Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/python-cryptography@46.0.7-1?distro=trixie
Typedeb
Namespacedebian
Namepython-cryptography
Version46.0.7-1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-67ns-x8ut-cbdc
vulnerability_id VCID-67ns-x8ut-cbdc
summary The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38325.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38325.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-38325
reference_id
reference_type
scores
0
value 0.01168
scoring_system epss
scoring_elements 0.79014
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-38325
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/pyca/cryptography
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography
4
reference_url https://github.com/pyca/cryptography/commit/1ca7adc97b76a9dfbd3d850628b613eb93b78fc3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography/commit/1ca7adc97b76a9dfbd3d850628b613eb93b78fc3
5
reference_url https://github.com/pyca/cryptography/compare/41.0.1...41.0.2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:00:20Z/
url https://github.com/pyca/cryptography/compare/41.0.1...41.0.2
6
reference_url https://github.com/pyca/cryptography/issues/9207
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:00:20Z/
url https://github.com/pyca/cryptography/issues/9207
7
reference_url https://github.com/pyca/cryptography/pull/7960
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography/pull/7960
8
reference_url https://github.com/pyca/cryptography/pull/9208
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:00:20Z/
url https://github.com/pyca/cryptography/pull/9208
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-112.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-112.yaml
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMCCTYY3CSNQBFFYYC5DAV6KATHWCUZK
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMCCTYY3CSNQBFFYYC5DAV6KATHWCUZK
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMCCTYY3CSNQBFFYYC5DAV6KATHWCUZK
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMCCTYY3CSNQBFFYYC5DAV6KATHWCUZK
12
reference_url https://pypi.org/project/cryptography/#history
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:00:20Z/
url https://pypi.org/project/cryptography/#history
13
reference_url https://security.netapp.com/advisory/ntap-20230824-0010
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230824-0010
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2231271
reference_id 2231271
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2231271
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38325
reference_id CVE-2023-38325
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-38325
16
reference_url https://github.com/advisories/GHSA-cf7p-gm2m-833m
reference_id GHSA-cf7p-gm2m-833m
reference_type
scores
url https://github.com/advisories/GHSA-cf7p-gm2m-833m
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMCCTYY3CSNQBFFYYC5DAV6KATHWCUZK/
reference_id NMCCTYY3CSNQBFFYYC5DAV6KATHWCUZK
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:00:20Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMCCTYY3CSNQBFFYYC5DAV6KATHWCUZK/
18
reference_url https://security.netapp.com/advisory/ntap-20230824-0010/
reference_id ntap-20230824-0010
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:00:20Z/
url https://security.netapp.com/advisory/ntap-20230824-0010/
fixed_packages
0
url pkg:deb/debian/python-cryptography@0?distro=trixie
purl pkg:deb/debian/python-cryptography@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@0%3Fdistro=trixie
1
url pkg:deb/debian/python-cryptography@3.3.2-1?distro=trixie
purl pkg:deb/debian/python-cryptography@3.3.2-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ac2f-9mbb-pyeh
1
vulnerability VCID-gyar-9xau-nba1
2
vulnerability VCID-jksg-v3x3-z3d3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@3.3.2-1%3Fdistro=trixie
2
url pkg:deb/debian/python-cryptography@38.0.4-3%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-cryptography@38.0.4-3%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ac2f-9mbb-pyeh
1
vulnerability VCID-gyar-9xau-nba1
2
vulnerability VCID-jksg-v3x3-z3d3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@38.0.4-3%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/python-cryptography@43.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/python-cryptography@43.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jksg-v3x3-z3d3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@43.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/python-cryptography@46.0.7-1?distro=trixie
purl pkg:deb/debian/python-cryptography@46.0.7-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@46.0.7-1%3Fdistro=trixie
aliases CVE-2023-38325, GHSA-cf7p-gm2m-833m, PYSEC-2023-112
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-67ns-x8ut-cbdc
1
url VCID-8kj7-du9v-uugw
vulnerability_id VCID-8kj7-du9v-uugw
summary HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9243.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9243.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-9243
reference_id
reference_type
scores
0
value 0.0165
scoring_system epss
scoring_elements 0.82377
published_at 2026-06-05T12:55:00Z
1
value 0.0165
scoring_system epss
scoring_elements 0.82348
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-9243
2
reference_url https://cryptography.io/en/latest/changelog
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://cryptography.io/en/latest/changelog
3
reference_url https://cryptography.io/en/latest/changelog/#v1-5-3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://cryptography.io/en/latest/changelog/#v1-5-3
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9243
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9243
5
reference_url https://github.com/advisories/GHSA-q3cj-2r34-2cwc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-q3cj-2r34-2cwc
6
reference_url https://github.com/pyca/cryptography
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography
7
reference_url https://github.com/pyca/cryptography/commit/b924696b2e8731f39696584d12cceeb3aeb2d874
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography/commit/b924696b2e8731f39696584d12cceeb3aeb2d874
8
reference_url https://github.com/pyca/cryptography/issues/3211
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography/issues/3211
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2017-8.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2017-8.yaml
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R2ZOBMPWDFFHUZ6QOZZY36A6H5CGJXL
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R2ZOBMPWDFFHUZ6QOZZY36A6H5CGJXL
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U23KDR2M2N7W2ZSREG63BVW7D4VC6CIZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U23KDR2M2N7W2ZSREG63BVW7D4VC6CIZ
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQ5G7KHKZC4SI23JE7277KZXM57GEQKT
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQ5G7KHKZC4SI23JE7277KZXM57GEQKT
