Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/ecdsa@0.13.3
purl pkg:pypi/ecdsa@0.13.3
Next non-vulnerable version 0.19.2
Latest non-vulnerable version 0.19.2
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-ebg3-6ssf-dkcy
Aliases:
CVE-2024-23342
GHSA-wj6h-64fc-37mp
Minerva timing attack on P-256 in python-ecdsa python-ecdsa has been found to be subject to a Minerva timing attack on the P-256 curve. Using the `ecdsa.SigningKey.sign_digest()` API function and timing signatures an attacker can leak the internal nonce which may allow for private key discovery. Both ECDSA signatures, key generation, and ECDH operations are affected. ECDSA signature verification is unaffected. The python-ecdsa project considers side channel attacks out of scope for the project and there is no planned fix. There are no reported fixed by versions.
Vulnerabilities fixed by this package (3)
Vulnerability Summary Aliases
VCID-9pe3-67b4-yqae A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions. CVE-2019-14859
GHSA-8qxj-f9rh-9fg2
PYSEC-2020-163
VCID-acg5-4qjn-sudc A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions. PYSEC-2020-182
VCID-qrf7-gnjg-bfat An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service. CVE-2019-14853
GHSA-2mrj-435v-c2cr
GHSA-pwfw-mgfj-7g3g
PYSEC-2019-177

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T22:48:30.370656+00:00 GitLab Importer Affected by VCID-ebg3-6ssf-dkcy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ecdsa/CVE-2024-23342.yml 38.4.0
2026-04-16T21:02:15.512139+00:00 GitLab Importer Fixing VCID-9pe3-67b4-yqae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ecdsa/CVE-2019-14859.yml 38.4.0
2026-04-16T20:59:07.269987+00:00 GitLab Importer Fixing VCID-qrf7-gnjg-bfat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ecdsa/GHSA-2mrj-435v-c2cr.yml 38.4.0
2026-04-16T20:57:46.063418+00:00 GitLab Importer Fixing VCID-qrf7-gnjg-bfat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ecdsa/CVE-2019-14853.yml 38.4.0
2026-04-16T01:32:12.746114+00:00 GHSA Importer Fixing VCID-9pe3-67b4-yqae https://github.com/advisories/GHSA-8qxj-f9rh-9fg2 38.4.0
2026-04-16T01:30:57.362549+00:00 GHSA Importer Fixing VCID-qrf7-gnjg-bfat https://github.com/advisories/GHSA-2mrj-435v-c2cr 38.4.0
2026-04-16T01:30:13.053650+00:00 GHSA Importer Fixing VCID-qrf7-gnjg-bfat https://github.com/advisories/GHSA-pwfw-mgfj-7g3g 38.4.0
2026-04-12T00:08:19.551163+00:00 GitLab Importer Affected by VCID-ebg3-6ssf-dkcy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ecdsa/CVE-2024-23342.yml 38.3.0
2026-04-11T22:13:36.058656+00:00 GitLab Importer Fixing VCID-9pe3-67b4-yqae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ecdsa/CVE-2019-14859.yml 38.3.0
2026-04-11T22:10:19.146043+00:00 GitLab Importer Fixing VCID-qrf7-gnjg-bfat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ecdsa/GHSA-2mrj-435v-c2cr.yml 38.3.0
2026-04-11T22:08:51.505789+00:00 GitLab Importer Fixing VCID-qrf7-gnjg-bfat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ecdsa/CVE-2019-14853.yml 38.3.0
2026-04-11T13:01:33.597387+00:00 GHSA Importer Fixing VCID-9pe3-67b4-yqae https://github.com/advisories/GHSA-8qxj-f9rh-9fg2 38.3.0
2026-04-11T13:00:16.708021+00:00 GHSA Importer Fixing VCID-qrf7-gnjg-bfat https://github.com/advisories/GHSA-2mrj-435v-c2cr 38.3.0
