Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/phpseclib/phpseclib@3.0.18
Typecomposer
Namespacephpseclib
Namephpseclib
Version3.0.18
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.0.50
Latest_non_vulnerable_version3.0.51
Affected_by_vulnerabilities
0
url VCID-6xjw-f9xu-fkg8
vulnerability_id VCID-6xjw-f9xu-fkg8
summary 
phpseclib a large prime can cause a denial of service
An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service (CPU consumption for an isPrime primality check). NOTE: this issue was introduced when attempting to fix CVE-2023-27560.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-27354
reference_id
reference_type
scores
0
value 0.00204
scoring_system epss
scoring_elements 0.42569
published_at 2026-04-08T12:55:00Z
1
value 0.00204
scoring_system epss
scoring_elements 0.4255
published_at 2026-04-02T12:55:00Z
2
value 0.00204
scoring_system epss
scoring_elements 0.42578
published_at 2026-04-09T12:55:00Z
3
value 0.00204
scoring_system epss
scoring_elements 0.42517
published_at 2026-04-07T12:55:00Z
4
value 0.00204
scoring_system epss
scoring_elements 0.42512
published_at 2026-04-21T12:55:00Z
5
value 0.00204
scoring_system epss
scoring_elements 0.4258
published_at 2026-04-18T12:55:00Z
6
value 0.00204
scoring_system epss
scoring_elements 0.42595
published_at 2026-04-16T12:55:00Z
7
value 0.00204
scoring_system epss
scoring_elements 0.42535
published_at 2026-04-13T12:55:00Z
8
value 0.00204
scoring_system epss
scoring_elements 0.42564
published_at 2026-04-12T12:55:00Z
9
value 0.00204
scoring_system epss
scoring_elements 0.426
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-27354
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27354
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27354
2
reference_url https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-06T15:59:46Z/
url https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b
3
reference_url https://github.com/advisories/GHSA-hg35-mp25-qf6h
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hg35-mp25-qf6h
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2024-27354.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2024-27354.yaml
5
reference_url https://github.com/phpseclib/phpseclib
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib
6
reference_url https://github.com/phpseclib/phpseclib/blob/master/phpseclib/Math/PrimeField.php#L49
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-06T15:59:46Z/
url https://github.com/phpseclib/phpseclib/blob/master/phpseclib/Math/PrimeField.php#L49
7
reference_url https://github.com/phpseclib/phpseclib/commit/2870c8fab3f132d2ed40a66c97a36fe5ab625698
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib/commit/2870c8fab3f132d2ed40a66c97a36fe5ab625698
8
reference_url https://github.com/phpseclib/phpseclib/commit/ad5dbdf2129f5e0fb644637770b7f33de8ca8575
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib/commit/ad5dbdf2129f5e0fb644637770b7f33de8ca8575
9
reference_url https://github.com/phpseclib/phpseclib/commit/c55b75199ec8d12cec6eadf6da99da4a3712fe56
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib/commit/c55b75199ec8d12cec6eadf6da99da4a3712fe56
10
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00002.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-06T15:59:46Z/
url https://lists.debian.org/debian-lts-announce/2024/03/msg00002.html
11
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00003.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-06T15:59:46Z/
url https://lists.debian.org/debian-lts-announce/2024/03/msg00003.html
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27354
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-27354
13
reference_url https://usn.ubuntu.com/7404-1/
reference_id USN-7404-1
reference_type
scores
url https://usn.ubuntu.com/7404-1/
fixed_packages
0
url pkg:composer/phpseclib/phpseclib@3.0.36
purl pkg:composer/phpseclib/phpseclib@3.0.36
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ku5e-5j7s-qyc9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpseclib/phpseclib@3.0.36
aliases CVE-2024-27354, GHSA-hg35-mp25-qf6h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6xjw-f9xu-fkg8
1
url VCID-8h2u-szq5-13ar
vulnerability_id VCID-8h2u-szq5-13ar
summary 
Name confusion in x509 Subject Alternative Name fields
In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-52892
reference_id
reference_type
scores
0
value 0.00183
scoring_system epss
scoring_elements 0.40068
published_at 2026-04-02T12:55:00Z
1
value 0.00183
scoring_system epss
scoring_elements 0.40094
published_at 2026-04-04T12:55:00Z
2
value 0.00188
scoring_system epss
scoring_elements 0.4069
published_at 2026-04-16T12:55:00Z
3
value 0.00188
scoring_system epss
scoring_elements 0.40645
published_at 2026-04-13T12:55:00Z
4
value 0.00188
scoring_system epss
scoring_elements 0.40664
published_at 2026-04-12T12:55:00Z
5
value 0.00188
scoring_system epss
scoring_elements 0.40699
published_at 2026-04-11T12:55:00Z
6
value 0.00188
scoring_system epss
scoring_elements 0.40672
published_at 2026-04-08T12:55:00Z
7
value 0.00188
scoring_system epss
scoring_elements 0.40622
published_at 2026-04-07T12:55:00Z
8
value 0.00188
scoring_system epss
scoring_elements 0.40681
published_at 2026-04-09T12:55:00Z
9
value 0.00188
scoring_system epss
scoring_elements 0.40659
published_at 2026-04-18T12:55:00Z
10
value 0.00225
scoring_system epss
scoring_elements 0.45206
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-52892
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52892
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52892
