Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/cryptography@41.0.2

Type pypi

Namespace

Name cryptography

Version 41.0.2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 46.0.7

Latest_non_vulnerable_version 46.0.7

Affected_by_vulnerabilities

url VCID-2n3b-ghpm-s3fb

vulnerability_id VCID-2n3b-ghpm-s3fb

summary

cryptography Vulnerable to a Subgroup Attack Due to Missing Subgroup Validation for SECT Curves
The `public_key_from_numbers` (or `EllipticCurvePublicNumbers.public_key()`), `EllipticCurvePublicNumbers.public_key()`, `load_der_public_key()` and `load_pem_public_key()` functions do not verify that the point belongs to the expected prime-order subgroup of the curve.

This missing validation allows an attacker to provide a public key point `P` from a small-order subgroup.  This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as `S = [victim_private_key]P` via ECDH,  this leaks information about `victim_private_key mod (small_subgroup_order)`. For curves with cofactor > 1, this reveals the least significant bits of the private key.  When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup.

Only SECT curves are impacted by this.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26007.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26007.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-26007

reference_id

reference_type

scores

value	9e-05
scoring_system	epss
scoring_elements	0.00963
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-26007

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26007
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26007

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pyca/cryptography

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography

reference_url

https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:28:38Z/

url

https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c

reference_url

https://github.com/pyca/cryptography/releases/tag/46.0.5

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/releases/tag/46.0.5

reference_url

http://www.openwall.com/lists/oss-security/2026/02/10/4

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2026/02/10/4

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127926
reference_id	1127926
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127926

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2438762
reference_id	2438762
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2438762

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-26007

reference_id

CVE-2026-26007

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-26007

reference_url

https://github.com/advisories/GHSA-r6ph-v2qm-q3c2

reference_id

GHSA-r6ph-v2qm-q3c2

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r6ph-v2qm-q3c2

reference_url

https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2

reference_id

GHSA-r6ph-v2qm-q3c2

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:28:38Z/

url

https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2

reference_url	https://access.redhat.com/errata/RHSA-2026:10184
reference_id	RHSA-2026:10184
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:10184

reference_url	https://access.redhat.com/errata/RHSA-2026:12176
reference_id	RHSA-2026:12176
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:12176

reference_url	https://access.redhat.com/errata/RHSA-2026:13512
reference_id	RHSA-2026:13512
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13512

reference_url	https://access.redhat.com/errata/RHSA-2026:13545
reference_id	RHSA-2026:13545
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13545

reference_url	https://access.redhat.com/errata/RHSA-2026:13553
reference_id	RHSA-2026:13553
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13553

reference_url	https://access.redhat.com/errata/RHSA-2026:13672
reference_id	RHSA-2026:13672
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13672

reference_url	https://access.redhat.com/errata/RHSA-2026:19355
reference_id	RHSA-2026:19355
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:19355

reference_url	https://access.redhat.com/errata/RHSA-2026:21431
reference_id	RHSA-2026:21431
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:21431

reference_url	https://access.redhat.com/errata/RHSA-2026:21517
reference_id	RHSA-2026:21517
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:21517

reference_url	https://access.redhat.com/errata/RHSA-2026:2694
reference_id	RHSA-2026:2694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2694

reference_url	https://access.redhat.com/errata/RHSA-2026:5168
reference_id	RHSA-2026:5168
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:5168

reference_url	https://access.redhat.com/errata/RHSA-2026:5665
reference_id	RHSA-2026:5665
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:5665

reference_url	https://access.redhat.com/errata/RHSA-2026:6308
reference_id	RHSA-2026:6308
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6308

reference_url	https://access.redhat.com/errata/RHSA-2026:6309
reference_id	RHSA-2026:6309
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6309

reference_url	https://access.redhat.com/errata/RHSA-2026:6404
reference_id	RHSA-2026:6404
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6404

reference_url	https://access.redhat.com/errata/RHSA-2026:6497
reference_id	RHSA-2026:6497
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6497

reference_url	https://access.redhat.com/errata/RHSA-2026:6567
reference_id	RHSA-2026:6567
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6567

reference_url	https://access.redhat.com/errata/RHSA-2026:6568
reference_id	RHSA-2026:6568
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6568

reference_url	https://access.redhat.com/errata/RHSA-2026:7295
reference_id	RHSA-2026:7295
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7295

reference_url	https://usn.ubuntu.com/8087-1/
reference_id	USN-8087-1
reference_type
scores
url	https://usn.ubuntu.com/8087-1/

reference_url	https://usn.ubuntu.com/8087-3/
reference_id	USN-8087-3
reference_type
scores
url	https://usn.ubuntu.com/8087-3/

fixed_packages

url pkg:pypi/cryptography@46.0.5

purl pkg:pypi/cryptography@46.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vg4s-htkt-17bj

vulnerability	VCID-wu6a-6z5z-zuba

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@46.0.5

aliases CVE-2026-26007, GHSA-r6ph-v2qm-q3c2

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2n3b-ghpm-s3fb

url VCID-6yx5-ejqy-gbce

vulnerability_id VCID-6yx5-ejqy-gbce

summary

Vulnerable OpenSSL included in cryptography wheels
pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 2.5-41.0.3 is vulnerable to several security issues. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20230908.txt.

