Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/python-cryptography@38.0.4-3%2Bdeb12u1
Typedeb
Namespacedebian
Namepython-cryptography
Version38.0.4-3+deb12u1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version46.0.7-1
Latest_non_vulnerable_version46.0.7-1
Affected_by_vulnerabilities
0
url VCID-f44c-ygbw-bufn
vulnerability_id VCID-f44c-ygbw-bufn
summary 
cryptography Vulnerable to a Subgroup Attack Due to Missing Subgroup Validation for SECT Curves
## Vulnerability Summary

The `public_key_from_numbers` (or `EllipticCurvePublicNumbers.public_key()`), `EllipticCurvePublicNumbers.public_key()`, `load_der_public_key()` and `load_pem_public_key()` functions do not verify that the point belongs to the expected prime-order subgroup of the curve.

This missing validation allows an attacker to provide a public key point `P` from a small-order subgroup.  This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as `S = [victim_private_key]P` via ECDH,  this leaks information about `victim_private_key mod (small_subgroup_order)`. For curves with cofactor > 1, this reveals the least significant bits of the private key.  When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup.

Only SECT curves are impacted by this.

## Credit

This vulnerability was discovered by:
- XlabAI Team of Tencent Xuanwu Lab
- Atuin Automated Vulnerability Discovery Engine
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26007.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26007.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-26007
reference_id
reference_type
scores
0
value 8e-05
scoring_system epss
scoring_elements 0.0069
published_at 2026-04-18T12:55:00Z
1
value 8e-05
scoring_system epss
scoring_elements 0.00684
published_at 2026-04-16T12:55:00Z
2
value 8e-05
scoring_system epss
scoring_elements 0.00691
published_at 2026-04-13T12:55:00Z
3
value 8e-05
scoring_system epss
scoring_elements 0.00697
published_at 2026-04-11T12:55:00Z
4
value 8e-05
scoring_system epss
scoring_elements 0.00707
published_at 2026-04-08T12:55:00Z
5
value 8e-05
scoring_system epss
scoring_elements 0.00708
published_at 2026-04-07T12:55:00Z
6
value 9e-05
scoring_system epss
scoring_elements 0.00918
published_at 2026-04-21T12:55:00Z
7
value 9e-05
scoring_system epss
scoring_elements 0.00944
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-26007
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26007
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26007
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pyca/cryptography
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography
5
reference_url https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:28:38Z/
url https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c
6
reference_url https://github.com/pyca/cryptography/releases/tag/46.0.5
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography/releases/tag/46.0.5
7
reference_url https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:28:38Z/
url https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-26007
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-26007
9
reference_url http://www.openwall.com/lists/oss-security/2026/02/10/4
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/02/10/4
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127926
reference_id 1127926
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127926
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2438762
reference_id 2438762
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2438762
12
reference_url https://github.com/advisories/GHSA-r6ph-v2qm-q3c2
reference_id GHSA-r6ph-v2qm-q3c2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r6ph-v2qm-q3c2
13
reference_url https://access.redhat.com/errata/RHSA-2026:10184
reference_id RHSA-2026:10184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10184
14
reference_url https://access.redhat.com/errata/RHSA-2026:2694
reference_id RHSA-2026:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2694
15
reference_url https://access.redhat.com/errata/RHSA-2026:5168
reference_id RHSA-2026:5168
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5168
16
reference_url https://access.redhat.com/errata/RHSA-2026:5665
reference_id RHSA-2026:5665
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5665
17
reference_url https://access.redhat.com/errata/RHSA-2026:6308
reference_id RHSA-2026:6308
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6308
18
reference_url https://access.redhat.com/errata/RHSA-2026:6309
reference_id RHSA-2026:6309
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6309
19
reference_url https://access.redhat.com/errata/RHSA-2026:6404
reference_id RHSA-2026:6404
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6404
20
reference_url https://access.redhat.com/errata/RHSA-2026:6497
reference_id RHSA-2026:6497
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6497
21
reference_url https://access.redhat.com/errata/RHSA-2026:6567
reference_id RHSA-2026:6567
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6567
22
reference_url https://access.redhat.com/errata/RHSA-2026:6568
reference_id RHSA-2026:6568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6568
23
reference_url https://access.redhat.com/errata/RHSA-2026:7295
reference_id RHSA-2026:7295
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7295
24
reference_url https://usn.ubuntu.com/8087-1/
reference_id USN-8087-1
reference_type
scores
url https://usn.ubuntu.com/8087-1/
fixed_packages
0
url pkg:deb/debian/python-cryptography@43.0.0-3%2Bdeb13u1
purl pkg:deb/debian/python-cryptography@43.0.0-3%2Bdeb13u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rgsr-9wpx-qqg6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@43.0.0-3%252Bdeb13u1
aliases CVE-2026-26007, GHSA-r6ph-v2qm-q3c2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f44c-ygbw-bufn
1
url VCID-rgsr-9wpx-qqg6
vulnerability_id VCID-rgsr-9wpx-qqg6
summary 
cryptography has incomplete DNS name constraint enforcement on peer names
## Summary