2
reference_url https://github.com/phpseclib/phpseclib
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib
3
reference_url https://github.com/phpseclib/phpseclib/commit/6cd6e8ceab9f2b55c8cd81d2192bf98cbeaf4627
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-21T19:54:11Z/
url https://github.com/phpseclib/phpseclib/commit/6cd6e8ceab9f2b55c8cd81d2192bf98cbeaf4627
4
reference_url https://github.com/phpseclib/phpseclib/issues/1943
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-21T19:54:11Z/
url https://github.com/phpseclib/phpseclib/issues/1943
5
reference_url https://github.com/phpseclib/phpseclib/releases/tag/3.0.33
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-21T19:54:11Z/
url https://github.com/phpseclib/phpseclib/releases/tag/3.0.33
6
reference_url https://github.com/x509-name-testing/name_testing_artifacts
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-21T19:54:11Z/
url https://github.com/x509-name-testing/name_testing_artifacts
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-52892
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-52892
8
reference_url https://github.com/advisories/GHSA-ff7q-6vwh-v9m4
reference_id GHSA-ff7q-6vwh-v9m4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ff7q-6vwh-v9m4
9
reference_url https://usn.ubuntu.com/7404-1/
reference_id USN-7404-1
reference_type
scores
url https://usn.ubuntu.com/7404-1/
fixed_packages
0
url pkg:composer/phpseclib/phpseclib@3.0.33
purl pkg:composer/phpseclib/phpseclib@3.0.33
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6xjw-f9xu-fkg8
1
vulnerability VCID-ars3-xpyv-jbf1
2
vulnerability VCID-ku5e-5j7s-qyc9
3
vulnerability VCID-zxph-sjym-kqhg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpseclib/phpseclib@3.0.33
aliases CVE-2023-52892, GHSA-ff7q-6vwh-v9m4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8h2u-szq5-13ar
2
url VCID-ars3-xpyv-jbf1
vulnerability_id VCID-ars3-xpyv-jbf1
summary 
phpseclib does not properly limit the ASN1 OID length
An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service (CPU consumption for decodeOID).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-27355
reference_id
reference_type
scores
0
value 0.00204
scoring_system epss
scoring_elements 0.42564
published_at 2026-04-12T12:55:00Z
1
value 0.00204
scoring_system epss
scoring_elements 0.42512
published_at 2026-04-21T12:55:00Z
2
value 0.00204
scoring_system epss
scoring_elements 0.4258
published_at 2026-04-18T12:55:00Z
3
value 0.00204
scoring_system epss
scoring_elements 0.42595
published_at 2026-04-16T12:55:00Z
4
value 0.00204
scoring_system epss
scoring_elements 0.42535
published_at 2026-04-13T12:55:00Z
5
value 0.00204
scoring_system epss
scoring_elements 0.4255
published_at 2026-04-02T12:55:00Z
6
value 0.00204
scoring_system epss
scoring_elements 0.42578
published_at 2026-04-09T12:55:00Z
7
value 0.00204
scoring_system epss
scoring_elements 0.42517
published_at 2026-04-07T12:55:00Z
8
value 0.00204
scoring_system epss
scoring_elements 0.42569
published_at 2026-04-08T12:55:00Z
9
value 0.00204
scoring_system epss
scoring_elements 0.426
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-27355
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27355
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27355
2
reference_url https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:10:07Z/
url https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b
3
reference_url https://github.com/advisories/GHSA-jr22-8qgm-4q87
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-jr22-8qgm-4q87
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2024-27355.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2024-27355.yaml
5
reference_url https://github.com/phpseclib/phpseclib
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib
6
reference_url https://github.com/phpseclib/phpseclib/blob/978d081fe50ff92879c50ff143c62a143edb0117/phpseclib/File/ASN1.php#L1129
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:10:07Z/
url https://github.com/phpseclib/phpseclib/blob/978d081fe50ff92879c50ff143c62a143edb0117/phpseclib/File/ASN1.php#L1129
7
reference_url https://github.com/phpseclib/phpseclib/commit/e32531001b4d62c66c3d824ccef54ffad835eb59
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib/commit/e32531001b4d62c66c3d824ccef54ffad835eb59
8
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00002.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:10:07Z/
url https://lists.debian.org/debian-lts-announce/2024/03/msg00002.html
9
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00003.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:10:07Z/
url https://lists.debian.org/debian-lts-announce/2024/03/msg00003.html
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27355
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-27355
11
reference_url https://usn.ubuntu.com/7404-1/
reference_id USN-7404-1
reference_type
scores
url https://usn.ubuntu.com/7404-1/
fixed_packages
0
url pkg:composer/phpseclib/phpseclib@3.0.36
purl pkg:composer/phpseclib/phpseclib@3.0.36
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ku5e-5j7s-qyc9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpseclib/phpseclib@3.0.36
aliases CVE-2024-27355, GHSA-jr22-8qgm-4q87
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ars3-xpyv-jbf1
3
url VCID-ku5e-5j7s-qyc9
vulnerability_id VCID-ku5e-5j7s-qyc9
summary 
phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack
### Impact
Those using AES in CBC mode may be susceptible to a padding oracle timing attack.