2026-04-11T12:59:30.526662+00:00 GHSA Importer Fixing VCID-qrf7-gnjg-bfat https://github.com/advisories/GHSA-pwfw-mgfj-7g3g 38.3.0
2026-04-03T00:12:58.375175+00:00 GitLab Importer Affected by VCID-ebg3-6ssf-dkcy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ecdsa/CVE-2024-23342.yml 38.1.0
2026-04-02T22:25:56.682345+00:00 GitLab Importer Fixing VCID-9pe3-67b4-yqae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ecdsa/CVE-2019-14859.yml 38.1.0
2026-04-02T22:22:54.684371+00:00 GitLab Importer Fixing VCID-qrf7-gnjg-bfat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ecdsa/GHSA-2mrj-435v-c2cr.yml 38.1.0
2026-04-02T22:21:30.800766+00:00 GitLab Importer Fixing VCID-qrf7-gnjg-bfat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ecdsa/CVE-2019-14853.yml 38.1.0
2026-04-02T13:53:34.701709+00:00 GHSA Importer Fixing VCID-9pe3-67b4-yqae https://github.com/advisories/GHSA-8qxj-f9rh-9fg2 38.1.0
2026-04-02T13:52:24.436680+00:00 GHSA Importer Fixing VCID-qrf7-gnjg-bfat https://github.com/advisories/GHSA-2mrj-435v-c2cr 38.1.0
2026-04-02T13:51:42.988025+00:00 GHSA Importer Fixing VCID-qrf7-gnjg-bfat https://github.com/advisories/GHSA-pwfw-mgfj-7g3g 38.1.0
2026-04-01T16:43:53.069289+00:00 GitLab Importer Fixing VCID-9pe3-67b4-yqae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ecdsa/CVE-2019-14859.yml 38.0.0
2026-04-01T16:40:41.498231+00:00 GitLab Importer Fixing VCID-qrf7-gnjg-bfat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ecdsa/GHSA-2mrj-435v-c2cr.yml 38.0.0
2026-04-01T16:39:16.640365+00:00 GitLab Importer Fixing VCID-qrf7-gnjg-bfat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ecdsa/CVE-2019-14853.yml 38.0.0
2026-04-01T15:58:02.640354+00:00 GHSA Importer Fixing VCID-9pe3-67b4-yqae https://github.com/advisories/GHSA-8qxj-f9rh-9fg2 38.0.0
2026-04-01T15:57:48.719550+00:00 GHSA Importer Fixing VCID-qrf7-gnjg-bfat https://github.com/advisories/GHSA-2mrj-435v-c2cr 38.0.0
2026-04-01T15:57:41.386569+00:00 GHSA Importer Fixing VCID-qrf7-gnjg-bfat https://github.com/advisories/GHSA-pwfw-mgfj-7g3g 38.0.0
2026-04-01T15:01:22.584424+00:00 PyPI Importer Fixing VCID-acg5-4qjn-sudc https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T15:01:21.995538+00:00 PyPI Importer Fixing VCID-9pe3-67b4-yqae https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T15:01:15.423592+00:00 PyPI Importer Fixing VCID-qrf7-gnjg-bfat https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T13:04:21.041093+00:00 GithubOSV Importer Fixing VCID-qrf7-gnjg-bfat https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/12/GHSA-2mrj-435v-c2cr/GHSA-2mrj-435v-c2cr.json 38.0.0
2026-04-01T13:04:05.472691+00:00 GithubOSV Importer Fixing VCID-qrf7-gnjg-bfat https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/10/GHSA-pwfw-mgfj-7g3g/GHSA-pwfw-mgfj-7g3g.json 38.0.0
2026-04-01T12:59:31.085372+00:00 GithubOSV Importer Fixing VCID-9pe3-67b4-yqae https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/04/GHSA-8qxj-f9rh-9fg2/GHSA-8qxj-f9rh-9fg2.json 38.0.0
2026-04-01T12:42:11.267515+00:00 Pypa Importer Fixing VCID-9pe3-67b4-yqae https://github.com/pypa/advisory-database/blob/main/vulns/ecdsa/PYSEC-2020-163.yaml 38.0.0
2026-04-01T12:42:08.949971+00:00 Pypa Importer Fixing VCID-qrf7-gnjg-bfat https://github.com/pypa/advisory-database/blob/main/vulns/ecdsa/PYSEC-2019-177.yaml 38.0.0