diff --git a/include/jwt-cpp/jwt.h b/include/jwt-cpp/jwt.h
index f01a42f7d..f023d98a8 100644
--- a/include/jwt-cpp/jwt.h
+++ b/include/jwt-cpp/jwt.h
@@ -846,7 +846,7 @@ namespace jwt {
 			bn2raw(const BIGNUM* bn)
 #endif
 		{
-			std::string res(BN_num_bytes(bn), '\0');
+			std::string res(static_cast<size_t>(BN_num_bytes(bn)), '\0');
 			BN_bn2bin(bn, (unsigned char*)res.data()); // NOLINT(google-readability-casting) requires `const_cast`
 			return res;
 		}
@@ -1403,7 +1403,7 @@ namespace jwt {
 				std::string res(static_cast<size_t>(EVP_MAX_MD_SIZE), '\0');
 				auto len = static_cast<unsigned int>(res.size());
 				if (HMAC(md(), secret.data(), static_cast<int>(secret.size()),
-						 reinterpret_cast<const unsigned char*>(data.data()), static_cast<int>(data.size()),
+						 reinterpret_cast<const unsigned char*>(data.data()), data.size(),
 						 (unsigned char*)res.data(), // NOLINT(google-readability-casting) requires `const_cast`
 						 &len) == nullptr) {
 					ec = error::signature_generation_error::hmac_failed;
@@ -1501,7 +1501,7 @@ namespace jwt {
 					return {};
 				}
 
-				std::string res(EVP_PKEY_size(pkey.get()), '\0');
+				std::string res(static_cast<size_t>(EVP_PKEY_size(pkey.get())), '\0');
 				unsigned int len = 0;
 
 				if (!EVP_SignUpdate(ctx.get(), data.data(), data.size())) {
@@ -1538,8 +1538,9 @@ namespace jwt {
 					ec = error::signature_verification_error::verifyupdate_failed;
 					return;
 				}
+				const unsigned int sig_size = static_cast<unsigned int>(signature.size());
 				auto res = EVP_VerifyFinal(ctx.get(), reinterpret_cast<const unsigned char*>(signature.data()),
-										   static_cast<unsigned int>(signature.size()), pkey.get());
+										   sig_size, pkey.get());
 				if (res != 1) {
 					ec = error::signature_verification_error::verifyfinal_failed;
 					return;
@@ -1588,7 +1589,7 @@ namespace jwt {
 				}
 				if (!pkey) throw error::ecdsa_exception(error::ecdsa_error::invalid_key);
 
-				size_t keysize = EVP_PKEY_bits(pkey.get());
+				size_t keysize = static_cast<size_t>(EVP_PKEY_bits(pkey.get()));
 				if (keysize != signature_length * 4 && (signature_length != 132 || keysize != 521))
 					throw error::ecdsa_exception(error::ecdsa_error::invalid_key_size);
 			}
@@ -1604,7 +1605,7 @@ namespace jwt {
 			ecdsa(helper::evp_pkey_handle key_pair, const EVP_MD* (*md)(), std::string name, size_t siglen)
 				: pkey(std::move(key_pair)), md(md), alg_name(std::move(name)), signature_length(siglen) {
 				if (!pkey) { throw error::ecdsa_exception(error::ecdsa_error::no_key_provided); }
-				size_t keysize = EVP_PKEY_bits(pkey.get());
+				size_t keysize = static_cast<size_t>(EVP_PKEY_bits(pkey.get()));
 				if (keysize != signature_length * 4 && (signature_length != 132 || keysize != 521))
 					throw error::ecdsa_exception(error::ecdsa_error::invalid_key_size);
 			}
@@ -1626,7 +1627,7 @@ namespace jwt {
 					ec = error::signature_generation_error::signinit_failed;
 					return {};
 				}
-				if (!EVP_DigestUpdate(ctx.get(), data.data(), static_cast<unsigned int>(data.size()))) {
+				if (!EVP_DigestUpdate(ctx.get(), data.data(), data.size())) {
 					ec = error::signature_generation_error::digestupdate_failed;
 					return {};
 				}
@@ -1666,7 +1667,7 @@ namespace jwt {
 					ec = error::signature_verification_error::verifyinit_failed;
 					return;
 				}
-				if (!EVP_DigestUpdate(ctx.get(), data.data(), static_cast<unsigned int>(data.size()))) {
+				if (!EVP_DigestUpdate(ctx.get(), data.data(), data.size())) {
 					ec = error::signature_verification_error::verifyupdate_failed;
 					return;
 				}
@@ -1779,14 +1780,14 @@ namespace jwt {
 					ec = error::signature_verification_error::signature_encoding_failed;
 					return {};
 				}
-				std::string der_signature(length, '\0');
+				std::string der_signature(static_cast<size_t>(length), '\0');
 				unsigned char* psbuffer = (unsigned char*)der_signature.data();
 				length = i2d_ECDSA_SIG(psig, &psbuffer);
 				if (length < 0) {
 					ec = error::signature_verification_error::signature_encoding_failed;
 					return {};
 				}
-				der_signature.resize(length);
+				der_signature.resize(static_cast<size_t>(length));
 				return der_signature;
 			}
 