### Patches
https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788

### Workarounds
Use AES in CTR, CFB or OFB modes
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-32935
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02587
published_at 2026-04-16T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02604
published_at 2026-04-13T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.02595
published_at 2026-04-18T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.02838
published_at 2026-04-07T12:55:00Z
4
value 0.00015
scoring_system epss
scoring_elements 0.0284
published_at 2026-04-08T12:55:00Z
5
value 0.00015
scoring_system epss
scoring_elements 0.02816
published_at 2026-04-02T12:55:00Z
6
value 0.00015
scoring_system epss
scoring_elements 0.0283
published_at 2026-04-11T12:55:00Z
7
value 0.00015
scoring_system epss
scoring_elements 0.02811
published_at 2026-04-12T12:55:00Z
8
value 0.00015
scoring_system epss
scoring_elements 0.02861
published_at 2026-04-09T12:55:00Z
9
value 0.0002
scoring_system epss
scoring_elements 0.05315
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-32935
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32935
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32935
2
reference_url https://github.com/phpseclib/phpseclib
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib
3
reference_url https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T16:31:59Z/
url https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788
4
reference_url https://github.com/phpseclib/phpseclib/security/advisories/GHSA-94g3-g5v7-q4jg
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T16:31:59Z/
url https://github.com/phpseclib/phpseclib/security/advisories/GHSA-94g3-g5v7-q4jg
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-32935
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-32935
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131482
reference_id 1131482
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131482
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131483
reference_id 1131483
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131483
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131484
reference_id 1131484
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131484
9
reference_url https://github.com/advisories/GHSA-94g3-g5v7-q4jg
reference_id GHSA-94g3-g5v7-q4jg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-94g3-g5v7-q4jg
fixed_packages
0
url pkg:composer/phpseclib/phpseclib@3.0.50
purl pkg:composer/phpseclib/phpseclib@3.0.50
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpseclib/phpseclib@3.0.50
aliases CVE-2026-32935, GHSA-94g3-g5v7-q4jg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ku5e-5j7s-qyc9
4
url VCID-wnyn-2dp2-uuer
vulnerability_id VCID-wnyn-2dp2-uuer
summary 
phpseclib Infinite Loop vulnerability
Math/PrimeField.php in phpseclib has an infinite loop with composite primefields. This vulnerability was introduced in version 3.0.0, and has been patched in 3.0.19. The CVE for this issue originally identified the the vulnerable version as 2.x, however, the vulnerable functionality was not introduced until version 3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27560
reference_id
reference_type
scores
0
value 0.00269
scoring_system epss
scoring_elements 0.50446
published_at 2026-04-21T12:55:00Z
1
value 0.00269
scoring_system epss
scoring_elements 0.50391
published_at 2026-04-02T12:55:00Z
2
value 0.00269
scoring_system epss
scoring_elements 0.5042
published_at 2026-04-04T12:55:00Z
3
value 0.00269
scoring_system epss
scoring_elements 0.50373
published_at 2026-04-07T12:55:00Z
4
value 0.00269
scoring_system epss
scoring_elements 0.50426
published_at 2026-04-08T12:55:00Z
5
value 0.00269
scoring_system epss
scoring_elements 0.50419
published_at 2026-04-09T12:55:00Z
6
value 0.00269
scoring_system epss
scoring_elements 0.5046
published_at 2026-04-11T12:55:00Z
7
value 0.00269
scoring_system epss
scoring_elements 0.50437
published_at 2026-04-12T12:55:00Z
8
value 0.00269
scoring_system epss
scoring_elements 0.50423
published_at 2026-04-13T12:55:00Z
9
value 0.00269
scoring_system epss
scoring_elements 0.50465
published_at 2026-04-16T12:55:00Z
10
value 0.00269
scoring_system epss
scoring_elements 0.5047
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27560
1
reference_url https://github.com/phpseclib/phpseclib
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib
2
reference_url https://github.com/phpseclib/phpseclib/commit/6298d1cd55c3ffa44533bd41906caec246b60440