In versions of cryptography prior to 46.0.5, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography would allow a peer named `bar.example.com` to validate against a wildcard leaf certificate for `*.example.com`, even if the leaf's parent certificate (or upwards) contained an excluded subtree constraint for `bar.example.com`.

This behavior resulted from a gap between RFC 5280 (which defines Name Constraint semantics) and RFC 9525 (which defines service identity semantics): put together, neither states definitively whether Name Constraints should be applied to peer names. To close this gap, cryptography now conservatively rejects any validation where the peer name would be rejected by a name constraint if it were a SAN instead.

In practice, exploitation of this bypass requires an uncommon X.509 topology, one that the Web PKI avoids because it exhibits these kinds of problems. Consequently, we consider this a medium-to-low impact severity.

See CVE-2025-61727 for a similar bypass in Go's `crypto/x509`.

## Remediation

Users should upgrade to 46.0.6 or newer. 

## Attribution

Reporter: @1seal
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34073.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34073.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34073
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.05951
published_at 2026-04-18T12:55:00Z
1
value 0.00022
scoring_system epss
scoring_elements 0.0594
published_at 2026-04-16T12:55:00Z
2
value 0.00022
scoring_system epss
scoring_elements 0.05975
published_at 2026-04-13T12:55:00Z
3
value 0.00022
scoring_system epss
scoring_elements 0.05985
published_at 2026-04-12T12:55:00Z
4
value 0.00022
scoring_system epss
scoring_elements 0.05994
published_at 2026-04-11T12:55:00Z
5
value 0.00022
scoring_system epss
scoring_elements 0.06012
published_at 2026-04-09T12:55:00Z
6
value 0.00022
scoring_system epss
scoring_elements 0.05934
published_at 2026-04-07T12:55:00Z
7
value 0.00022
scoring_system epss
scoring_elements 0.05972
published_at 2026-04-08T12:55:00Z
8
value 0.00023
scoring_system epss
scoring_elements 0.06218
published_at 2026-04-02T12:55:00Z
9
value 0.00023
scoring_system epss
scoring_elements 0.06249
published_at 2026-04-04T12:55:00Z
10
value 9e-05
scoring_system epss
scoring_elements 0.0084
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34073
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34073
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34073
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pyca/cryptography
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography
5
reference_url https://github.com/pyca/cryptography/security/advisories/GHSA-m959-cc7f-wv43
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:50:17Z/
url https://github.com/pyca/cryptography/security/advisories/GHSA-m959-cc7f-wv43
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34073
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34073
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2453276
reference_id 2453276
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2453276
8
reference_url https://github.com/advisories/GHSA-m959-cc7f-wv43
reference_id GHSA-m959-cc7f-wv43
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m959-cc7f-wv43
9
reference_url https://access.redhat.com/errata/RHSA-2026:7295
reference_id RHSA-2026:7295
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7295
fixed_packages
0
url pkg:deb/debian/python-cryptography@46.0.6-1
purl pkg:deb/debian/python-cryptography@46.0.6-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-za3q-wwzc-qbgv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@46.0.6-1
1
url pkg:deb/debian/python-cryptography@46.0.7-1
purl pkg:deb/debian/python-cryptography@46.0.7-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@46.0.7-1
aliases CVE-2026-34073, GHSA-m959-cc7f-wv43
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rgsr-9wpx-qqg6
2
url VCID-x7vf-dyab-qbhq
vulnerability_id VCID-x7vf-dyab-qbhq
summary 
Python Cryptography package vulnerable to Bleichenbacher timing oracle attack
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50782.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50782.json
1
reference_url https://access.redhat.com/security/cve/CVE-2023-50782
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-15T16:14:33Z/
url https://access.redhat.com/security/cve/CVE-2023-50782
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-50782
reference_id
reference_type
scores
0
value 0.00855
scoring_system epss
scoring_elements 0.74977
published_at 2026-04-11T12:55:00Z
1
value 0.00855
scoring_system epss
scoring_elements 0.74981
