Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/cryptography@46.0.2
Typepypi
Namespace
Namecryptography
Version46.0.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version46.0.7
Latest_non_vulnerable_version46.0.7
Affected_by_vulnerabilities
0
url VCID-jksg-v3x3-z3d3
vulnerability_id VCID-jksg-v3x3-z3d3
summary cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography would allow a peer named bar.example.com to validate against a wildcard leaf certificate for *.example.com, even if the leaf's parent certificate (or upwards) contained an excluded subtree constraint for bar.example.com. This issue has been patched in version 46.0.6.
references
0
reference_url https://github.com/pyca/cryptography/security/advisories/GHSA-m959-cc7f-wv43
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://github.com/pyca/cryptography/security/advisories/GHSA-m959-cc7f-wv43
fixed_packages
0
url pkg:pypi/cryptography@46.0.6
purl pkg:pypi/cryptography@46.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-z9ad-ts2t-1bdj
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@46.0.6
aliases CVE-2026-34073, GHSA-m959-cc7f-wv43, PYSEC-2026-35
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jksg-v3x3-z3d3
1
url VCID-z9ad-ts2t-1bdj
vulnerability_id VCID-z9ad-ts2t-1bdj
summary cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7.
references
0
reference_url https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq
1
reference_url http://www.openwall.com/lists/oss-security/2026/04/08/12
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url http://www.openwall.com/lists/oss-security/2026/04/08/12
fixed_packages
0
url pkg:pypi/cryptography@46.0.7
purl pkg:pypi/cryptography@46.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@46.0.7
aliases CVE-2026-39892, GHSA-p423-j2cm-9vmq, PYSEC-2026-36
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z9ad-ts2t-1bdj
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@46.0.2