Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/13658?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13658?format=api", "vulnerability_id": "VCID-p5vx-kq3j-b3ds", "summary": "pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels\npyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 37.0.0-43.0.0 are vulnerable to a security issue. More details about the vulnerability itself can be found in https://openssl-library.org/news/secadv/20240903.txt.\n\nIf you are building cryptography source (\"sdist\") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.", "aliases": [ { "alias": "GHSA-h4gh-qq45-vh27" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48577?format=api", "purl": "pkg:pypi/cryptography@43.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-gqj1-zam7-c3bv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@43.0.1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31994?format=api", "purl": "pkg:pypi/cryptography@37.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48jq-1u5d-tkan" }, { "vulnerability": "VCID-4j5v-k162-tfgd" }, { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-fy6y-f41e-8qex" }, { "vulnerability": "VCID-hpev-apm4-sqfw" }, { "vulnerability": "VCID-npaa-km8e-f3gs" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" }, { "vulnerability": "VCID-r78e-t88x-a3ed" }, { "vulnerability": "VCID-u4f5-k68d-wfd1" }, { "vulnerability": "VCID-x2wm-3tk7-wbbv" }, { "vulnerability": "VCID-x7vf-dyab-qbhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@37.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/31996?format=api", "purl": "pkg:pypi/cryptography@37.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48jq-1u5d-tkan" }, { "vulnerability": "VCID-4j5v-k162-tfgd" }, { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-fy6y-f41e-8qex" }, { "vulnerability": "VCID-hpev-apm4-sqfw" }, { "vulnerability": "VCID-npaa-km8e-f3gs" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" }, { "vulnerability": "VCID-r78e-t88x-a3ed" }, { "vulnerability": "VCID-u4f5-k68d-wfd1" }, { "vulnerability": "VCID-x2wm-3tk7-wbbv" }, { "vulnerability": "VCID-x7vf-dyab-qbhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@37.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/31997?format=api", "purl": "pkg:pypi/cryptography@37.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48jq-1u5d-tkan" }, { "vulnerability": "VCID-4j5v-k162-tfgd" }, { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-fy6y-f41e-8qex" }, { "vulnerability": "VCID-hpev-apm4-sqfw" }, { "vulnerability": "VCID-npaa-km8e-f3gs" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" }, { "vulnerability": "VCID-r78e-t88x-a3ed" }, { "vulnerability": "VCID-u4f5-k68d-wfd1" }, { "vulnerability": "VCID-x2wm-3tk7-wbbv" }, { "vulnerability": "VCID-x7vf-dyab-qbhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@37.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/31998?format=api", "purl": "pkg:pypi/cryptography@37.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48jq-1u5d-tkan" }, { "vulnerability": "VCID-4j5v-k162-tfgd" }, { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-fy6y-f41e-8qex" }, { "vulnerability": "VCID-hpev-apm4-sqfw" }, { "vulnerability": "VCID-npaa-km8e-f3gs" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" }, { "vulnerability": "VCID-r78e-t88x-a3ed" }, { "vulnerability": "VCID-u4f5-k68d-wfd1" }, { "vulnerability": "VCID-x2wm-3tk7-wbbv" }, { "vulnerability": "VCID-x7vf-dyab-qbhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@37.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/31999?format=api", "purl": "pkg:pypi/cryptography@37.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48jq-1u5d-tkan" }, { "vulnerability": "VCID-4j5v-k162-tfgd" }, { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-fy6y-f41e-8qex" }, { "vulnerability": "VCID-hpev-apm4-sqfw" }, { "vulnerability": "VCID-npaa-km8e-f3gs" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" }, { "vulnerability": "VCID-r78e-t88x-a3ed" }, { "vulnerability": "VCID-u4f5-k68d-wfd1" }, { "vulnerability": "VCID-x2wm-3tk7-wbbv" }, { "vulnerability": "VCID-x7vf-dyab-qbhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@37.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/32000?format=api", "purl": "pkg:pypi/cryptography@38.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48jq-1u5d-tkan" }, { "vulnerability": "VCID-4j5v-k162-tfgd" }, { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-fy6y-f41e-8qex" }, { "vulnerability": "VCID-g772-pn9e-7ufv" }, { "vulnerability": "VCID-hpev-apm4-sqfw" }, { "vulnerability": "VCID-npaa-km8e-f3gs" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" }, { "vulnerability": "VCID-r78e-t88x-a3ed" }, { "vulnerability": "VCID-u4f5-k68d-wfd1" }, { "vulnerability": "VCID-x2wm-3tk7-wbbv" }, { "vulnerability": "VCID-x7vf-dyab-qbhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@38.