published_at 2026-04-21T12:55:00Z
2
value 0.00855
scoring_system epss
scoring_elements 0.7499
published_at 2026-04-18T12:55:00Z
3
value 0.00855
scoring_system epss
scoring_elements 0.74983
published_at 2026-04-16T12:55:00Z
4
value 0.00855
scoring_system epss
scoring_elements 0.74946
published_at 2026-04-13T12:55:00Z
5
value 0.00855
scoring_system epss
scoring_elements 0.74956
published_at 2026-04-12T12:55:00Z
6
value 0.00855
scoring_system epss
scoring_elements 0.74907
published_at 2026-04-02T12:55:00Z
7
value 0.00855
scoring_system epss
scoring_elements 0.74935
published_at 2026-04-04T12:55:00Z
8
value 0.00855
scoring_system epss
scoring_elements 0.74909
published_at 2026-04-07T12:55:00Z
9
value 0.00855
scoring_system epss
scoring_elements 0.74942
published_at 2026-04-08T12:55:00Z
10
value 0.00855
scoring_system epss
scoring_elements 0.74954
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-50782
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2254432
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-15T16:14:33Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2254432
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50782
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50782
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/pyca/cryptography
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography
7
reference_url https://github.com/pyca/cryptography/issues/9785
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography/issues/9785
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-50782
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-50782
9
reference_url https://www.couchbase.com/alerts
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.couchbase.com/alerts
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059308
reference_id 1059308
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059308
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2
reference_id cpe:/a:redhat:ansible_automation_platform:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhui:4::el8
reference_id cpe:/a:redhat:rhui:4::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhui:4::el8
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6
reference_id cpe:/a:redhat:satellite:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
17
reference_url https://github.com/advisories/GHSA-3ww4-gg4f-jr7f
reference_id GHSA-3ww4-gg4f-jr7f
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3ww4-gg4f-jr7f
18
reference_url https://usn.ubuntu.com/6673-1/
reference_id USN-6673-1
reference_type
scores
url https://usn.ubuntu.com/6673-1/
19
reference_url https://usn.ubuntu.com/6673-2/
reference_id USN-6673-2
reference_type
scores
url https://usn.ubuntu.com/6673-2/
fixed_packages
0
url pkg:deb/debian/python-cryptography@43.0.0-3%2Bdeb13u1
purl pkg:deb/debian/python-cryptography@43.0.0-3%2Bdeb13u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rgsr-9wpx-qqg6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@43.0.0-3%252Bdeb13u1
aliases CVE-2023-50782, GHSA-3ww4-gg4f-jr7f
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x7vf-dyab-qbhq
Fixing_vulnerabilities
0
url VCID-48jq-1u5d-tkan
vulnerability_id VCID-48jq-1u5d-tkan
summary cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49083.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49083.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49083
reference_id
reference_type
scores
0
value 0.00909
scoring_system epss
scoring_elements 0.75802
published_at 2026-04-21T12:55:00Z
1
value 0.01289
scoring_system epss
scoring_elements 0.79648
published_at 2026-04-08T12:55:00Z
2
value 0.01289
scoring_system epss
scoring_elements 0.79656
published_at 2026-04-09T12:55:00Z
3
value 0.01289
scoring_system epss
scoring_elements 0.79611
published_at 2026-04-02T12:55:00Z
4
value 0.01289
scoring_system epss
scoring_elements 0.79682
published_at 2026-04-18T12:55:00Z
5
value 0.01289
scoring_system epss
scoring_elements 0.79634
published_at 2026-04-04T12:55:00Z
6
value 0.01289
scoring_system epss
scoring_elements 0.79653
published_at 2026-04-13T12:55:00Z
7
value 0.01289
scoring_system epss
scoring_elements 0.79661
published_at 2026-04-12T12:55:00Z
8
value 0.01289
scoring_system epss
scoring_elements 0.79677
published_at 2026-04-11T12:55:00Z
9
value 0.01289
scoring_system epss
scoring_elements 0.7962
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49083
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49083
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49083
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pyca/cryptography
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography
5
