Search by 
web-token/jwt-experimental Security Advisories for 3.3.0 (1)
-
[MEDIUM] PHP JWT Framework: Chacha20Poly1305 key-encryption algorithm discards the Poly1305 authentication tag, performing no authentication on decryption
PKSA-z37k-njn7-w125 GHSA-6vvh-pxr4-25r7
Affected version: <=4.1.6
Reported by:
GitHub