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/32001?format=api", "purl": "pkg:pypi/cryptography@38.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48jq-1u5d-tkan" }, { "vulnerability": "VCID-4j5v-k162-tfgd" }, { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-fy6y-f41e-8qex" }, { "vulnerability": "VCID-g772-pn9e-7ufv" }, { "vulnerability": "VCID-hpev-apm4-sqfw" }, { "vulnerability": "VCID-npaa-km8e-f3gs" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" }, { "vulnerability": "VCID-r78e-t88x-a3ed" }, { "vulnerability": "VCID-u4f5-k68d-wfd1" }, { "vulnerability": "VCID-x2wm-3tk7-wbbv" }, { "vulnerability": "VCID-x7vf-dyab-qbhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@38.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/32002?format=api", "purl": "pkg:pypi/cryptography@38.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48jq-1u5d-tkan" }, { "vulnerability": "VCID-4j5v-k162-tfgd" }, { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-fy6y-f41e-8qex" }, { "vulnerability": "VCID-g772-pn9e-7ufv" }, { "vulnerability": "VCID-hpev-apm4-sqfw" }, { "vulnerability": "VCID-npaa-km8e-f3gs" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" }, { "vulnerability": "VCID-r78e-t88x-a3ed" }, { "vulnerability": "VCID-u4f5-k68d-wfd1" }, { "vulnerability": "VCID-x2wm-3tk7-wbbv" }, { "vulnerability": "VCID-x7vf-dyab-qbhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@38.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/32003?format=api", "purl": "pkg:pypi/cryptography@38.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48jq-1u5d-tkan" }, { "vulnerability": "VCID-4j5v-k162-tfgd" }, { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-g772-pn9e-7ufv" }, { "vulnerability": "VCID-hpev-apm4-sqfw" }, { "vulnerability": "VCID-npaa-km8e-f3gs" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" }, { "vulnerability": "VCID-r78e-t88x-a3ed" }, { "vulnerability": "VCID-u4f5-k68d-wfd1" }, { "vulnerability": "VCID-x2wm-3tk7-wbbv" }, { "vulnerability": "VCID-x7vf-dyab-qbhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@38.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/32005?format=api", "purl": "pkg:pypi/cryptography@38.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48jq-1u5d-tkan" }, { "vulnerability": "VCID-4j5v-k162-tfgd" }, { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-g772-pn9e-7ufv" }, { "vulnerability": "VCID-hpev-apm4-sqfw" }, { "vulnerability": "VCID-npaa-km8e-f3gs" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" }, { "vulnerability": "VCID-r78e-t88x-a3ed" }, { "vulnerability": "VCID-u4f5-k68d-wfd1" }, { "vulnerability": "VCID-x2wm-3tk7-wbbv" }, { "vulnerability": "VCID-x7vf-dyab-qbhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@38.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/32006?format=api", "purl": "pkg:pypi/cryptography@39.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48jq-1u5d-tkan" }, { "vulnerability": "VCID-4j5v-k162-tfgd" }, { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-g772-pn9e-7ufv" }, { "vulnerability": "VCID-hpev-apm4-sqfw" }, { "vulnerability": "VCID-npaa-km8e-f3gs" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" }, { "vulnerability": "VCID-r78e-t88x-a3ed" }, { "vulnerability": "VCID-u4f5-k68d-wfd1" }, { "vulnerability": "VCID-x2wm-3tk7-wbbv" }, { "vulnerability": "VCID-x7vf-dyab-qbhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@39.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/32007?format=api", "purl": "pkg:pypi/cryptography@39.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48jq-1u5d-tkan" }, { "vulnerability": "VCID-4j5v-k162-tfgd" }, { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-g772-pn9e-7ufv" }, { "vulnerability": "VCID-hpev-apm4-sqfw" }, { "vulnerability": "VCID-npaa-km8e-f3gs" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" }, { "vulnerability": "VCID-r78e-t88x-a3ed" }, { "vulnerability": "VCID-x7vf-dyab-qbhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@39.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/41527?format=api", "purl": "pkg:pypi/cryptography@39.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48jq-1u5d-tkan" }, { "vulnerability": "VCID-4j5v-k162-tfgd" }, { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-g772-pn9e-7ufv" }, { "vulnerability": "VCID-hpev-apm4-sqfw" }, { "vulnerability": "VCID-npaa-km8e-f3gs" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" }, { "vulnerability": "VCID-r78e-t88x-a3ed" }, { "vulnerability": "VCID-x7vf-dyab-qbhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@39.