@@ -1849,7 +1850,7 @@ namespace jwt {
 					return {};
 				}
 
-				size_t len = EVP_PKEY_size(pkey.get());
+				size_t len = static_cast<size_t>(EVP_PKEY_size(pkey.get()));
 				std::string res(len, '\0');
 
 // LibreSSL and OpenSSL, require the oneshot EVP_DigestSign API.
@@ -1904,14 +1905,14 @@ namespace jwt {
 					return;
 				}
 				if (EVP_DigestVerifyFinal(ctx.get(), reinterpret_cast<const unsigned char*>(signature.data()),
-										  signature.size()) != 1) {
+										  static_cast<unsigned int>(signature.size())) != 1) {
 					ec = error::signature_verification_error::verifyfinal_failed;
 					return;
 				}
-#else
+#else // !LIBWOLFSSL_VERSION_HEX (OpenSSL/LibreSSL)
 				auto res = EVP_DigestVerify(ctx.get(), reinterpret_cast<const unsigned char*>(signature.data()),
-											signature.size(), reinterpret_cast<const unsigned char*>(data.data()),
-											data.size());
+											static_cast<unsigned int>(signature.size()),
+											reinterpret_cast<const unsigned char*>(data.data()), data.size());
 				if (res != 1) {
 					ec = error::signature_verification_error::verifyfinal_failed;
 					return;
@@ -1985,12 +1986,12 @@ namespace jwt {
 					return {};
 				}
 #endif
-				if (EVP_DigestUpdate(md_ctx.get(), data.data(), static_cast<unsigned int>(data.size())) != 1) {
+				if (EVP_DigestUpdate(md_ctx.get(), data.data(), data.size()) != 1) {
 					ec = error::signature_generation_error::digestupdate_failed;
 					return {};
 				}
 
-				size_t size = EVP_PKEY_size(pkey.get());
+				size_t size = static_cast<size_t>(EVP_PKEY_size(pkey.get()));
 				std::string res(size, 0x00);
 				if (EVP_DigestSignFinal(
 						md_ctx.get(),
@@ -2034,12 +2035,13 @@ namespace jwt {
 					return;
 				}
 #endif
-				if (EVP_DigestUpdate(md_ctx.get(), data.data(), static_cast<unsigned int>(data.size())) != 1) {
+				if (EVP_DigestUpdate(md_ctx.get(), data.data(), data.size()) != 1) {
 					ec = error::signature_verification_error::verifyupdate_failed;
 					return;
 				}
 
-				if (EVP_DigestVerifyFinal(md_ctx.get(), (unsigned char*)signature.data(), signature.size()) <= 0) {
+				if (EVP_DigestVerifyFinal(md_ctx.get(), (unsigned char*)signature.data(),
+										  static_cast<unsigned int>(signature.size())) <= 0) {
 					ec = error::signature_verification_error::verifyfinal_failed;
 					return;
 				}
@@ -3569,7 +3571,7 @@ namespace jwt {
 
 				while (in_next != in_end) {
 					wchar_t wc;
-					std::size_t result = std::mbrtowc(&wc, in_next, in_end - in_next, &state);
+					std::size_t result = std::mbrtowc(&wc, in_next, static_cast<size_t>(in_end - in_next), &state);
 					if (result == static_cast<std::size_t>(-1)) {
 						throw std::runtime_error("encoding error: " + std::string(std::strerror(errno)));
 					} else if (result == static_cast<std::size_t>(-2)) {
diff --git a/include/picojson/picojson.h b/include/picojson/picojson.h
index 76742fe06..10968e1ef 100644
--- a/include/picojson/picojson.h
+++ b/include/picojson/picojson.h
@@ -384,7 +384,7 @@ GET(array, *u_.array_)
 GET(object, *u_.object_)
 #ifdef PICOJSON_USE_INT64
 GET(double,
-    (type_ == int64_type && (const_cast<value *>(this)->type_ = number_type, (const_cast<value *>(this)->u_.number_ = u_.int64_)),
+    ((void)(type_ == int64_type && (const_cast<value *>(this)->type_ = number_type, (const_cast<value *>(this)->u_.number_ = static_cast<double>(u_.int64_)), true)),
      u_.number_))
 GET(int64_t, u_.int64_)
 #else