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R2ZOBMPWDFFHUZ6QOZZY36A6H5CGJXL
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R2ZOBMPWDFFHUZ6QOZZY36A6H5CGJXL
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R2ZOBMPWDFFHUZ6QOZZY36A6H5CGJXL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R2ZOBMPWDFFHUZ6QOZZY36A6H5CGJXL/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U23KDR2M2N7W2ZSREG63BVW7D4VC6CIZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U23KDR2M2N7W2ZSREG63BVW7D4VC6CIZ
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U23KDR2M2N7W2ZSREG63BVW7D4VC6CIZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U23KDR2M2N7W2ZSREG63BVW7D4VC6CIZ/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQ5G7KHKZC4SI23JE7277KZXM57GEQKT
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQ5G7KHKZC4SI23JE7277KZXM57GEQKT
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQ5G7KHKZC4SI23JE7277KZXM57GEQKT/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQ5G7KHKZC4SI23JE7277KZXM57GEQKT/
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-9243
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-9243
20
reference_url http://www.openwall.com/lists/oss-security/2016/11/09/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/11/09/2
21
reference_url http://www.securityfocus.com/bid/94216
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/94216
22
reference_url http://www.ubuntu.com/usn/USN-3138-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-3138-1
23
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1393431
reference_id 1393431
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1393431
24
reference_url https://usn.ubuntu.com/3138-1/
reference_id USN-3138-1
reference_type
scores
url https://usn.ubuntu.com/3138-1/
fixed_packages
0
url pkg:deb/debian/python-cryptography@1.5.3-1?distro=trixie
purl pkg:deb/debian/python-cryptography@1.5.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@1.5.3-1%3Fdistro=trixie
1
url pkg:deb/debian/python-cryptography@3.3.2-1?distro=trixie
purl pkg:deb/debian/python-cryptography@3.3.2-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ac2f-9mbb-pyeh
1
vulnerability VCID-gyar-9xau-nba1
2
vulnerability VCID-jksg-v3x3-z3d3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@3.3.2-1%3Fdistro=trixie
2
url pkg:deb/debian/python-cryptography@38.0.4-3%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-cryptography@38.0.4-3%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ac2f-9mbb-pyeh
1
vulnerability VCID-gyar-9xau-nba1
2
vulnerability VCID-jksg-v3x3-z3d3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@38.0.4-3%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/python-cryptography@43.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/python-cryptography@43.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jksg-v3x3-z3d3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@43.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/python-cryptography@46.0.7-1?distro=trixie
purl pkg:deb/debian/python-cryptography@46.0.7-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@46.0.7-1%3Fdistro=trixie
aliases CVE-2016-9243, GHSA-q3cj-2r34-2cwc, PYSEC-2017-8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8kj7-du9v-uugw
2
url VCID-ac2f-9mbb-pyeh
vulnerability_id VCID-ac2f-9mbb-pyeh
summary 
cryptography Vulnerable to a Subgroup Attack Due to Missing Subgroup Validation for SECT Curves
The `public_key_from_numbers` (or `EllipticCurvePublicNumbers.public_key()`), `EllipticCurvePublicNumbers.public_key()`, `load_der_public_key()` and `load_pem_public_key()` functions do not verify that the point belongs to the expected prime-order subgroup of the curve.

This missing validation allows an attacker to provide a public key point `P` from a small-order subgroup.  This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as `S = [victim_private_key]P` via ECDH,  this leaks information about `victim_private_key mod (small_subgroup_order)`. For curves with cofactor > 1, this reveals the least significant bits of the private key.  When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup.

Only SECT curves are impacted by this.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26007.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26007.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-26007
reference_id
reference_type
scores
0
value 9e-05
scoring_system epss
scoring_elements 0.00972
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-26007
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26007
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26007
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pyca/cryptography
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography
5
reference_url https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:28:38Z/
url https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c
6
reference_url https://github.com/pyca/cryptography/releases/tag/46.0.5
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography/releases/tag/46.0.5
7
reference_url http://www.openwall.com/lists/oss-security/2026/02/10/4
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/02/10/4
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127926
reference_id 1127926
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127926
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2438762
reference_id 2438762
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2438762
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-26007
reference_id CVE-2026-26007
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-26007
11
reference_url https://github.com/advisories/GHSA-r6ph-v2qm-q3c2
reference_id GHSA-r6ph-v2qm-q3c2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r6ph-v2qm-q3c2
12
reference_url https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2
reference_id GHSA-r6ph-v2qm-q3c2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:28:38Z/
url https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2
13
reference_url https://access.redhat.com/errata/RHSA-2026:10184
reference_id RHSA-2026:10184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10184
14
reference_url https://access.redhat.com/errata/RHSA-2026:12176
reference_id RHSA-2026:12176
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:12176
15
reference_url https://access.redhat.com/errata/RHSA-2026:13512
reference_id RHSA-2026:13512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:13512
16
reference_url https://access.redhat.com/errata/RHSA-2026:13545
reference_id RHSA-2026:13545
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:13545
17
reference_url https://access.redhat.com/errata/RHSA-2026:13553
reference_id RHSA-2026:13553
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:13553
18
reference_url https://access.redhat.com/errata/RHSA-2026:13672
reference_id RHSA-2026:13672
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:13672
19
