Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/cryptography@0.2.1
Typepypi
Namespace
Namecryptography
Version0.2.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version46.0.5
Latest_non_vulnerable_version46.0.7
Affected_by_vulnerabilities
0
url VCID-f44c-ygbw-bufn
vulnerability_id VCID-f44c-ygbw-bufn
summary 
cryptography Vulnerable to a Subgroup Attack Due to Missing Subgroup Validation for SECT Curves
## Vulnerability Summary

The `public_key_from_numbers` (or `EllipticCurvePublicNumbers.public_key()`), `EllipticCurvePublicNumbers.public_key()`, `load_der_public_key()` and `load_pem_public_key()` functions do not verify that the point belongs to the expected prime-order subgroup of the curve.

This missing validation allows an attacker to provide a public key point `P` from a small-order subgroup.  This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as `S = [victim_private_key]P` via ECDH,  this leaks information about `victim_private_key mod (small_subgroup_order)`. For curves with cofactor > 1, this reveals the least significant bits of the private key.  When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup.

Only SECT curves are impacted by this.

## Credit

This vulnerability was discovered by:
- XlabAI Team of Tencent Xuanwu Lab
- Atuin Automated Vulnerability Discovery Engine
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26007.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26007.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-26007
reference_id
reference_type
scores
0
value 8e-05
scoring_system epss
scoring_elements 0.00684
published_at 2026-04-16T12:55:00Z
1
value 8e-05
scoring_system epss
scoring_elements 0.00691
published_at 2026-04-13T12:55:00Z
2
value 8e-05
scoring_system epss
scoring_elements 0.00697
published_at 2026-04-11T12:55:00Z
3
value 8e-05
scoring_system epss
scoring_elements 0.00707
published_at 2026-04-08T12:55:00Z
4
value 8e-05
scoring_system epss
scoring_elements 0.00708
published_at 2026-04-07T12:55:00Z
5
value 9e-05
scoring_system epss
scoring_elements 0.00944
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-26007
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26007
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26007
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pyca/cryptography
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography
5
reference_url https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:28:38Z/
url https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c
6
reference_url https://github.com/pyca/cryptography/releases/tag/46.0.5
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography/releases/tag/46.0.5
7
reference_url https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:28:38Z/
url https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-26007
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-26007
9
reference_url http://www.openwall.com/lists/oss-security/2026/02/10/4
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/02/10/4
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127926
reference_id 1127926
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127926
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2438762
reference_id 2438762
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2438762
12
reference_url https://github.com/advisories/GHSA-r6ph-v2qm-q3c2
reference_id GHSA-r6ph-v2qm-q3c2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r6ph-v2qm-q3c2
13
reference_url https://access.redhat.com/errata/RHSA-2026:2694
reference_id RHSA-2026:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2694
14
reference_url https://access.redhat.com/errata/RHSA-2026:5168
reference_id RHSA-2026:5168
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5168
15
reference_url https://access.redhat.com/errata/RHSA-2026:5665
reference_id RHSA-2026:5665
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5665
16
reference_url https://access.redhat.com/errata/RHSA-2026:6308
reference_id RHSA-2026:6308
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6308
17
reference_url https://access.redhat.com/errata/RHSA-2026:6309
reference_id RHSA-2026:6309
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6309
18
reference_url https://access.redhat.com/errata/RHSA-2026:6404
reference_id RHSA-2026:6404
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6404
19
reference_url https://access.redhat.com/errata/RHSA-2026:6497
reference_id RHSA-2026:6497
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6497
20
reference_url https://access.redhat.com/errata/RHSA-2026:6567
reference_id RHSA-2026:6567
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6567
21
reference_url https://access.redhat.com/errata/RHSA-2026:6568
reference_id RHSA-2026:6568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6568
22
reference_url https://usn.ubuntu.com/8087-1/
reference_id USN-8087-1
reference_type
scores
url https://usn.ubuntu.com/8087-1/
fixed_packages
0
url pkg:pypi/cryptography@46.0.5
purl pkg:pypi/cryptography@46.0.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@46.0.5
aliases CVE-2026-26007, GHSA-r6ph-v2qm-q3c2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f44c-ygbw-bufn
1
url VCID-hpev-apm4-sqfw
vulnerability_id VCID-hpev-apm4-sqfw
summary 
Null pointer dereference in PKCS12 parsing
Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL
to crash leading to a potential Denial of Service attack

Impact summary: Applications loading files in the PKCS12 format from untrusted
sources might terminate abruptly.

