Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/ecdsa@0.10
purl pkg:pypi/ecdsa@0.10
Next non-vulnerable version 0.19.2
Latest non-vulnerable version 0.19.2
Risk 4.5
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-9pe3-67b4-yqae
Aliases:
CVE-2019-14859
GHSA-8qxj-f9rh-9fg2
PYSEC-2020-163
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions.
0.13.3
Affected by 1 other vulnerability.
VCID-acg5-4qjn-sudc
Aliases:
PYSEC-2020-182
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions.
0.13.3
Affected by 1 other vulnerability.
VCID-ebg3-6ssf-dkcy
Aliases:
CVE-2024-23342
GHSA-wj6h-64fc-37mp
Minerva timing attack on P-256 in python-ecdsa python-ecdsa has been found to be subject to a Minerva timing attack on the P-256 curve. Using the `ecdsa.SigningKey.sign_digest()` API function and timing signatures an attacker can leak the internal nonce which may allow for private key discovery. Both ECDSA signatures, key generation, and ECDH operations are affected. ECDSA signature verification is unaffected. The python-ecdsa project considers side channel attacks out of scope for the project and there is no planned fix. There are no reported fixed by versions.
VCID-qrf7-gnjg-bfat
Aliases:
CVE-2019-14853
GHSA-2mrj-435v-c2cr
GHSA-pwfw-mgfj-7g3g
PYSEC-2019-177
An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service.
0.13.3
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T22:48:30.349829+00:00 GitLab Importer Affected by VCID-ebg3-6ssf-dkcy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ecdsa/CVE-2024-23342.yml 38.4.0
2026-04-16T21:02:15.493229+00:00 GitLab Importer Affected by VCID-9pe3-67b4-yqae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ecdsa/CVE-2019-14859.yml 38.4.0
2026-04-16T20:59:07.249669+00:00 GitLab Importer Affected by VCID-qrf7-gnjg-bfat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ecdsa/GHSA-2mrj-435v-c2cr.yml 38.4.0
2026-04-16T20:57:46.043643+00:00 GitLab Importer Affected by VCID-qrf7-gnjg-bfat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ecdsa/CVE-2019-14853.yml 38.4.0
2026-04-16T01:32:12.722182+00:00 GHSA Importer Affected by VCID-9pe3-67b4-yqae https://github.com/advisories/GHSA-8qxj-f9rh-9fg2 38.4.0
2026-04-16T01:30:57.338776+00:00 GHSA Importer Affected by VCID-qrf7-gnjg-bfat https://github.com/advisories/GHSA-2mrj-435v-c2cr 38.4.0
2026-04-16T01:30:13.031163+00:00 GHSA Importer Affected by VCID-qrf7-gnjg-bfat https://github.com/advisories/GHSA-pwfw-mgfj-7g3g 38.4.0
2026-04-12T00:08:19.530255+00:00 GitLab Importer Affected by VCID-ebg3-6ssf-dkcy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ecdsa/CVE-2024-23342.yml 38.3.0
2026-04-11T22:13:36.030934+00:00 GitLab Importer Affected by VCID-9pe3-67b4-yqae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ecdsa/CVE-2019-14859.yml 38.3.0
2026-04-11T22:10:19.123314+00:00 GitLab Importer Affected by VCID-qrf7-gnjg-bfat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ecdsa/GHSA-2mrj-435v-c2cr.yml 38.3.0
2026-04-11T22:08:51.483110+00:00 GitLab Importer Affected by VCID-qrf7-gnjg-bfat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ecdsa/CVE-2019-14853.yml 38.3.0
2026-04-11T13:01:33.572043+00:00 GHSA Importer Affected by VCID-9pe3-67b4-yqae https://github.com/advisories/GHSA-8qxj-f9rh-9fg2 38.3.0
2026-04-11T13:00:16.686326+00:00 GHSA Importer Affected by VCID-qrf7-gnjg-bfat https://github.com/advisories/GHSA-2mrj-435v-c2cr 38.3.0
2026-04-11T12:59:30.501556+00:00 GHSA Importer Affected by VCID-qrf7-gnjg-bfat https://github.com/advisories/GHSA-pwfw-mgfj-7g3g 38.3.0
2026-04-03T00:12:58.352371+00:00 GitLab Importer Affected by VCID-ebg3-6ssf-dkcy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ecdsa/CVE-2024-23342.yml 38.1.0
2026-04-02T22:25:56.661716+00:00 GitLab Importer Affected by VCID-9pe3-67b4-yqae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ecdsa/CVE-2019-14859.yml 38.1.0
2026-04-02T22:22:54.664299+00:00 GitLab Importer Affected by VCID-qrf7-gnjg-bfat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ecdsa/GHSA-2mrj-435v-c2cr.yml 38.1.0
2026-04-02T22:21:30.780959+00:00 GitLab Importer Affected by VCID-qrf7-gnjg-bfat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ecdsa/CVE-2019-14853.yml 38.1.0
2026-04-02T13:53:34.682468+00:00 GHSA Importer Affected by VCID-9pe3-67b4-yqae https://github.com/advisories/GHSA-8qxj-f9rh-9fg2 38.1.0
2026-04-02T13:52:24.417211+00:00 GHSA Importer Affected by VCID-qrf7-gnjg-bfat https://github.com/advisories/GHSA-2mrj-435v-c2cr 38.1.0
2026-04-02T13:51:42.967149+00:00 GHSA Importer Affected by VCID-qrf7-gnjg-bfat https://github.com/advisories/GHSA-pwfw-mgfj-7g3g 38.1.0
2026-04-01T16:43:53.049327+00:00 GitLab Importer Affected by VCID-9pe3-67b4-yqae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ecdsa/CVE-2019-14859.yml 38.0.0
2026-04-01T16:40:41.478309+00:00 GitLab Importer Affected by VCID-qrf7-gnjg-bfat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ecdsa/GHSA-2mrj-435v-c2cr.yml 38.0.0
2026-04-01T16:39:16.620245+00:00 GitLab Importer Affected by VCID-qrf7-gnjg-bfat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ecdsa/CVE-2019-14853.yml 38.0.0
2026-04-01T15:01:22.559037+00:00 PyPI Importer Affected by VCID-acg5-4qjn-sudc https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T15:01:21.975130+00:00 PyPI Importer Affected by VCID-9pe3-67b4-yqae https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T15:01:15.403723+00:00 PyPI Importer Affected by VCID-qrf7-gnjg-bfat https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T12:42:11.255683+00:00 Pypa Importer Affected by VCID-9pe3-67b4-yqae https://github.com/pypa/advisory-database/blob/main/vulns/ecdsa/PYSEC-2020-163.yaml 38.0.0
2026-04-01T12:42:08.936660+00:00 Pypa Importer Affected by VCID-qrf7-gnjg-bfat https://github.com/pypa/advisory-database/blob/main/vulns/ecdsa/PYSEC-2019-177.yaml 38.0.0