Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/phpseclib/phpseclib@2.0.28
Typecomposer
Namespacephpseclib
Namephpseclib
Version2.0.28
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.0.52
Latest_non_vulnerable_version3.0.51
Affected_by_vulnerabilities
0
url VCID-6xjw-f9xu-fkg8
vulnerability_id VCID-6xjw-f9xu-fkg8
summary 
phpseclib a large prime can cause a denial of service
An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service (CPU consumption for an isPrime primality check). NOTE: this issue was introduced when attempting to fix CVE-2023-27560.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-27354
reference_id
reference_type
scores
0
value 0.00204
scoring_system epss
scoring_elements 0.42569
published_at 2026-04-08T12:55:00Z
1
value 0.00204
scoring_system epss
scoring_elements 0.4255
published_at 2026-04-02T12:55:00Z
2
value 0.00204
scoring_system epss
scoring_elements 0.42578
published_at 2026-04-09T12:55:00Z
3
value 0.00204
scoring_system epss
scoring_elements 0.42517
published_at 2026-04-07T12:55:00Z
4
value 0.00204
scoring_system epss
scoring_elements 0.42512
published_at 2026-04-21T12:55:00Z
5
value 0.00204
scoring_system epss
scoring_elements 0.4258
published_at 2026-04-18T12:55:00Z
6
value 0.00204
scoring_system epss
scoring_elements 0.42595
published_at 2026-04-16T12:55:00Z
7
value 0.00204
scoring_system epss
scoring_elements 0.42535
published_at 2026-04-13T12:55:00Z
8
value 0.00204
scoring_system epss
scoring_elements 0.42564
published_at 2026-04-12T12:55:00Z
9
value 0.00204
scoring_system epss
scoring_elements 0.426
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-27354
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27354
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27354
2
reference_url https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-06T15:59:46Z/
url https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b
3
reference_url https://github.com/advisories/GHSA-hg35-mp25-qf6h
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hg35-mp25-qf6h
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2024-27354.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2024-27354.yaml
5
reference_url https://github.com/phpseclib/phpseclib
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib
6
reference_url https://github.com/phpseclib/phpseclib/blob/master/phpseclib/Math/PrimeField.php#L49
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-06T15:59:46Z/
url https://github.com/phpseclib/phpseclib/blob/master/phpseclib/Math/PrimeField.php#L49
7
reference_url https://github.com/phpseclib/phpseclib/commit/2870c8fab3f132d2ed40a66c97a36fe5ab625698
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib/commit/2870c8fab3f132d2ed40a66c97a36fe5ab625698
8
reference_url https://github.com/phpseclib/phpseclib/commit/ad5dbdf2129f5e0fb644637770b7f33de8ca8575
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib/commit/ad5dbdf2129f5e0fb644637770b7f33de8ca8575
9
reference_url https://github.com/phpseclib/phpseclib/commit/c55b75199ec8d12cec6eadf6da99da4a3712fe56
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib/commit/c55b75199ec8d12cec6eadf6da99da4a3712fe56
10
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00002.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-06T15:59:46Z/
url https://lists.debian.org/debian-lts-announce/2024/03/msg00002.html
11
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00003.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-06T15:59:46Z/
url https://lists.debian.org/debian-lts-announce/2024/03/msg00003.html
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27354
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-27354
13
reference_url https://usn.ubuntu.com/7404-1/
reference_id USN-7404-1
reference_type
scores
url https://usn.ubuntu.com/7404-1/
fixed_packages
0
url pkg:composer/phpseclib/phpseclib@2.0.47
purl pkg:composer/phpseclib/phpseclib@2.0.47
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ku5e-5j7s-qyc9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpseclib/phpseclib@2.0.47
1
url pkg:composer/phpseclib/phpseclib@3.0.36
purl pkg:composer/phpseclib/phpseclib@3.0.36
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ku5e-5j7s-qyc9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpseclib/phpseclib@3.0.36
aliases CVE-2024-27354, GHSA-hg35-mp25-qf6h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6xjw-f9xu-fkg8
1
url VCID-8h2u-szq5-13ar
vulnerability_id VCID-8h2u-szq5-13ar
summary 
Name confusion in x509 Subject Alternative Name fields
In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-52892
reference_id
reference_type
scores