reference_url https://access.redhat.com/errata/RHSA-2026:19355
reference_id RHSA-2026:19355
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19355
20
reference_url https://access.redhat.com/errata/RHSA-2026:21431
reference_id RHSA-2026:21431
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21431
21
reference_url https://access.redhat.com/errata/RHSA-2026:21517
reference_id RHSA-2026:21517
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21517
22
reference_url https://access.redhat.com/errata/RHSA-2026:22330
reference_id RHSA-2026:22330
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22330
23
reference_url https://access.redhat.com/errata/RHSA-2026:22993
reference_id RHSA-2026:22993
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22993
24
reference_url https://access.redhat.com/errata/RHSA-2026:2694
reference_id RHSA-2026:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2694
25
reference_url https://access.redhat.com/errata/RHSA-2026:5168
reference_id RHSA-2026:5168
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5168
26
reference_url https://access.redhat.com/errata/RHSA-2026:5665
reference_id RHSA-2026:5665
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5665
27
reference_url https://access.redhat.com/errata/RHSA-2026:6308
reference_id RHSA-2026:6308
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6308
28
reference_url https://access.redhat.com/errata/RHSA-2026:6309
reference_id RHSA-2026:6309
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6309
29
reference_url https://access.redhat.com/errata/RHSA-2026:6404
reference_id RHSA-2026:6404
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6404
30
reference_url https://access.redhat.com/errata/RHSA-2026:6497
reference_id RHSA-2026:6497
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6497
31
reference_url https://access.redhat.com/errata/RHSA-2026:6567
reference_id RHSA-2026:6567
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6567
32
reference_url https://access.redhat.com/errata/RHSA-2026:6568
reference_id RHSA-2026:6568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6568
33
reference_url https://access.redhat.com/errata/RHSA-2026:7295
reference_id RHSA-2026:7295
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7295
34
reference_url https://usn.ubuntu.com/8087-1/
reference_id USN-8087-1
reference_type
scores
url https://usn.ubuntu.com/8087-1/
35
reference_url https://usn.ubuntu.com/8087-3/
reference_id USN-8087-3
reference_type
scores
url https://usn.ubuntu.com/8087-3/
fixed_packages
0
url pkg:deb/debian/python-cryptography@43.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/python-cryptography@43.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jksg-v3x3-z3d3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@43.0.0-3%252Bdeb13u1%3Fdistro=trixie
1
url pkg:deb/debian/python-cryptography@46.0.5-1?distro=trixie
purl pkg:deb/debian/python-cryptography@46.0.5-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@46.0.5-1%3Fdistro=trixie
2
url pkg:deb/debian/python-cryptography@46.0.7-1?distro=trixie
purl pkg:deb/debian/python-cryptography@46.0.7-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@46.0.7-1%3Fdistro=trixie
aliases CVE-2026-26007, GHSA-r6ph-v2qm-q3c2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ac2f-9mbb-pyeh
3
url VCID-dzvc-j4et-ukgu
vulnerability_id VCID-dzvc-j4et-ukgu
summary cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26130.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26130.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26130
reference_id
reference_type
scores
0
value 0.00437
scoring_system epss
scoring_elements 0.63446
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26130
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/pyca/cryptography
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography
4
reference_url https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-14T19:56:07Z/
url https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55
5
reference_url https://github.com/pyca/cryptography/pull/10423
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-14T19:56:07Z/
url https://github.com/pyca/cryptography/pull/10423
6
reference_url https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-14T19:56:07Z/
url https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2024-225.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2024-225.yaml
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064778
reference_id 1064778
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064778
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2269617
reference_id 2269617
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2269617
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26130
reference_id CVE-2024-26130
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26130
11
reference_url https://github.com/advisories/GHSA-6vqw-3v5j-54x4
reference_id GHSA-6vqw-3v5j-54x4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6vqw-3v5j-54x4
12
reference_url https://security.gentoo.org/glsa/202407-06
reference_id GLSA-202407-06
reference_type
scores
url https://security.gentoo.org/glsa/202407-06
13
reference_url https://access.redhat.com/errata/RHSA-2024:3781
reference_id RHSA-2024:3781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3781
14
reference_url https://access.redhat.com/errata/RHSA-2024:7987
reference_id RHSA-2024:7987
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7987
15
reference_url https://access.redhat.com/errata/RHSA-2025:1335
reference_id RHSA-2025:1335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1335
16
reference_url https://access.redhat.com/errata/RHSA-2025:15608
reference_id RHSA-2025:15608
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15608
17
reference_url https://usn.ubuntu.com/6673-1/
reference_id USN-6673-1
reference_type
scores
url https://usn.ubuntu.com/6673-1/
18
reference_url https://usn.ubuntu.com/6673-3/
reference_id USN-6673-3
reference_type
scores
url https://usn.ubuntu.com/6673-3/
fixed_packages
0
url pkg:deb/debian/python-cryptography@0?distro=trixie
purl pkg:deb/debian/python-cryptography@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@0%3Fdistro=trixie
1
url pkg:deb/debian/python-cryptography@3.3.2-1?distro=trixie
purl pkg:deb/debian/python-cryptography@3.3.2-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ac2f-9mbb-pyeh
1
vulnerability VCID-gyar-9xau-nba1
2
vulnerability VCID-jksg-v3x3-z3d3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@3.3.2-1%3Fdistro=trixie
2
url pkg:deb/debian/python-cryptography@38.0.4-3%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-cryptography@38.0.4-3%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ac2f-9mbb-pyeh
1
vulnerability VCID-gyar-9xau-nba1
2
vulnerability VCID-jksg-v3x3-z3d3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@38.0.4-3%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/python-cryptography@42.0.5-1?distro=trixie
