🔌 APIs & SDKsTwilio

Project package.json contains vulnerable version of jsonwebtoken

Freshabout 3 years ago

Mar 14, 20260 views

Confidence Score84%

84%

Problem

Issue Summary jsonwebtoken v9 has been released to address vulnerability found in 8.51 and lower. Steps to Reproduce Look at the package.json Suggest updating twilio dependency to 9 so users of twilio can keep the package and avoid security warning messages. Resource: https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529/

Unverified for your environment

Select your OS to check compatibility.

Your OS

OS version

Product version

1 Fix

Canonical Fix

High Confidence Fix

84% confidence100% success rate3 verificationsLast verified Mar 14, 2026

Solution: Project package.json contains vulnerable version of jsonwebtoken

Low Risk

@vetlevo We plan to release v4 on Jan 25 as of current progress, subject to change.

Trust Score

3 verifications

100% success

1
@vetlevo We plan to release v4 on Jan 25 as of current progress, subject to chan
@vetlevo We plan to release v4 on Jan 25 as of current progress, subject to change.

Validation

Resolved in twilio/twilio-node GitHub issue #884. Community reactions: 2 upvotes.

Verification Summary

Worked: 3

Last verified Mar 14, 2026

Environment

Submitted by

Alex Chen

2450 rep