Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/cryptography@39.0.2

Type pypi

Namespace

Name cryptography

Version 39.0.2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 46.0.7

Latest_non_vulnerable_version 46.0.7

Affected_by_vulnerabilities

url VCID-dzvc-j4et-ukgu

vulnerability_id VCID-dzvc-j4et-ukgu

summary cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26130.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26130.json

reference_url

https://github.com/pyca/cryptography

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography

reference_url

https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55

reference_url

https://github.com/pyca/cryptography/pull/10423

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/pull/10423

reference_url

https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2024-225.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2024-225.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064778
reference_id	1064778
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064778

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2269617
reference_id	2269617
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2269617

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-26130

reference_id

CVE-2024-26130

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-26130

reference_url	https://github.com/advisories/GHSA-6vqw-3v5j-54x4
reference_id	GHSA-6vqw-3v5j-54x4
reference_type
scores
url	https://github.com/advisories/GHSA-6vqw-3v5j-54x4

reference_url	https://security.gentoo.org/glsa/202407-06
reference_id	GLSA-202407-06
reference_type
scores
url	https://security.gentoo.org/glsa/202407-06

reference_url	https://access.redhat.com/errata/RHSA-2024:3781
reference_id	RHSA-2024:3781
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3781

reference_url	https://access.redhat.com/errata/RHSA-2024:7987
reference_id	RHSA-2024:7987
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:7987

reference_url	https://access.redhat.com/errata/RHSA-2025:1335
reference_id	RHSA-2025:1335
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1335

reference_url	https://access.redhat.com/errata/RHSA-2025:15608
reference_id	RHSA-2025:15608
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15608

fixed_packages

url pkg:pypi/cryptography@42.0.4

purl pkg:pypi/cryptography@42.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jksg-v3x3-z3d3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@42.0.4

aliases CVE-2024-26130, GHSA-6vqw-3v5j-54x4, PYSEC-2024-225

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dzvc-j4et-ukgu

url VCID-jksg-v3x3-z3d3

vulnerability_id VCID-jksg-v3x3-z3d3

summary cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography would allow a peer named bar.example.com to validate against a wildcard leaf certificate for *.example.com, even if the leaf's parent certificate (or upwards) contained an excluded subtree constraint for bar.example.com. This issue has been patched in version 46.0.6.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34073.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34073.json

reference_url

https://github.com/pyca/cryptography

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	1.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography

reference_url

https://github.com/pyca/cryptography/security/advisories/GHSA-m959-cc7f-wv43

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	1.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/security/advisories/GHSA-m959-cc7f-wv43

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-34073

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	1.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-34073

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2453276
reference_id	2453276
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2453276

reference_url	https://access.redhat.com/errata/RHSA-2026:7295
reference_id	RHSA-2026:7295
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7295

fixed_packages

url pkg:pypi/cryptography@46.0.6

purl pkg:pypi/cryptography@46.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-z9ad-ts2t-1bdj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@46.0.6

aliases CVE-2026-34073, GHSA-m959-cc7f-wv43, PYSEC-2026-35

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jksg-v3x3-z3d3

url VCID-n7hx-bfnn-5kgc

vulnerability_id VCID-n7hx-bfnn-5kgc

summary cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49083.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49083.json

reference_url

https://github.com/pyca/cryptography

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography

reference_url

https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a

reference_url

https://github.com/pyca/cryptography/pull/9926

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/pull/9926

reference_url

https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-254.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-254.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2024/10/msg00012.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/10/msg00012.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV/

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV/

reference_url

http://www.openwall.com/lists/oss-security/2023/11/29/2

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2023/11/29/2

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057108
reference_id	1057108
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057108

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2255331
reference_id	2255331
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2255331

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-49083

reference_id

CVE-2023-49083

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-49083

reference_url	https://github.com/advisories/GHSA-jfhm-5ghh-2f97
reference_id	GHSA-jfhm-5ghh-2f97
reference_type
scores
url	https://github.com/advisories/GHSA-jfhm-5ghh-2f97

reference_url	https://security.gentoo.org/glsa/202407-06
reference_id	GLSA-202407-06
reference_type
scores
url	https://security.gentoo.org/glsa/202407-06

reference_url	https://access.redhat.com/errata/RHSA-2024:10965
reference_id	RHSA-2024:10965
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:10965

reference_url	https://access.redhat.com/errata/RHSA-2024:1878
reference_id	RHSA-2024:1878
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1878

reference_url	https://access.redhat.com/errata/RHSA-2024:2337
reference_id	RHSA-2024:2337
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2337

reference_url	https://access.redhat.com/errata/RHSA-2024:3105
reference_id	RHSA-2024:3105
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3105

reference_url	https://access.redhat.com/errata/RHSA-2024:3781
reference_id	RHSA-2024:3781
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3781

reference_url	https://access.redhat.com/errata/RHSA-2025:13098
reference_id	RHSA-2025:13098
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13098

reference_url	https://access.redhat.com/errata/RHSA-2025:13100
reference_id	RHSA-2025:13100
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13100

reference_url	https://access.redhat.com/errata/RHSA-2025:13101
reference_id	RHSA-2025:13101
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13101

reference_url	https://access.redhat.com/errata/RHSA-2025:13102
reference_id	RHSA-2025:13102
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13102

reference_url	https://access.redhat.com/errata/RHSA-2025:13103
reference_id	RHSA-2025:13103
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13103

reference_url	https://access.redhat.com/errata/RHSA-2025:13104
reference_id	RHSA-2025:13104
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13104

reference_url	https://access.redhat.com/errata/RHSA-2025:14553
reference_id	RHSA-2025:14553
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14553

reference_url	https://access.redhat.com/errata/RHSA-2025:15874
reference_id	RHSA-2025:15874
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15874

fixed_packages

url pkg:pypi/cryptography@41.0.6

purl pkg:pypi/cryptography@41.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dzvc-j4et-ukgu

vulnerability	VCID-jksg-v3x3-z3d3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@41.0.6

aliases CVE-2023-49083, GHSA-jfhm-5ghh-2f97, PYSEC-2023-254

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n7hx-bfnn-5kgc

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@39.0.2

Package Instance