purl pkg:deb/debian/python-cryptography@42.0.5-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@42.0.5-1%3Fdistro=trixie
4
url pkg:deb/debian/python-cryptography@43.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/python-cryptography@43.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jksg-v3x3-z3d3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@43.0.0-3%252Bdeb13u1%3Fdistro=trixie
5
url pkg:deb/debian/python-cryptography@46.0.7-1?distro=trixie
purl pkg:deb/debian/python-cryptography@46.0.7-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@46.0.7-1%3Fdistro=trixie
aliases CVE-2024-26130, GHSA-6vqw-3v5j-54x4, PYSEC-2024-225
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dzvc-j4et-ukgu
4
url VCID-gyar-9xau-nba1
vulnerability_id VCID-gyar-9xau-nba1
summary 
Python Cryptography package vulnerable to Bleichenbacher timing oracle attack
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50782.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50782.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-50782
reference_id
reference_type
scores
0
value 0.00879
scoring_system epss
scoring_elements 0.75718
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-50782
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2254432
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-15T16:14:33Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2254432
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50782
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50782
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/pyca/cryptography
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography
6
reference_url https://github.com/pyca/cryptography/issues/9785
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography/issues/9785
7
reference_url https://www.couchbase.com/alerts
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.couchbase.com/alerts
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059308
reference_id 1059308
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059308
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2
reference_id cpe:/a:redhat:ansible_automation_platform:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhui:4::el8
reference_id cpe:/a:redhat:rhui:4::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhui:4::el8
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6
reference_id cpe:/a:redhat:satellite:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
15
reference_url https://access.redhat.com/security/cve/CVE-2023-50782
reference_id CVE-2023-50782
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-15T16:14:33Z/
url https://access.redhat.com/security/cve/CVE-2023-50782
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-50782
reference_id CVE-2023-50782
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-50782
17
reference_url https://github.com/advisories/GHSA-3ww4-gg4f-jr7f
reference_id GHSA-3ww4-gg4f-jr7f
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3ww4-gg4f-jr7f
18
reference_url https://usn.ubuntu.com/6673-1/
reference_id USN-6673-1
reference_type
scores
url https://usn.ubuntu.com/6673-1/
19
reference_url https://usn.ubuntu.com/6673-2/
reference_id USN-6673-2
reference_type
scores
url https://usn.ubuntu.com/6673-2/
fixed_packages
0
url pkg:deb/debian/python-cryptography@42.0.5-1?distro=trixie
purl pkg:deb/debian/python-cryptography@42.0.5-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@42.0.5-1%3Fdistro=trixie
1
url pkg:deb/debian/python-cryptography@43.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/python-cryptography@43.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jksg-v3x3-z3d3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@43.0.0-3%252Bdeb13u1%3Fdistro=trixie
2
url pkg:deb/debian/python-cryptography@46.0.7-1?distro=trixie
purl pkg:deb/debian/python-cryptography@46.0.7-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@46.0.7-1%3Fdistro=trixie
aliases CVE-2023-50782, GHSA-3ww4-gg4f-jr7f
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gyar-9xau-nba1
5
url VCID-hvcn-tmdz-m3ct
vulnerability_id VCID-hvcn-tmdz-m3ct
summary A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:3600
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3600
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10903.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10903.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-10903
reference_id
reference_type
scores
0
value 0.00239
scoring_system epss
scoring_elements 0.4718
published_at 2026-06-04T12:55:00Z
1
value 0.00239
scoring_system epss
scoring_elements 0.47245
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-10903
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10903
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10903
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10903
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10903
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-fcf9-3qw3-gxmj
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-fcf9-3qw3-gxmj
7
reference_url https://github.com/pyca/cryptography
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography
8
reference_url https://github.com/pyca/cryptography/commit/d4378e42937b56f473ddade2667f919ce32208cb
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography/commit/d4378e42937b56f473ddade2667f919ce32208cb
9
reference_url https://github.com/pyca/cryptography/pull/4342
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography/pull/4342
10
reference_url https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef
reference_id
reference_type
scores
url https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2018-52.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2018-52.yaml
12
reference_url https://usn.ubuntu.com/3720-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3720-1
13
reference_url https://usn.ubuntu.com/3720-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3720-1/
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1602931
reference_id 1602931
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1602931
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904072
reference_id 904072
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904072
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-10903
reference_id CVE-2018-10903
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-10903
fixed_packages
0
url pkg:deb/debian/python-cryptography@2.3-1?distro=trixie
purl pkg:deb/debian/python-cryptography@2.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@2.3-1%3Fdistro=trixie
1
url pkg:deb/debian/python-cryptography@3.3.2-1?distro=trixie
purl pkg:deb/debian/python-cryptography@3.3.2-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ac2f-9mbb-pyeh
1
vulnerability VCID-gyar-9xau-nba1
2
vulnerability VCID-jksg-v3x3-z3d3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@3.3.2-1%3Fdistro=trixie
2
url pkg:deb/debian/python-cryptography@38.0.4-3%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-cryptography@38.0.4-3%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ac2f-9mbb-pyeh