reference_url https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:31:36Z/
url https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a
6
reference_url https://github.com/pyca/cryptography/pull/9926
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:31:36Z/
url https://github.com/pyca/cryptography/pull/9926
7
reference_url https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:31:36Z/
url https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-254.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-254.yaml
9
reference_url https://lists.debian.org/debian-lts-announce/2024/10/msg00012.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/10/msg00012.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV/
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:31:36Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV/
12
reference_url http://www.openwall.com/lists/oss-security/2023/11/29/2
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/11/29/2
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057108
reference_id 1057108
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057108
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2255331
reference_id 2255331
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2255331
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-49083
reference_id CVE-2023-49083
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-49083
16
reference_url https://github.com/advisories/GHSA-jfhm-5ghh-2f97
reference_id GHSA-jfhm-5ghh-2f97
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jfhm-5ghh-2f97
17
reference_url https://security.gentoo.org/glsa/202407-06
reference_id GLSA-202407-06
reference_type
scores
url https://security.gentoo.org/glsa/202407-06
18
reference_url https://access.redhat.com/errata/RHSA-2024:10965
reference_id RHSA-2024:10965
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10965
19
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
20
reference_url https://access.redhat.com/errata/RHSA-2024:2337
reference_id RHSA-2024:2337
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2337
21
reference_url https://access.redhat.com/errata/RHSA-2024:3105
reference_id RHSA-2024:3105
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3105
22
reference_url https://access.redhat.com/errata/RHSA-2024:3781
reference_id RHSA-2024:3781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3781
23
reference_url https://access.redhat.com/errata/RHSA-2025:13098
reference_id RHSA-2025:13098
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:13098
24
reference_url https://access.redhat.com/errata/RHSA-2025:13100
reference_id RHSA-2025:13100
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:13100
25
reference_url https://access.redhat.com/errata/RHSA-2025:13101
reference_id RHSA-2025:13101
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:13101
26
reference_url https://access.redhat.com/errata/RHSA-2025:13102
reference_id RHSA-2025:13102
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:13102
27
reference_url https://access.redhat.com/errata/RHSA-2025:13103
reference_id RHSA-2025:13103
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:13103
28
reference_url https://access.redhat.com/errata/RHSA-2025:13104
reference_id RHSA-2025:13104
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:13104
29
reference_url https://access.redhat.com/errata/RHSA-2025:14553
reference_id RHSA-2025:14553
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14553
30
reference_url https://access.redhat.com/errata/RHSA-2025:15874
reference_id RHSA-2025:15874
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15874
31
reference_url https://usn.ubuntu.com/6539-1/
reference_id USN-6539-1
reference_type
scores
url https://usn.ubuntu.com/6539-1/
fixed_packages
0
url pkg:deb/debian/python-cryptography@38.0.4-3%2Bdeb12u1
purl pkg:deb/debian/python-cryptography@38.0.4-3%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f44c-ygbw-bufn
1
vulnerability VCID-rgsr-9wpx-qqg6
2
vulnerability VCID-x7vf-dyab-qbhq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@38.0.4-3%252Bdeb12u1
aliases CVE-2023-49083, GHSA-jfhm-5ghh-2f97, PYSEC-2023-254
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-48jq-1u5d-tkan
1
url VCID-u4f5-k68d-wfd1
vulnerability_id VCID-u4f5-k68d-wfd1
summary cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23931.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23931.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-23931
reference_id
reference_type
scores
0
value 0.00688
scoring_system epss
scoring_elements 0.71745
published_at 2026-04-21T12:55:00Z
1
value 0.00804
scoring_system epss
