CVE-2020-26160 in jwt-go
I have not been able to inspect the alert, but this needs to be looked at:
https://github.com/leapcode/vpnweb/security/dependabot/go.mod/github.com%2Fdgrijalva%2Fjwt-go/open
no impact right now, since there's no known deployment of the SIP authenticator.