1
vulnerability VCID-gyar-9xau-nba1
2
vulnerability VCID-jksg-v3x3-z3d3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@38.0.4-3%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/python-cryptography@43.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/python-cryptography@43.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jksg-v3x3-z3d3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@43.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/python-cryptography@46.0.7-1?distro=trixie
purl pkg:deb/debian/python-cryptography@46.0.7-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@46.0.7-1%3Fdistro=trixie
aliases CVE-2018-10903, GHSA-fcf9-3qw3-gxmj, PYSEC-2018-52
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hvcn-tmdz-m3ct
6
url VCID-jksg-v3x3-z3d3
vulnerability_id VCID-jksg-v3x3-z3d3
summary cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography would allow a peer named bar.example.com to validate against a wildcard leaf certificate for *.example.com, even if the leaf's parent certificate (or upwards) contained an excluded subtree constraint for bar.example.com. This issue has been patched in version 46.0.6.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34073.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34073.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34073
reference_id
reference_type
scores
0
value 9e-05
scoring_system epss
scoring_elements 0.01023
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34073
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34073
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34073
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pyca/cryptography
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography
5
reference_url https://github.com/pyca/cryptography/security/advisories/GHSA-m959-cc7f-wv43
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:50:17Z/
url https://github.com/pyca/cryptography/security/advisories/GHSA-m959-cc7f-wv43
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34073
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34073
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2453276
reference_id 2453276
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2453276
8
reference_url https://github.com/advisories/GHSA-m959-cc7f-wv43
reference_id GHSA-m959-cc7f-wv43
reference_type
scores
url https://github.com/advisories/GHSA-m959-cc7f-wv43
9
reference_url https://access.redhat.com/errata/RHSA-2026:7295
reference_id RHSA-2026:7295
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7295
fixed_packages
0
url pkg:deb/debian/python-cryptography@46.0.6-1?distro=trixie
purl pkg:deb/debian/python-cryptography@46.0.6-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@46.0.6-1%3Fdistro=trixie
1
url pkg:deb/debian/python-cryptography@46.0.7-1?distro=trixie
purl pkg:deb/debian/python-cryptography@46.0.7-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@46.0.7-1%3Fdistro=trixie
aliases CVE-2026-34073, GHSA-m959-cc7f-wv43, PYSEC-2026-35
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jksg-v3x3-z3d3
7
url VCID-n7hx-bfnn-5kgc
vulnerability_id VCID-n7hx-bfnn-5kgc
summary cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49083.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49083.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49083
reference_id
reference_type
scores
0
value 0.01255
scoring_system epss
scoring_elements 0.79728
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49083
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49083
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49083
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pyca/cryptography
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography
5
reference_url https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:31:36Z/
url https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a
6
reference_url https://github.com/pyca/cryptography/pull/9926
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:31:36Z/
url https://github.com/pyca/cryptography/pull/9926
7
reference_url https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:31:36Z/
url https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-254.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-254.yaml
9
reference_url https://lists.debian.org/debian-lts-announce/2024/10/msg00012.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/10/msg00012.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV/
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:31:36Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV/
12
reference_url http://www.openwall.com/lists/oss-security/2023/11/29/2
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/11/29/2
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057108
reference_id 1057108
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057108
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2255331
reference_id 2255331
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2255331
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-49083
reference_id CVE-2023-49083
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-49083
16
reference_url https://github.com/advisories/GHSA-jfhm-5ghh-2f97
reference_id GHSA-jfhm-5ghh-2f97
reference_type
scores
url https://github.com/advisories/GHSA-jfhm-5ghh-2f97
17
reference_url https://security.gentoo.org/glsa/202407-06
reference_id GLSA-202407-06
reference_type
scores
url https://security.gentoo.org/glsa/202407-06
18
reference_url https://access.redhat.com/errata/RHSA-2024:10965
reference_id RHSA-2024:10965
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10965
19
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
20
reference_url https://access.redhat.com/errata/RHSA-2024:2337
reference_id RHSA-2024:2337
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2337
21
reference_url https://access.redhat.com/errata/RHSA-2024:3105
reference_id RHSA-2024:3105
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3105
22
reference_url https://access.redhat.com/errata/RHSA-2024:3781
reference_id RHSA-2024:3781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3781
23
reference_url https://access.redhat.com/errata/RHSA-2025:13098
reference_id RHSA-2025:13098
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:13098
24
reference_url https://access.redhat.com/errata/RHSA-2025:13100
reference_id RHSA-2025:13100
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:13100
25
reference_url https://access.redhat.com/errata/RHSA-2025:13101
reference_id RHSA-2025:13101
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:13101
26
reference_url https://access.redhat.com/errata/RHSA-2025:13102
reference_id RHSA-2025:13102
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:13102
27
reference_url https://access.redhat.com/errata/RHSA-2025:13103
reference_id RHSA-2025:13103