scoring_elements 0.74169
published_at 2026-04-16T12:55:00Z
2
value 0.00804
scoring_system epss
scoring_elements 0.74131
published_at 2026-04-13T12:55:00Z
3
value 0.00804
scoring_system epss
scoring_elements 0.74137
published_at 2026-04-12T12:55:00Z
4
value 0.00804
scoring_system epss
scoring_elements 0.74155
published_at 2026-04-11T12:55:00Z
5
value 0.00804
scoring_system epss
scoring_elements 0.74134
published_at 2026-04-09T12:55:00Z
6
value 0.00804
scoring_system epss
scoring_elements 0.74086
published_at 2026-04-07T12:55:00Z
7
value 0.00804
scoring_system epss
scoring_elements 0.74119
published_at 2026-04-08T12:55:00Z
8
value 0.00804
scoring_system epss
scoring_elements 0.74177
published_at 2026-04-18T12:55:00Z
9
value 0.00804
scoring_system epss
scoring_elements 0.74114
published_at 2026-04-04T12:55:00Z
10
value 0.00804
scoring_system epss
scoring_elements 0.74087
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-23931
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23931
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23931
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pyca/cryptography
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography
5
reference_url https://github.com/pyca/cryptography/commit/d6951dca25de45abd52da51b608055371fbcde4e
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography/commit/d6951dca25de45abd52da51b608055371fbcde4e
6
reference_url https://github.com/pyca/cryptography/pull/8230
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography/pull/8230
7
reference_url https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:11Z/
url https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3
8
reference_url https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:11Z/
url https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-11.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-11.yaml
10
reference_url https://lists.debian.org/debian-lts-announce/2024/10/msg00012.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/10/msg00012.html
11
reference_url https://security.netapp.com/advisory/ntap-20230324-0007
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230324-0007
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031049
reference_id 1031049
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031049
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2171817
reference_id 2171817
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2171817
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-23931
reference_id CVE-2023-23931
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-23931
15
reference_url https://github.com/advisories/GHSA-w7pp-m8wf-vj6r
reference_id GHSA-w7pp-m8wf-vj6r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w7pp-m8wf-vj6r
16
reference_url https://security.gentoo.org/glsa/202407-06
reference_id GLSA-202407-06
reference_type
scores
url https://security.gentoo.org/glsa/202407-06
17
reference_url https://access.redhat.com/errata/RHSA-2023:4693
reference_id RHSA-2023:4693
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4693
18
reference_url https://access.redhat.com/errata/RHSA-2023:4971
reference_id RHSA-2023:4971
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4971
19
reference_url https://access.redhat.com/errata/RHSA-2023:6615
reference_id RHSA-2023:6615
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6615
20
reference_url https://access.redhat.com/errata/RHSA-2023:6793
reference_id RHSA-2023:6793
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6793
21
reference_url https://access.redhat.com/errata/RHSA-2023:7096
reference_id RHSA-2023:7096
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7096
22
reference_url https://access.redhat.com/errata/RHSA-2023:7341
reference_id RHSA-2023:7341
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7341
23
reference_url https://access.redhat.com/errata/RHSA-2024:2985
reference_id RHSA-2024:2985
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2985
24
reference_url https://usn.ubuntu.com/6539-1/
reference_id USN-6539-1
reference_type
scores
url https://usn.ubuntu.com/6539-1/
fixed_packages
0
url pkg:deb/debian/python-cryptography@38.0.4-3%2Bdeb12u1
purl pkg:deb/debian/python-cryptography@38.0.4-3%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f44c-ygbw-bufn
1
vulnerability VCID-rgsr-9wpx-qqg6
2
vulnerability VCID-x7vf-dyab-qbhq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@38.0.4-3%252Bdeb12u1
aliases CVE-2023-23931, GHSA-w7pp-m8wf-vj6r, PYSEC-2023-11
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u4f5-k68d-wfd1
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@38.0.4-3%252Bdeb12u1