A file in PKCS12 format can contain certificates and keys and may come from an
untrusted source. The PKCS12 specification allows certain fields to be NULL, but
OpenSSL does not correctly check for this case. This can lead to a NULL pointer
dereference that results in OpenSSL crashing. If an application processes PKCS12
files from an untrusted source using the OpenSSL APIs then that application will
be vulnerable to this issue.

OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),
PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()
and PKCS12_newpass().

We have also fixed a similar issue in SMIME_write_PKCS7(). However since this
function is related to writing data we do not consider it security significant.

The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0727.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0727.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-0727
reference_id
reference_type
scores
0
value 0.00236
scoring_system epss
scoring_elements 0.46593
published_at 2026-04-16T12:55:00Z
1
value 0.00236
scoring_system epss
scoring_elements 0.46556
published_at 2026-04-11T12:55:00Z
2
value 0.00236
scoring_system epss
scoring_elements 0.46528
published_at 2026-04-12T12:55:00Z
3
value 0.00236
scoring_system epss
scoring_elements 0.46509
published_at 2026-04-02T12:55:00Z
4
value 0.00236
scoring_system epss
scoring_elements 0.46537
published_at 2026-04-13T12:55:00Z
5
value 0.00236
scoring_system epss
scoring_elements 0.46529
published_at 2026-04-04T12:55:00Z
6
value 0.00236
scoring_system epss
scoring_elements 0.46477
published_at 2026-04-07T12:55:00Z
7
value 0.00236
scoring_system epss
scoring_elements 0.46533
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-0727
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0727
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0727
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2
5
reference_url https://github.com/github/advisory-database/pull/3472
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/pull/3472
6
reference_url https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:15:21Z/
url https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2
7
reference_url https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:15:21Z/
url https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a
8
reference_url https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:15:21Z/
url https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c
9
reference_url https://github.com/openssl/openssl/pull/23362
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openssl/openssl/pull/23362
10
reference_url https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d
11
reference_url https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:15:21Z/
url https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8
12
reference_url https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:15:21Z/
url https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539
13
reference_url https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html
14
reference_url https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-0727
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-0727
16
reference_url https://security.netapp.com/advisory/ntap-20240208-0006
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240208-0006
17
reference_url https://www.openssl.org/news/secadv/20240125.txt
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:15:21Z/
url https://www.openssl.org/news/secadv/20240125.txt
18
reference_url http://www.openwall.com/lists/oss-security/2024/03/11/1
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2024/03/11/1
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061582
reference_id 1061582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061582
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2259944
reference_id 2259944
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2259944
21
reference_url https://github.com/advisories/GHSA-9v9h-cgj8-h64p
reference_id GHSA-9v9h-cgj8-h64p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9v9h-cgj8-h64p
22
reference_url https://access.redhat.com/errata/RHSA-2024:2447
reference_id RHSA-2024:2447
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2447
23
reference_url https://access.redhat.com/errata/RHSA-2024:9088
reference_id RHSA-2024:9088
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9088
24
reference_url https://usn.ubuntu.com/6622-1/
reference_id USN-6622-1
reference_type
scores
url https://usn.ubuntu.com/6622-1/
25
reference_url https://usn.ubuntu.com/6632-1/
reference_id USN-6632-1
reference_type
scores
url https://usn.ubuntu.com/6632-1/
26
reference_url https://usn.ubuntu.com/6709-1/
reference_id USN-6709-1
reference_type
scores
url https://usn.ubuntu.com/6709-1/
27
reference_url https://usn.ubuntu.com/7018-1/
reference_id USN-7018-1
reference_type
scores
url https://usn.ubuntu.com/7018-1/
28
reference_url https://usn.ubuntu.com/7894-1/
reference_id USN-7894-1
reference_type
scores