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/36498?format=api", "purl": "pkg:pypi/cryptography@40.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48jq-1u5d-tkan" }, { "vulnerability": "VCID-4j5v-k162-tfgd" }, { "vulnerability": "VCID-av98-fhpr-tkhh" }, { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-g772-pn9e-7ufv" }, { "vulnerability": "VCID-hpev-apm4-sqfw" }, { "vulnerability": "VCID-npaa-km8e-f3gs" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" }, { "vulnerability": "VCID-r78e-t88x-a3ed" }, { "vulnerability": "VCID-x7vf-dyab-qbhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@40.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/36499?format=api", "purl": "pkg:pypi/cryptography@40.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48jq-1u5d-tkan" }, { "vulnerability": "VCID-4j5v-k162-tfgd" }, { "vulnerability": "VCID-av98-fhpr-tkhh" }, { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-g772-pn9e-7ufv" }, { "vulnerability": "VCID-hpev-apm4-sqfw" }, { "vulnerability": "VCID-npaa-km8e-f3gs" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" }, { "vulnerability": "VCID-r78e-t88x-a3ed" }, { "vulnerability": "VCID-x7vf-dyab-qbhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@40.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/36500?format=api", "purl": "pkg:pypi/cryptography@40.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48jq-1u5d-tkan" }, { "vulnerability": "VCID-4j5v-k162-tfgd" }, { "vulnerability": "VCID-av98-fhpr-tkhh" }, { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-g772-pn9e-7ufv" }, { "vulnerability": "VCID-hpev-apm4-sqfw" }, { "vulnerability": "VCID-npaa-km8e-f3gs" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" }, { "vulnerability": "VCID-r78e-t88x-a3ed" }, { "vulnerability": "VCID-x7vf-dyab-qbhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@40.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/36501?format=api", "purl": "pkg:pypi/cryptography@41.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48jq-1u5d-tkan" }, { "vulnerability": "VCID-av98-fhpr-tkhh" }, { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-g772-pn9e-7ufv" }, { "vulnerability": "VCID-hpev-apm4-sqfw" }, { "vulnerability": "VCID-npaa-km8e-f3gs" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" }, { "vulnerability": "VCID-r78e-t88x-a3ed" }, { "vulnerability": "VCID-x7vf-dyab-qbhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@41.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/36502?format=api", "purl": "pkg:pypi/cryptography@41.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48jq-1u5d-tkan" }, { "vulnerability": "VCID-av98-fhpr-tkhh" }, { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-g772-pn9e-7ufv" }, { "vulnerability": "VCID-hpev-apm4-sqfw" }, { "vulnerability": "VCID-npaa-km8e-f3gs" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" }, { "vulnerability": "VCID-r78e-t88x-a3ed" }, { "vulnerability": "VCID-x7vf-dyab-qbhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@41.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/36503?format=api", "purl": "pkg:pypi/cryptography@41.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48jq-1u5d-tkan" }, { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-g772-pn9e-7ufv" }, { "vulnerability": "VCID-hpev-apm4-sqfw" }, { "vulnerability": "VCID-npaa-km8e-f3gs" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" }, { "vulnerability": "VCID-r78e-t88x-a3ed" }, { "vulnerability": "VCID-x7vf-dyab-qbhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@41.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/41528?format=api", "purl": "pkg:pypi/cryptography@41.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48jq-1u5d-tkan" }, { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-g772-pn9e-7ufv" }, { "vulnerability": "VCID-hpev-apm4-sqfw" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" }, { "vulnerability": "VCID-r78e-t88x-a3ed" }, { "vulnerability": "VCID-x7vf-dyab-qbhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@41.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/41529?format=api", "purl": "pkg:pypi/cryptography@41.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48jq-1u5d-tkan" }, { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-g772-pn9e-7ufv" }, { "vulnerability": "VCID-hpev-apm4-sqfw" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" }, { "vulnerability": "VCID-x7vf-dyab-qbhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@41.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/41530?format=api", "purl": "pkg:pypi/cryptography@41.