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:13103
28
reference_url https://access.redhat.com/errata/RHSA-2025:13104
reference_id RHSA-2025:13104
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:13104
29
reference_url https://access.redhat.com/errata/RHSA-2025:14553
reference_id RHSA-2025:14553
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14553
30
reference_url https://access.redhat.com/errata/RHSA-2025:15874
reference_id RHSA-2025:15874
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15874
31
reference_url https://usn.ubuntu.com/6539-1/
reference_id USN-6539-1
reference_type
scores
url https://usn.ubuntu.com/6539-1/
fixed_packages
0
url pkg:deb/debian/python-cryptography@3.3.2-1?distro=trixie
purl pkg:deb/debian/python-cryptography@3.3.2-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ac2f-9mbb-pyeh
1
vulnerability VCID-gyar-9xau-nba1
2
vulnerability VCID-jksg-v3x3-z3d3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@3.3.2-1%3Fdistro=trixie
1
url pkg:deb/debian/python-cryptography@3.3.2-1%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/python-cryptography@3.3.2-1%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@3.3.2-1%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/python-cryptography@38.0.4-3%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-cryptography@38.0.4-3%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ac2f-9mbb-pyeh
1
vulnerability VCID-gyar-9xau-nba1
2
vulnerability VCID-jksg-v3x3-z3d3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@38.0.4-3%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/python-cryptography@41.0.7-1?distro=trixie
purl pkg:deb/debian/python-cryptography@41.0.7-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@41.0.7-1%3Fdistro=trixie
4
url pkg:deb/debian/python-cryptography@43.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/python-cryptography@43.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jksg-v3x3-z3d3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@43.0.0-3%252Bdeb13u1%3Fdistro=trixie
5
url pkg:deb/debian/python-cryptography@46.0.7-1?distro=trixie
purl pkg:deb/debian/python-cryptography@46.0.7-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@46.0.7-1%3Fdistro=trixie
aliases CVE-2023-49083, GHSA-jfhm-5ghh-2f97, PYSEC-2023-254
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n7hx-bfnn-5kgc
8
url VCID-ra23-bf9w-2ugf
vulnerability_id VCID-ra23-bf9w-2ugf
summary In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36242.json
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36242.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-36242
reference_id
reference_type
scores
0
value 0.01575
scoring_system epss
scoring_elements 0.81882
published_at 2026-06-04T12:55:00Z
1
value 0.01575
scoring_system epss
scoring_elements 0.81916
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-36242
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36242
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36242
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-rhm9-p9w5-fwm7
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-rhm9-p9w5-fwm7
5
reference_url https://github.com/pyca/cryptography
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography
6
reference_url https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst
7
reference_url https://github.com/pyca/cryptography/commit/82b6ce28389f0a317bc55ba2091a74b346db7cae
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography/commit/82b6ce28389f0a317bc55ba2091a74b346db7cae
8
reference_url https://github.com/pyca/cryptography/compare/3.3.1...3.3.2
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography/compare/3.3.1...3.3.2
9
reference_url https://github.com/pyca/cryptography/issues/5615
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography/issues/5615
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2021-63.yaml
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2021-63.yaml
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7RGQLK4J5ZQFRLKCHVVG6BKZTUQMG7E
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7RGQLK4J5ZQFRLKCHVVG6BKZTUQMG7E
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7RGQLK4J5ZQFRLKCHVVG6BKZTUQMG7E
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7RGQLK4J5ZQFRLKCHVVG6BKZTUQMG7E
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7RGQLK4J5ZQFRLKCHVVG6BKZTUQMG7E/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7RGQLK4J5ZQFRLKCHVVG6BKZTUQMG7E/
14
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
15
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1926226
reference_id 1926226
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1926226
17
reference_url https://security.archlinux.org/ASA-202102-36
reference_id ASA-202102-36
reference_type
scores
url https://security.archlinux.org/ASA-202102-36
18
reference_url https://security.archlinux.org/AVG-1541
reference_id AVG-1541
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1541
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36242
reference_id CVE-2020-36242
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-36242
20
reference_url https://github.com/pyca/cryptography/security/advisories/GHSA-rhm9-p9w5-fwm7
reference_id GHSA-rhm9-p9w5-fwm7
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography/security/advisories/GHSA-rhm9-p9w5-fwm7
21
reference_url https://security.gentoo.org/glsa/202407-06
reference_id GLSA-202407-06
reference_type
scores
url https://security.gentoo.org/glsa/202407-06
22
reference_url https://access.redhat.com/errata/RHSA-2021:1608
reference_id RHSA-2021:1608
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1608
23
reference_url https://access.redhat.com/errata/RHSA-2021:2239
reference_id RHSA-2021:2239
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2239
fixed_packages
0
url pkg:deb/debian/python-cryptography@3.3.2-1?distro=trixie
purl pkg:deb/debian/python-cryptography@3.3.2-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ac2f-9mbb-pyeh
1
vulnerability VCID-gyar-9xau-nba1
2
vulnerability VCID-jksg-v3x3-z3d3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@3.3.2-1%3Fdistro=trixie
1
url pkg:deb/debian/python-cryptography@38.0.4-3%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-cryptography@38.0.4-3%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ac2f-9mbb-pyeh
1
vulnerability VCID-gyar-9xau-nba1
2
vulnerability VCID-jksg-v3x3-z3d3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@38.0.4-3%252Bdeb12u1%3Fdistro=trixie
2
url pkg:deb/debian/python-cryptography@43.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/python-cryptography@43.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jksg-v3x3-z3d3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@43.0.0-3%252Bdeb13u1%3Fdistro=trixie
3
url pkg:deb/debian/python-cryptography@46.0.7-1?distro=trixie
purl pkg:deb/debian/python-cryptography@46.0.7-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@46.0.7-1%3Fdistro=trixie
aliases CVE-2020-36242, GHSA-rhm9-p9w5-fwm7, PYSEC-2021-63