url https://usn.ubuntu.com/7894-1/
fixed_packages
0
url pkg:pypi/cryptography@42.0.2
purl pkg:pypi/cryptography@42.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f44c-ygbw-bufn
1
vulnerability VCID-g772-pn9e-7ufv
2
vulnerability VCID-gqj1-zam7-c3bv
3
vulnerability VCID-p5vx-kq3j-b3ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@42.0.2
aliases CVE-2024-0727, GHSA-9v9h-cgj8-h64p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hpev-apm4-sqfw
2
url VCID-vmx8-tjg2-uuec
vulnerability_id VCID-vmx8-tjg2-uuec
summary python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25659.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25659.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-25659
reference_id
reference_type
scores
0
value 0.00252
scoring_system epss
scoring_elements 0.48636
published_at 2026-04-16T12:55:00Z
1
value 0.00252
scoring_system epss
scoring_elements 0.48585
published_at 2026-04-13T12:55:00Z
2
value 0.00252
scoring_system epss
scoring_elements 0.48573
published_at 2026-04-12T12:55:00Z
3
value 0.00252
scoring_system epss
scoring_elements 0.486
published_at 2026-04-11T12:55:00Z
4
value 0.00252
scoring_system epss
scoring_elements 0.48578
published_at 2026-04-09T12:55:00Z
5
value 0.00252
scoring_system epss
scoring_elements 0.48582
published_at 2026-04-08T12:55:00Z
6
value 0.00252
scoring_system epss
scoring_elements 0.48528
published_at 2026-04-07T12:55:00Z
7
value 0.00252
scoring_system epss
scoring_elements 0.48517
published_at 2026-04-01T12:55:00Z
8
value 0.00252
scoring_system epss
scoring_elements 0.48577
published_at 2026-04-04T12:55:00Z
9
value 0.00252
scoring_system epss
scoring_elements 0.48553
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-25659
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25659
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25659
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-hggm-jpg3-v476
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hggm-jpg3-v476
5
reference_url https://github.com/pyca/cryptography
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography
6
reference_url https://github.com/pyca/cryptography/commit/58494b41d6ecb0f56b7c5f05d5f5e3ca0320d494
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography/commit/58494b41d6ecb0f56b7c5f05d5f5e3ca0320d494
7
reference_url https://github.com/pyca/cryptography/pull/5507
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography/pull/5507
8
reference_url https://github.com/pyca/cryptography/pull/5507/commits/ce1bef6f1ee06ac497ca0c837fbd1c7ef6c2472b
reference_id
reference_type
scores
url https://github.com/pyca/cryptography/pull/5507/commits/ce1bef6f1ee06ac497ca0c837fbd1c7ef6c2472b
9
reference_url https://github.com/pyca/cryptography/security/advisories/GHSA-hggm-jpg3-v476
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography/security/advisories/GHSA-hggm-jpg3-v476
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2021-62.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2021-62.yaml
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-25659
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-25659
12
reference_url https://pypi.org/project/cryptography
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pypi.org/project/cryptography
13
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
14
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1889988
reference_id 1889988
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1889988
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973247
reference_id 973247
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973247
17
reference_url https://access.redhat.com/errata/RHSA-2021:1608
reference_id RHSA-2021:1608
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1608
18
reference_url https://access.redhat.com/errata/RHSA-2021:2239
reference_id RHSA-2021:2239
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2239
19
reference_url https://usn.ubuntu.com/4613-1/
reference_id USN-4613-1
reference_type
scores
url https://usn.ubuntu.com/4613-1/
fixed_packages
0
url pkg:pypi/cryptography@3.2
purl pkg:pypi/cryptography@3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48jq-1u5d-tkan
1
vulnerability VCID-4j5v-k162-tfgd
2
vulnerability VCID-bjpd-6kh8-1bbs
3
vulnerability VCID-f44c-ygbw-bufn
4
vulnerability VCID-hpev-apm4-sqfw
5
vulnerability VCID-npaa-km8e-f3gs
6
vulnerability VCID-r78e-t88x-a3ed
7
vulnerability VCID-u4f5-k68d-wfd1
8
vulnerability VCID-vmx8-tjg2-uuec
9
vulnerability VCID-x2wm-3tk7-wbbv
10
vulnerability VCID-x7vf-dyab-qbhq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@3.2
1
url pkg:pypi/cryptography@3.2.1
purl pkg:pypi/cryptography@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-48jq-1u5d-tkan
1
vulnerability VCID-4j5v-k162-tfgd
2
vulnerability VCID-bjpd-6kh8-1bbs
3
vulnerability VCID-f44c-ygbw-bufn
4
vulnerability VCID-hpev-apm4-sqfw
5
vulnerability VCID-npaa-km8e-f3gs
6
vulnerability VCID-r78e-t88x-a3ed
7
vulnerability VCID-u4f5-k68d-wfd1
8
vulnerability VCID-x2wm-3tk7-wbbv
9