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48jq-1u5d-tkan" }, { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-g772-pn9e-7ufv" }, { "vulnerability": "VCID-hpev-apm4-sqfw" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" }, { "vulnerability": "VCID-x7vf-dyab-qbhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@41.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/41531?format=api", "purl": "pkg:pypi/cryptography@41.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-g772-pn9e-7ufv" }, { "vulnerability": "VCID-hpev-apm4-sqfw" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" }, { "vulnerability": "VCID-x7vf-dyab-qbhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@41.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/44724?format=api", "purl": "pkg:pypi/cryptography@41.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-g772-pn9e-7ufv" }, { "vulnerability": "VCID-hpev-apm4-sqfw" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" }, { "vulnerability": "VCID-x7vf-dyab-qbhq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@41.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/44725?format=api", "purl": "pkg:pypi/cryptography@42.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-g772-pn9e-7ufv" }, { "vulnerability": "VCID-gqj1-zam7-c3bv" }, { "vulnerability": "VCID-hpev-apm4-sqfw" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@42.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/44726?format=api", "purl": "pkg:pypi/cryptography@42.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-g772-pn9e-7ufv" }, { "vulnerability": "VCID-gqj1-zam7-c3bv" }, { "vulnerability": "VCID-hpev-apm4-sqfw" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@42.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/44727?format=api", "purl": "pkg:pypi/cryptography@42.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-g772-pn9e-7ufv" }, { "vulnerability": "VCID-gqj1-zam7-c3bv" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@42.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/44728?format=api", "purl": "pkg:pypi/cryptography@42.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-g772-pn9e-7ufv" }, { "vulnerability": "VCID-gqj1-zam7-c3bv" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@42.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/44729?format=api", "purl": "pkg:pypi/cryptography@42.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-gqj1-zam7-c3bv" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@42.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/706067?format=api", "purl": "pkg:pypi/cryptography@42.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-gqj1-zam7-c3bv" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@42.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/706068?format=api", "purl": "pkg:pypi/cryptography@42.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-gqj1-zam7-c3bv" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@42.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/706069?format=api", "purl": "pkg:pypi/cryptography@42.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-gqj1-zam7-c3bv" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@42.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/706070?format=api", "purl": "pkg:pypi/cryptography@42.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-gqj1-zam7-c3bv" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@42.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/706071?format=api", "purl": "pkg:pypi/cryptography@43.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f44c-ygbw-bufn" }, { "vulnerability": "VCID-gqj1-zam7-c3bv" }, { "vulnerability": "VCID-p5vx-kq3j-b3ds" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@43.0.0" } ], "references": [ { "reference_url": "https://github.com/pyca/cryptography", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pyca/cryptography" }, { "reference_url": "https://github.com/pyca/cryptography/security/advisories/GHSA-h4gh-qq45-vh27", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pyca/cryptography/security/advisories/GHSA-h4gh-qq45-vh27" }, { "reference_url": "https://openssl-library.org/news/secadv/20240903.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://openssl-library.org/news/secadv/20240903.txt" }, { "reference_url": "https://github.com/advisories/GHSA-h4gh-qq45-vh27", "reference_id": "GHSA-h4gh-qq45-vh27", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h4gh-qq45-vh27" } ], "weaknesses": [ { "cwe_id": 1395, "name": "Dependency on Vulnerable Third-Party Component", "description": "The product has a dependency on a third-party component that contains one or more known vulnerabilities." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p5vx-kq3j-b3ds" }