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-06T20:16:55Z/
url https://github.com/phpseclib/phpseclib/commit/6298d1cd55c3ffa44533bd41906caec246b60440
3
reference_url https://github.com/phpseclib/phpseclib/commit/6298d1cd55c3ffa44533bd41906caec246b60440#commitcomment-103226722
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib/commit/6298d1cd55c3ffa44533bd41906caec246b60440#commitcomment-103226722
4
reference_url https://github.com/phpseclib/phpseclib/releases/tag/3.0.19
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-06T20:16:55Z/
url https://github.com/phpseclib/phpseclib/releases/tag/3.0.19
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032371
reference_id 1032371
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032371
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27560
reference_id CVE-2023-27560
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-27560
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2023-27560.yaml
reference_id CVE-2023-27560.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2023-27560.yaml
8
reference_url https://github.com/advisories/GHSA-hm7p-r324-hhf3
reference_id GHSA-hm7p-r324-hhf3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hm7p-r324-hhf3
fixed_packages
0
url pkg:composer/phpseclib/phpseclib@3.0.19
purl pkg:composer/phpseclib/phpseclib@3.0.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6xjw-f9xu-fkg8
1
vulnerability VCID-8h2u-szq5-13ar
2
vulnerability VCID-ars3-xpyv-jbf1
3
vulnerability VCID-ku5e-5j7s-qyc9
4
vulnerability VCID-zxph-sjym-kqhg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpseclib/phpseclib@3.0.19
aliases CVE-2023-27560, GHSA-hm7p-r324-hhf3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wnyn-2dp2-uuer
5
url VCID-zxph-sjym-kqhg
vulnerability_id VCID-zxph-sjym-kqhg
summary 
phpseclib vulnerable to denial of service
In Math/BinaryField.php in phpseclib before 3.0.34, excessively large degrees can lead to a denial of service.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49316
reference_id
reference_type
scores
0
value 0.00149
scoring_system epss
scoring_elements 0.35521
published_at 2026-04-04T12:55:00Z
1
value 0.00149
scoring_system epss
scoring_elements 0.35394
published_at 2026-04-21T12:55:00Z
2
value 0.00149
scoring_system epss
scoring_elements 0.35446
published_at 2026-04-18T12:55:00Z
3
value 0.00149
scoring_system epss
scoring_elements 0.35458
published_at 2026-04-16T12:55:00Z
4
value 0.00149
scoring_system epss
scoring_elements 0.35418
published_at 2026-04-13T12:55:00Z
5
value 0.00149
scoring_system epss
scoring_elements 0.35442
published_at 2026-04-12T12:55:00Z
6
value 0.00149
scoring_system epss
scoring_elements 0.35485
published_at 2026-04-11T12:55:00Z
7
value 0.00149
scoring_system epss
scoring_elements 0.35475
published_at 2026-04-09T12:55:00Z
8
value 0.00149
scoring_system epss
scoring_elements 0.35496
published_at 2026-04-02T12:55:00Z
9
value 0.00149
scoring_system epss
scoring_elements 0.3545
published_at 2026-04-08T12:55:00Z
10
value 0.00149
scoring_system epss
scoring_elements 0.35404
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49316
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2023-49316.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2023-49316.yaml
2
reference_url https://github.com/phpseclib/phpseclib
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib
3
reference_url https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f
4
reference_url https://github.com/phpseclib/phpseclib/releases/tag/3.0.34
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib/releases/tag/3.0.34
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057008
reference_id 1057008
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057008
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-49316
reference_id CVE-2023-49316
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-49316
7
reference_url https://github.com/advisories/GHSA-jpr7-q523-hx25
reference_id GHSA-jpr7-q523-hx25
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-jpr7-q523-hx25
fixed_packages
0
url pkg:composer/phpseclib/phpseclib@3.0.34
purl pkg:composer/phpseclib/phpseclib@3.0.34
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6xjw-f9xu-fkg8
1
vulnerability VCID-ars3-xpyv-jbf1
2
vulnerability VCID-ku5e-5j7s-qyc9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpseclib/phpseclib@3.0.34
aliases CVE-2023-49316, GHSA-jpr7-q523-hx25
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zxph-sjym-kqhg
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/phpseclib/phpseclib@3.0.18