VulnerableCode Package Details - pkg:deb/debian/python-certifi@2025.1.31%2Bds-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2wd3-e3mb-ebgn	Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.05.30 and prior to 2024.07.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.07.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues."	CVE-2024-39689 GHSA-248v-346w-9cwc PYSEC-2024-230
VCID-ae1s-qa4g-eyes	Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.	CVE-2022-23491 GHSA-43fp-rhv2-5gv8 PYSEC-2022-42986
VCID-qx4m-q293-ckhj	Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store. e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems.	CVE-2023-37920 GHSA-xqr8-7jwr-rhp7 PYSEC-2023-135

Vulnerability

Summary

Aliases

VCID-2wd3-e3mb-ebgn

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.05.30 and prior to 2024.07.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.07.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues."

CVE-2024-39689
GHSA-248v-346w-9cwc
PYSEC-2024-230

VCID-ae1s-qa4g-eyes

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.

CVE-2022-23491
GHSA-43fp-rhv2-5gv8
PYSEC-2022-42986

VCID-qx4m-q293-ckhj

Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store. e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems.

CVE-2023-37920
GHSA-xqr8-7jwr-rhp7
PYSEC-2023-135

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-03T07:50:37.845184+00:00	Debian Importer	Fixing	VCID-2wd3-e3mb-ebgn	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:50:37.797130+00:00	Debian Importer	Fixing	VCID-qx4m-q293-ckhj	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:50:37.749888+00:00	Debian Importer	Fixing	VCID-ae1s-qa4g-eyes	https://security-tracker.debian.org/tracker/data/json	38.1.0