIST P-256 curve

    jwt/algorithms.py:43

    ML-KEM or ML-DSA

  • HighNIST P-384 curve

    jwt/algorithms.py:44

    ML-KEM or ML-DSA

  • HighNIST P-521 curve

    jwt/algorithms.py:45

  • HighElliptic Curve Cryptography

    jwt/algorithms.py:46

+ 87 more findings in the full report

Scan your own repository

Free. Results in ~90 seconds. CBOM + DORA/NIS2 PDF included.

Start a free scan