0
value 0.00183
scoring_system epss
scoring_elements 0.40068
published_at 2026-04-02T12:55:00Z
1
value 0.00183
scoring_system epss
scoring_elements 0.40094
published_at 2026-04-04T12:55:00Z
2
value 0.00188
scoring_system epss
scoring_elements 0.4069
published_at 2026-04-16T12:55:00Z
3
value 0.00188
scoring_system epss
scoring_elements 0.40645
published_at 2026-04-13T12:55:00Z
4
value 0.00188
scoring_system epss
scoring_elements 0.40664
published_at 2026-04-12T12:55:00Z
5
value 0.00188
scoring_system epss
scoring_elements 0.40699
published_at 2026-04-11T12:55:00Z
6
value 0.00188
scoring_system epss
scoring_elements 0.40672
published_at 2026-04-08T12:55:00Z
7
value 0.00188
scoring_system epss
scoring_elements 0.40622
published_at 2026-04-07T12:55:00Z
8
value 0.00188
scoring_system epss
scoring_elements 0.40681
published_at 2026-04-09T12:55:00Z
9
value 0.00188
scoring_system epss
scoring_elements 0.40659
published_at 2026-04-18T12:55:00Z
10
value 0.00225
scoring_system epss
scoring_elements 0.45206
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-52892
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52892
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52892
2
reference_url https://github.com/phpseclib/phpseclib
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib
3
reference_url https://github.com/phpseclib/phpseclib/commit/6cd6e8ceab9f2b55c8cd81d2192bf98cbeaf4627
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-21T19:54:11Z/
url https://github.com/phpseclib/phpseclib/commit/6cd6e8ceab9f2b55c8cd81d2192bf98cbeaf4627
4
reference_url https://github.com/phpseclib/phpseclib/issues/1943
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-21T19:54:11Z/
url https://github.com/phpseclib/phpseclib/issues/1943
5
reference_url https://github.com/phpseclib/phpseclib/releases/tag/3.0.33
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-21T19:54:11Z/
url https://github.com/phpseclib/phpseclib/releases/tag/3.0.33
6
reference_url https://github.com/x509-name-testing/name_testing_artifacts
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-21T19:54:11Z/
url https://github.com/x509-name-testing/name_testing_artifacts
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-52892
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-52892
8
reference_url https://github.com/advisories/GHSA-ff7q-6vwh-v9m4
reference_id GHSA-ff7q-6vwh-v9m4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ff7q-6vwh-v9m4
9
reference_url https://usn.ubuntu.com/7404-1/
reference_id USN-7404-1
reference_type
scores
url https://usn.ubuntu.com/7404-1/
fixed_packages
0
url pkg:composer/phpseclib/phpseclib@2.0.46
purl pkg:composer/phpseclib/phpseclib@2.0.46
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6xjw-f9xu-fkg8
1
vulnerability VCID-ars3-xpyv-jbf1
2
vulnerability VCID-ku5e-5j7s-qyc9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpseclib/phpseclib@2.0.46
1
url pkg:composer/phpseclib/phpseclib@3.0.33
purl pkg:composer/phpseclib/phpseclib@3.0.33
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6xjw-f9xu-fkg8
1
vulnerability VCID-ars3-xpyv-jbf1
2
vulnerability VCID-ku5e-5j7s-qyc9
3
vulnerability VCID-zxph-sjym-kqhg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpseclib/phpseclib@3.0.33
aliases CVE-2023-52892, GHSA-ff7q-6vwh-v9m4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8h2u-szq5-13ar
2
url VCID-ars3-xpyv-jbf1
vulnerability_id VCID-ars3-xpyv-jbf1
summary 
phpseclib does not properly limit the ASN1 OID length
An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service (CPU consumption for decodeOID).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-27355
reference_id
reference_type
scores
0
value 0.00204
scoring_system epss
scoring_elements 0.42564
published_at 2026-04-12T12:55:00Z
1
value 0.00204
scoring_system epss
scoring_elements 0.42512
published_at 2026-04-21T12:55:00Z
2
value 0.00204
scoring_system epss
scoring_elements 0.4258
published_at 2026-04-18T12:55:00Z
3
value 0.00204
scoring_system epss
scoring_elements 0.42595
published_at 2026-04-16T12:55:00Z
4
value 0.00204
scoring_system epss
scoring_elements 0.42535
published_at 2026-04-13T12:55:00Z
5
value 0.00204
scoring_system epss
scoring_elements 0.4255
published_at 2026-04-02T12:55:00Z
6
value 0.00204
scoring_system epss
scoring_elements 0.42578
published_at 2026-04-09T12:55:00Z
7
value 0.00204
scoring_system epss
scoring_elements 0.42517
published_at 2026-04-07T12:55:00Z
8
value 0.00204
scoring_system epss
scoring_elements 0.42569
published_at 2026-04-08T12:55:00Z
9
value 0.00204
scoring_system epss
scoring_elements 0.426
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-27355