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ra23-bf9w-2ugf
9
url VCID-u2xn-x2tc-jbd6
vulnerability_id VCID-u2xn-x2tc-jbd6
summary cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23931.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23931.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-23931
reference_id
reference_type
scores
0
value 0.00688
scoring_system epss
scoring_elements 0.72164
published_at 2026-06-05T12:55:00Z
1
value 0.00688
scoring_system epss
scoring_elements 0.72123
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-23931
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23931
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23931
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pyca/cryptography
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography
5
reference_url https://github.com/pyca/cryptography/commit/d6951dca25de45abd52da51b608055371fbcde4e
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography/commit/d6951dca25de45abd52da51b608055371fbcde4e
6
reference_url https://github.com/pyca/cryptography/pull/8230
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography/pull/8230
7
reference_url https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:11Z/
url https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3
8
reference_url https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:11Z/
url https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-11.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-11.yaml
10
reference_url https://lists.debian.org/debian-lts-announce/2024/10/msg00012.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/10/msg00012.html
11
reference_url https://security.netapp.com/advisory/ntap-20230324-0007
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230324-0007
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031049
reference_id 1031049
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031049
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2171817
reference_id 2171817
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2171817
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-23931
reference_id CVE-2023-23931
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-23931
15
reference_url https://github.com/advisories/GHSA-w7pp-m8wf-vj6r
reference_id GHSA-w7pp-m8wf-vj6r
reference_type
scores
url https://github.com/advisories/GHSA-w7pp-m8wf-vj6r
16
reference_url https://security.gentoo.org/glsa/202407-06
reference_id GLSA-202407-06
reference_type
scores
url https://security.gentoo.org/glsa/202407-06
17
reference_url https://access.redhat.com/errata/RHSA-2023:4693
reference_id RHSA-2023:4693
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4693
18
reference_url https://access.redhat.com/errata/RHSA-2023:4971
reference_id RHSA-2023:4971
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4971
19
reference_url https://access.redhat.com/errata/RHSA-2023:6615
reference_id RHSA-2023:6615
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6615
20
reference_url https://access.redhat.com/errata/RHSA-2023:6793
reference_id RHSA-2023:6793
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6793
21
reference_url https://access.redhat.com/errata/RHSA-2023:7096
reference_id RHSA-2023:7096
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7096
22
reference_url https://access.redhat.com/errata/RHSA-2023:7341
reference_id RHSA-2023:7341
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7341
23
reference_url https://access.redhat.com/errata/RHSA-2024:2985
reference_id RHSA-2024:2985
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2985
24
reference_url https://usn.ubuntu.com/6539-1/
reference_id USN-6539-1
reference_type
scores
url https://usn.ubuntu.com/6539-1/
fixed_packages
0
url pkg:deb/debian/python-cryptography@3.3.2-1?distro=trixie
purl pkg:deb/debian/python-cryptography@3.3.2-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ac2f-9mbb-pyeh
1
vulnerability VCID-gyar-9xau-nba1
2
vulnerability VCID-jksg-v3x3-z3d3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@3.3.2-1%3Fdistro=trixie
1
url pkg:deb/debian/python-cryptography@3.3.2-1%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/python-cryptography@3.3.2-1%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@3.3.2-1%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/python-cryptography@38.0.4-3?distro=trixie
purl pkg:deb/debian/python-cryptography@38.0.4-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@38.0.4-3%3Fdistro=trixie
3
url pkg:deb/debian/python-cryptography@38.0.4-3%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-cryptography@38.0.4-3%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ac2f-9mbb-pyeh
1
vulnerability VCID-gyar-9xau-nba1
2
vulnerability VCID-jksg-v3x3-z3d3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@38.0.4-3%252Bdeb12u1%3Fdistro=trixie
4
url pkg:deb/debian/python-cryptography@43.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/python-cryptography@43.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jksg-v3x3-z3d3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@43.0.0-3%252Bdeb13u1%3Fdistro=trixie
5
url pkg:deb/debian/python-cryptography@46.0.7-1?distro=trixie
purl pkg:deb/debian/python-cryptography@46.0.7-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@46.0.7-1%3Fdistro=trixie
aliases CVE-2023-23931, GHSA-w7pp-m8wf-vj6r, PYSEC-2023-11
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u2xn-x2tc-jbd6
10
url VCID-v56n-dpyv-rug7
vulnerability_id VCID-v56n-dpyv-rug7
summary python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25659.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25659.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-25659
reference_id
reference_type
scores
0
value 0.0076
scoring_system epss
scoring_elements 0.73704
published_at 2026-06-04T12:55:00Z
1
value 0.0076
scoring_system epss
scoring_elements 0.73741
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-25659
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25659
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25659
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-hggm-jpg3-v476
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hggm-jpg3-v476
5
reference_url https://github.com/pyca/cryptography
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography
6
reference_url https://github.com/pyca/cryptography/commit/58494b41d6ecb0f56b7c5f05d5f5e3ca0320d494
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography/commit/58494b41d6ecb0f56b7c5f05d5f5e3ca0320d494
7
reference_url https://github.com/pyca/cryptography/pull/5507
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography/pull/5507
8
reference_url https://github.com/pyca/cryptography/pull/5507/commits/ce1bef6f1ee06ac497ca0c837fbd1c7ef6c2472b
reference_id
reference_type
scores
url https://github.com/pyca/cryptography/pull/5507/commits/ce1bef6f1ee06ac497ca0c837fbd1c7ef6c2472b