vulnerability VCID-x7vf-dyab-qbhq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@3.2.1
aliases CVE-2020-25659, GHSA-hggm-jpg3-v476, PYSEC-2021-62
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vmx8-tjg2-uuec
3
url VCID-x7vf-dyab-qbhq
vulnerability_id VCID-x7vf-dyab-qbhq
summary 
Python Cryptography package vulnerable to Bleichenbacher timing oracle attack
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50782.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50782.json
1
reference_url https://access.redhat.com/security/cve/CVE-2023-50782
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-15T16:14:33Z/
url https://access.redhat.com/security/cve/CVE-2023-50782
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-50782
reference_id
reference_type
scores
0
value 0.00855
scoring_system epss
scoring_elements 0.74942
published_at 2026-04-08T12:55:00Z
1
value 0.00855
scoring_system epss
scoring_elements 0.74983
published_at 2026-04-16T12:55:00Z
2
value 0.00855
scoring_system epss
scoring_elements 0.74946
published_at 2026-04-13T12:55:00Z
3
value 0.00855
scoring_system epss
scoring_elements 0.74956
published_at 2026-04-12T12:55:00Z
4
value 0.00855
scoring_system epss
scoring_elements 0.74977
published_at 2026-04-11T12:55:00Z
5
value 0.00855
scoring_system epss
scoring_elements 0.74954
published_at 2026-04-09T12:55:00Z
6
value 0.00855
scoring_system epss
scoring_elements 0.74907
published_at 2026-04-02T12:55:00Z
7
value 0.00855
scoring_system epss
scoring_elements 0.74935
published_at 2026-04-04T12:55:00Z
8
value 0.00855
scoring_system epss
scoring_elements 0.74909
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-50782
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2254432
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-15T16:14:33Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2254432
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50782
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50782
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/pyca/cryptography
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography
7
reference_url https://github.com/pyca/cryptography/issues/9785
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography/issues/9785
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-50782
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-50782
9
reference_url https://www.couchbase.com/alerts
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.couchbase.com/alerts
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059308
reference_id 1059308
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059308
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2
reference_id cpe:/a:redhat:ansible_automation_platform:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhui:4::el8
reference_id cpe:/a:redhat:rhui:4::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhui:4::el8
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6
reference_id cpe:/a:redhat:satellite:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
17
reference_url https://github.com/advisories/GHSA-3ww4-gg4f-jr7f
reference_id GHSA-3ww4-gg4f-jr7f
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3ww4-gg4f-jr7f
18
reference_url https://usn.ubuntu.com/6673-1/
reference_id USN-6673-1
reference_type
scores
url https://usn.ubuntu.com/6673-1/
19
reference_url https://usn.ubuntu.com/6673-2/
reference_id USN-6673-2
reference_type
scores
url https://usn.ubuntu.com/6673-2/
fixed_packages
0
url pkg:pypi/cryptography@42.0.0
purl pkg:pypi/cryptography@42.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f44c-ygbw-bufn
1
vulnerability VCID-g772-pn9e-7ufv
2
vulnerability VCID-gqj1-zam7-c3bv
3
vulnerability VCID-hpev-apm4-sqfw
4
vulnerability VCID-p5vx-kq3j-b3ds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@42.0.0
aliases CVE-2023-50782, GHSA-3ww4-gg4f-jr7f
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x7vf-dyab-qbhq
4
url VCID-zvkn-n581-xqf3
vulnerability_id VCID-zvkn-n581-xqf3
summary HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9243.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9243.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-9243
reference_id
reference_type
scores
0
value 0.0165
scoring_system epss
scoring_elements 0.82044
published_at 2026-04-16T12:55:00Z
1
value 0.0165
scoring_system epss
scoring_elements 0.82008
published_at 2026-04-13T12:55:00Z
2
value 0.0165
scoring_system epss
scoring_elements 0.82014
published_at 2026-04-12T12:55:00Z
3
value 0.0165
scoring_system epss
scoring_elements 0.82025
published_at 2026-04-11T12:55:00Z
4
value 0.0165
scoring_system epss
scoring_elements 0.82006
published_at 2026-04-09T12:55:00Z
5
value 0.0165
scoring_system epss
scoring_elements 0.81998
published_at 2026-04-08T12:55:00Z
6
value 0.0165
scoring_system epss
scoring_elements 0.81971
published_at 2026-04-07T12:55:00Z
7
value 0.0165
scoring_system epss
scoring_elements 0.81975
published_at 2026-04-04T12:55:00Z
8
value 0.0165
scoring_system epss
scoring_elements 0.8194