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27355
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27355
2
reference_url https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:10:07Z/
url https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b
3
reference_url https://github.com/advisories/GHSA-jr22-8qgm-4q87
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-jr22-8qgm-4q87
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2024-27355.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2024-27355.yaml
5
reference_url https://github.com/phpseclib/phpseclib
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib
6
reference_url https://github.com/phpseclib/phpseclib/blob/978d081fe50ff92879c50ff143c62a143edb0117/phpseclib/File/ASN1.php#L1129
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:10:07Z/
url https://github.com/phpseclib/phpseclib/blob/978d081fe50ff92879c50ff143c62a143edb0117/phpseclib/File/ASN1.php#L1129
7
reference_url https://github.com/phpseclib/phpseclib/commit/e32531001b4d62c66c3d824ccef54ffad835eb59
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib/commit/e32531001b4d62c66c3d824ccef54ffad835eb59
8
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00002.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:10:07Z/
url https://lists.debian.org/debian-lts-announce/2024/03/msg00002.html
9
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00003.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:10:07Z/
url https://lists.debian.org/debian-lts-announce/2024/03/msg00003.html
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27355
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-27355
11
reference_url https://usn.ubuntu.com/7404-1/
reference_id USN-7404-1
reference_type
scores
url https://usn.ubuntu.com/7404-1/
fixed_packages
0
url pkg:composer/phpseclib/phpseclib@2.0.47
purl pkg:composer/phpseclib/phpseclib@2.0.47
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ku5e-5j7s-qyc9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpseclib/phpseclib@2.0.47
1
url pkg:composer/phpseclib/phpseclib@3.0.36
purl pkg:composer/phpseclib/phpseclib@3.0.36
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ku5e-5j7s-qyc9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpseclib/phpseclib@3.0.36
aliases CVE-2024-27355, GHSA-jr22-8qgm-4q87
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ars3-xpyv-jbf1
3
url VCID-ku5e-5j7s-qyc9
vulnerability_id VCID-ku5e-5j7s-qyc9
summary 
phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack
### Impact
Those using AES in CBC mode may be susceptible to a padding oracle timing attack.

### Patches
https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788

### Workarounds
Use AES in CTR, CFB or OFB modes
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-32935
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02587
published_at 2026-04-16T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02604
published_at 2026-04-13T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.02595
published_at 2026-04-18T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.02838
published_at 2026-04-07T12:55:00Z
4
value 0.00015
scoring_system epss
scoring_elements 0.0284
published_at 2026-04-08T12:55:00Z
5
value 0.00015
scoring_system epss
scoring_elements 0.02816
published_at 2026-04-02T12:55:00Z
6
value 0.00015
scoring_system epss
scoring_elements 0.0283
published_at 2026-04-11T12:55:00Z
7
value 0.00015
scoring_system epss
scoring_elements 0.02811
published_at 2026-04-12T12:55:00Z
8
value 0.00015
scoring_system epss
scoring_elements 0.02861
published_at 2026-04-09T12:55:00Z
9
value 0.0002
scoring_system epss
scoring_elements 0.05315
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-32935
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32935
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32935
2
reference_url https://github.com/phpseclib/phpseclib
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib
3
reference_url https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T16:31:59Z/
url https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788
4
reference_url https://github.com/phpseclib/phpseclib/security/advisories/GHSA-94g3-g5v7-q4jg
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T16:31:59Z/
url https://github.com/phpseclib/phpseclib/security/advisories/GHSA-94g3-g5v7-q4jg
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-32935
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-32935
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131482
reference_id 1131482
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131482