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2021-62.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2021-62.yaml
10
reference_url https://pypi.org/project/cryptography
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pypi.org/project/cryptography
11
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
12
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1889988
reference_id 1889988
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1889988
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973247
reference_id 973247
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973247
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-25659
reference_id CVE-2020-25659
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-25659
16
reference_url https://github.com/pyca/cryptography/security/advisories/GHSA-hggm-jpg3-v476
reference_id GHSA-hggm-jpg3-v476
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography/security/advisories/GHSA-hggm-jpg3-v476
17
reference_url https://access.redhat.com/errata/RHSA-2021:1608
reference_id RHSA-2021:1608
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1608
18
reference_url https://access.redhat.com/errata/RHSA-2021:2239
reference_id RHSA-2021:2239
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2239
19
reference_url https://usn.ubuntu.com/4613-1/
reference_id USN-4613-1
reference_type
scores
url https://usn.ubuntu.com/4613-1/
fixed_packages
0
url pkg:deb/debian/python-cryptography@3.2.1-1?distro=trixie
purl pkg:deb/debian/python-cryptography@3.2.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@3.2.1-1%3Fdistro=trixie
1
url pkg:deb/debian/python-cryptography@3.3.2-1?distro=trixie
purl pkg:deb/debian/python-cryptography@3.3.2-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ac2f-9mbb-pyeh
1
vulnerability VCID-gyar-9xau-nba1
2
vulnerability VCID-jksg-v3x3-z3d3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@3.3.2-1%3Fdistro=trixie
2
url pkg:deb/debian/python-cryptography@38.0.4-3%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-cryptography@38.0.4-3%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ac2f-9mbb-pyeh
1
vulnerability VCID-gyar-9xau-nba1
2
vulnerability VCID-jksg-v3x3-z3d3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@38.0.4-3%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/python-cryptography@43.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/python-cryptography@43.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jksg-v3x3-z3d3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@43.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/python-cryptography@46.0.7-1?distro=trixie
purl pkg:deb/debian/python-cryptography@46.0.7-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@46.0.7-1%3Fdistro=trixie
aliases CVE-2020-25659, GHSA-hggm-jpg3-v476, PYSEC-2021-62
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v56n-dpyv-rug7
11
url VCID-z9ad-ts2t-1bdj
vulnerability_id VCID-z9ad-ts2t-1bdj
summary cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39892.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39892.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-39892
reference_id
reference_type
scores
0
value 0.00023
scoring_system epss
scoring_elements 0.06858
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-39892
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/pyca/cryptography
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography
4
reference_url https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T19:41:57Z/
url https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-39892
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-39892
6
reference_url http://www.openwall.com/lists/oss-security/2026/04/08/12
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/04/08/12
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133076
reference_id 1133076
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133076
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2456735
reference_id 2456735
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2456735
9
reference_url https://github.com/advisories/GHSA-p423-j2cm-9vmq
reference_id GHSA-p423-j2cm-9vmq
reference_type
scores
url https://github.com/advisories/GHSA-p423-j2cm-9vmq
10
reference_url https://access.redhat.com/errata/RHSA-2026:19375
reference_id RHSA-2026:19375
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19375
11
reference_url https://access.redhat.com/errata/RHSA-2026:20338
reference_id RHSA-2026:20338
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20338
12
reference_url https://access.redhat.com/errata/RHSA-2026:21017
reference_id RHSA-2026:21017
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21017
13
reference_url https://access.redhat.com/errata/RHSA-2026:22465
reference_id RHSA-2026:22465
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22465
14
reference_url https://access.redhat.com/errata/RHSA-2026:22629
reference_id RHSA-2026:22629
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22629
15
reference_url https://access.redhat.com/errata/RHSA-2026:22840
reference_id RHSA-2026:22840
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22840
16
reference_url https://access.redhat.com/errata/RHSA-2026:23361
reference_id RHSA-2026:23361
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:23361
17
reference_url https://access.redhat.com/errata/RHSA-2026:7295
reference_id RHSA-2026:7295
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7295
fixed_packages
0
url pkg:deb/debian/python-cryptography@0?distro=trixie
purl pkg:deb/debian/python-cryptography@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@0%3Fdistro=trixie
1
url pkg:deb/debian/python-cryptography@3.3.2-1?distro=trixie
purl pkg:deb/debian/python-cryptography@3.3.2-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ac2f-9mbb-pyeh
1
vulnerability VCID-gyar-9xau-nba1
2
vulnerability VCID-jksg-v3x3-z3d3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@3.3.2-1%3Fdistro=trixie
2
url pkg:deb/debian/python-cryptography@38.0.4-3%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-cryptography@38.0.4-3%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ac2f-9mbb-pyeh
1
vulnerability VCID-gyar-9xau-nba1
2
vulnerability VCID-jksg-v3x3-z3d3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@38.0.4-3%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/python-cryptography@43.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/python-cryptography@43.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jksg-v3x3-z3d3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@43.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/python-cryptography@46.0.7-1?distro=trixie
purl pkg:deb/debian/python-cryptography@46.0.7-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@46.0.7-1%3Fdistro=trixie
aliases CVE-2026-39892, GHSA-p423-j2cm-9vmq, PYSEC-2026-36
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z9ad-ts2t-1bdj
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/python-cryptography@46.0.7-1%3Fdistro=trixie