Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/cryptography@46.0.3
Typepypi
Namespace
Namecryptography
Version46.0.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version46.0.7
Latest_non_vulnerable_version46.0.7
Affected_by_vulnerabilities
0
url VCID-jksg-v3x3-z3d3
vulnerability_id VCID-jksg-v3x3-z3d3
summary cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography would allow a peer named bar.example.com to validate against a wildcard leaf certificate for *.example.com, even if the leaf's parent certificate (or upwards) contained an excluded subtree constraint for bar.example.com. This issue has been patched in version 46.0.6.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34073.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34073.json
1
reference_url https://github.com/pyca/cryptography
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography
2
reference_url https://github.com/pyca/cryptography/security/advisories/GHSA-m959-cc7f-wv43
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography/security/advisories/GHSA-m959-cc7f-wv43
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34073
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34073
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2453276
reference_id 2453276
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2453276
5
reference_url https://access.redhat.com/errata/RHSA-2026:7295
reference_id RHSA-2026:7295
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7295
fixed_packages
0
url pkg:pypi/cryptography@46.0.6
purl pkg:pypi/cryptography@46.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-z9ad-ts2t-1bdj
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@46.0.6
aliases CVE-2026-34073, GHSA-m959-cc7f-wv43, PYSEC-2026-35
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jksg-v3x3-z3d3
1
url VCID-z9ad-ts2t-1bdj
vulnerability_id VCID-z9ad-ts2t-1bdj
summary cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39892.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39892.json
1
reference_url https://github.com/pyca/cryptography
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography
2
reference_url https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-39892
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-39892
4
reference_url http://www.openwall.com/lists/oss-security/2026/04/08/12
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/04/08/12
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133076
reference_id 1133076
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133076
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2456735
reference_id 2456735
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2456735
7
reference_url https://access.redhat.com/errata/RHSA-2026:19375
reference_id RHSA-2026:19375
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19375
8
reference_url https://access.redhat.com/errata/RHSA-2026:20338
reference_id RHSA-2026:20338
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:20338
9
reference_url https://access.redhat.com/errata/RHSA-2026:21017
reference_id RHSA-2026:21017
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21017
10
reference_url https://access.redhat.com/errata/RHSA-2026:22465
reference_id RHSA-2026:22465
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22465
11
reference_url https://access.redhat.com/errata/RHSA-2026:22629
reference_id RHSA-2026:22629
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22629
12
reference_url https://access.redhat.com/errata/RHSA-2026:22840
reference_id RHSA-2026:22840
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22840
13
reference_url https://access.redhat.com/errata/RHSA-2026:7295
reference_id RHSA-2026:7295
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7295
fixed_packages
0
url pkg:pypi/cryptography@46.0.7
purl pkg:pypi/cryptography@46.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@46.0.7
aliases CVE-2026-39892, GHSA-p423-j2cm-9vmq, PYSEC-2026-36
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z9ad-ts2t-1bdj
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@46.0.3