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131483
reference_id 1131483
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131483
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131484
reference_id 1131484
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131484
9
reference_url https://github.com/advisories/GHSA-94g3-g5v7-q4jg
reference_id GHSA-94g3-g5v7-q4jg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-94g3-g5v7-q4jg
fixed_packages
0
url pkg:composer/phpseclib/phpseclib@2.0.52
purl pkg:composer/phpseclib/phpseclib@2.0.52
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpseclib/phpseclib@2.0.52
1
url pkg:composer/phpseclib/phpseclib@3.0.50
purl pkg:composer/phpseclib/phpseclib@3.0.50
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpseclib/phpseclib@3.0.50
aliases CVE-2026-32935, GHSA-94g3-g5v7-q4jg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ku5e-5j7s-qyc9
4
url VCID-ndjx-6ned-93bd
vulnerability_id VCID-ndjx-6ned-93bd
summary 
Improper Certificate Validation in phpseclib
phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-30130
reference_id
reference_type
scores
0
value 0.00595
scoring_system epss
scoring_elements 0.69353
published_at 2026-04-16T12:55:00Z
1
value 0.00595
scoring_system epss
scoring_elements 0.69343
published_at 2026-04-21T12:55:00Z
2
value 0.00595
scoring_system epss
scoring_elements 0.69363
published_at 2026-04-18T12:55:00Z
3
value 0.00595
scoring_system epss
scoring_elements 0.69257
published_at 2026-04-01T12:55:00Z
4
value 0.00595
scoring_system epss
scoring_elements 0.6927
published_at 2026-04-02T12:55:00Z
5
value 0.00595
scoring_system epss
scoring_elements 0.69288
published_at 2026-04-04T12:55:00Z
6
value 0.00595
scoring_system epss
scoring_elements 0.69269
published_at 2026-04-07T12:55:00Z
7
value 0.00595
scoring_system epss
scoring_elements 0.69318
published_at 2026-04-08T12:55:00Z
8
value 0.00595
scoring_system epss
scoring_elements 0.69336
published_at 2026-04-09T12:55:00Z
9
value 0.00595
scoring_system epss
scoring_elements 0.69358
published_at 2026-04-11T12:55:00Z
10
value 0.00595
scoring_system epss
scoring_elements 0.69342
published_at 2026-04-12T12:55:00Z
11
value 0.00595
scoring_system epss
scoring_elements 0.69314
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-30130
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30130
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30130
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2021-30130.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2021-30130.yaml
3
reference_url https://github.com/phpseclib/phpseclib/pull/1635
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib/pull/1635
4
reference_url https://github.com/phpseclib/phpseclib/releases/tag/2.0.31
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib/releases/tag/2.0.31
5
reference_url https://github.com/phpseclib/phpseclib/releases/tag/3.0.7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib/releases/tag/3.0.7
6
reference_url https://lists.debian.org/debian-lts-announce/2022/11/msg00024.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/11/msg00024.html
7
reference_url https://lists.debian.org/debian-lts-announce/2022/11/msg00025.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/11/msg00025.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-30130
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-30130
9
reference_url https://github.com/advisories/GHSA-vf4w-fg7r-5v94
reference_id GHSA-vf4w-fg7r-5v94
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vf4w-fg7r-5v94
10
reference_url https://usn.ubuntu.com/7404-1/
reference_id USN-7404-1
reference_type
scores
url https://usn.ubuntu.com/7404-1/
fixed_packages
0
url pkg:composer/phpseclib/phpseclib@2.0.31
purl pkg:composer/phpseclib/phpseclib@2.0.31
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6xjw-f9xu-fkg8
1
vulnerability VCID-8h2u-szq5-13ar
2
vulnerability VCID-ars3-xpyv-jbf1
3
vulnerability VCID-ku5e-5j7s-qyc9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpseclib/phpseclib@2.0.31
1
url pkg:composer/phpseclib/phpseclib@3.0.7
purl pkg:composer/phpseclib/phpseclib@3.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6xjw-f9xu-fkg8
1
vulnerability VCID-8h2u-szq5-13ar
2
vulnerability VCID-ars3-xpyv-jbf1
3
vulnerability VCID-ku5e-5j7s-qyc9
4
vulnerability VCID-wnyn-2dp2-uuer
5
vulnerability VCID-zxph-sjym-kqhg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpseclib/phpseclib@3.0.7
aliases CVE-2021-30130, GHSA-vf4w-fg7r-5v94
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ndjx-6ned-93bd
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/phpseclib/phpseclib@2.0.28