published_at 2026-04-01T12:55:00Z
9
value 0.0165
scoring_system epss
scoring_elements 0.81951
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-9243
2
reference_url https://cryptography.io/en/latest/changelog
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://cryptography.io/en/latest/changelog
3
reference_url https://cryptography.io/en/latest/changelog/#v1-5-3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://cryptography.io/en/latest/changelog/#v1-5-3
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9243
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9243
5
reference_url https://github.com/advisories/GHSA-q3cj-2r34-2cwc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-q3cj-2r34-2cwc
6
reference_url https://github.com/pyca/cryptography
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography
7
reference_url https://github.com/pyca/cryptography/commit/b924696b2e8731f39696584d12cceeb3aeb2d874
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography/commit/b924696b2e8731f39696584d12cceeb3aeb2d874
8
reference_url https://github.com/pyca/cryptography/issues/3211
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography/issues/3211
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2017-8.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2017-8.yaml
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R2ZOBMPWDFFHUZ6QOZZY36A6H5CGJXL
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R2ZOBMPWDFFHUZ6QOZZY36A6H5CGJXL
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R2ZOBMPWDFFHUZ6QOZZY36A6H5CGJXL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R2ZOBMPWDFFHUZ6QOZZY36A6H5CGJXL/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U23KDR2M2N7W2ZSREG63BVW7D4VC6CIZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U23KDR2M2N7W2ZSREG63BVW7D4VC6CIZ
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U23KDR2M2N7W2ZSREG63BVW7D4VC6CIZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U23KDR2M2N7W2ZSREG63BVW7D4VC6CIZ/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQ5G7KHKZC4SI23JE7277KZXM57GEQKT
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQ5G7KHKZC4SI23JE7277KZXM57GEQKT
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQ5G7KHKZC4SI23JE7277KZXM57GEQKT/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQ5G7KHKZC4SI23JE7277KZXM57GEQKT/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R2ZOBMPWDFFHUZ6QOZZY36A6H5CGJXL
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R2ZOBMPWDFFHUZ6QOZZY36A6H5CGJXL
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R2ZOBMPWDFFHUZ6QOZZY36A6H5CGJXL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R2ZOBMPWDFFHUZ6QOZZY36A6H5CGJXL/
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U23KDR2M2N7W2ZSREG63BVW7D4VC6CIZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U23KDR2M2N7W2ZSREG63BVW7D4VC6CIZ
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U23KDR2M2N7W2ZSREG63BVW7D4VC6CIZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U23KDR2M2N7W2ZSREG63BVW7D4VC6CIZ/
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQ5G7KHKZC4SI23JE7277KZXM57GEQKT
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQ5G7KHKZC4SI23JE7277KZXM57GEQKT
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQ5G7KHKZC4SI23JE7277KZXM57GEQKT/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQ5G7KHKZC4SI23JE7277KZXM57GEQKT/
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-9243
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-9243
23
reference_url http://www.openwall.com/lists/oss-security/2016/11/09/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/11/09/2
24
reference_url http://www.securityfocus.com/bid/94216
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/94216
25
reference_url http://www.ubuntu.com/usn/USN-3138-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-3138-1
26
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1393431
reference_id 1393431
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1393431
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cryptography.io:cryptography:*:*:*:*:*:python:*:*
reference_id cpe:2.3:a:cryptography.io:cryptography:*:*:*:*:*:python:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cryptography.io:cryptography:*:*:*:*:*:python:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*
33
reference_url https://usn.ubuntu.com/3138-1/
reference_id USN-3138-1
reference_type
scores
url https://usn.ubuntu.com/3138-1/
fixed_packages
0
url pkg:pypi/cryptography@1.5.3
purl pkg:pypi/cryptography@1.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4j5v-k162-tfgd
1
vulnerability VCID-f44c-ygbw-bufn
2
vulnerability VCID-hpev-apm4-sqfw
3
vulnerability VCID-npaa-km8e-f3gs
4
vulnerability VCID-vmx8-tjg2-uuec
5
vulnerability VCID-x2wm-3tk7-wbbv
6
vulnerability VCID-x7vf-dyab-qbhq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@1.5.3
aliases CVE-2016-9243, GHSA-q3cj-2r34-2cwc, PYSEC-2017-8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zvkn-n581-xqf3
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@0.2.1