If you are building cryptography source ("sdist") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.

references

reference_url

https://github.com/pyca/cryptography

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography

reference_url

https://github.com/pyca/cryptography/commit/fc11bce6930e591ce26a2317b31b9ce2b3e25512

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/commit/fc11bce6930e591ce26a2317b31b9ce2b3e25512

reference_url

https://github.com/advisories/GHSA-v8gr-m533-ghj9

reference_id

GHSA-v8gr-m533-ghj9

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v8gr-m533-ghj9

reference_url

https://github.com/pyca/cryptography/security/advisories/GHSA-v8gr-m533-ghj9

reference_id

GHSA-v8gr-m533-ghj9

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/security/advisories/GHSA-v8gr-m533-ghj9

fixed_packages

url pkg:pypi/cryptography@41.0.4

purl pkg:pypi/cryptography@41.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2n3b-ghpm-s3fb

vulnerability	VCID-cyf1-6j45-x3b4

vulnerability	VCID-n45m-e281-97ar

vulnerability	VCID-rtu1-e9yg-97cx

vulnerability	VCID-wegt-2wzm-euhw

vulnerability	VCID-wu6a-6z5z-zuba

vulnerability	VCID-yyrx-r985-fycc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@41.0.4

aliases GHSA-v8gr-m533-ghj9, GMS-2023-2474

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6yx5-ejqy-gbce

url VCID-bnkr-dheg-wyen

vulnerability_id VCID-bnkr-dheg-wyen

summary

pyca/cryptography's wheels include vulnerable OpenSSL
pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 0.8-41.0.2 is vulnerable to several security issues. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20230731.txt, https://www.openssl.org/news/secadv/20230719.txt, and https://www.openssl.org/news/secadv/20230714.txt.

If you are building cryptography source ("sdist") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.

references

reference_url

https://github.com/pyca/cryptography

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography

reference_url

https://github.com/pyca/cryptography/commit/b22271cf3c3dd8dc8978f8f4b00b5c7060b6538d

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/commit/b22271cf3c3dd8dc8978f8f4b00b5c7060b6538d

reference_url

https://github.com/pyca/cryptography/commit/bfa4d95f0f356f2d535efd5c775e0fb3efe90ef2

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/commit/bfa4d95f0f356f2d535efd5c775e0fb3efe90ef2

reference_url

https://www.openssl.org/news/secadv/20230714.txt

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://www.openssl.org/news/secadv/20230714.txt

reference_url

https://www.openssl.org/news/secadv/20230719.txt

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://www.openssl.org/news/secadv/20230719.txt

reference_url

https://www.openssl.org/news/secadv/20230731.txt

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://www.openssl.org/news/secadv/20230731.txt

reference_url

https://github.com/advisories/GHSA-jm77-qphf-c4w8

reference_id

GHSA-jm77-qphf-c4w8

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jm77-qphf-c4w8

reference_url

https://github.com/pyca/cryptography/security/advisories/GHSA-jm77-qphf-c4w8

reference_id

GHSA-jm77-qphf-c4w8

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/security/advisories/GHSA-jm77-qphf-c4w8

fixed_packages

url pkg:pypi/cryptography@41.0.3

purl pkg:pypi/cryptography@41.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2n3b-ghpm-s3fb

vulnerability	VCID-6yx5-ejqy-gbce

vulnerability	VCID-cyf1-6j45-x3b4

vulnerability	VCID-n45m-e281-97ar

vulnerability	VCID-rtu1-e9yg-97cx

vulnerability	VCID-wegt-2wzm-euhw

vulnerability	VCID-wu6a-6z5z-zuba

vulnerability	VCID-yyrx-r985-fycc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@41.0.3

aliases GHSA-jm77-qphf-c4w8, GMS-2023-1898

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bnkr-dheg-wyen

url VCID-cyf1-6j45-x3b4

vulnerability_id VCID-cyf1-6j45-x3b4

summary cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49083.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49083.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-49083

reference_id

reference_type

scores

value	0.01255
scoring_system	epss
scoring_elements	0.79681
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-49083

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49083
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49083

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pyca/cryptography

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography

reference_url

https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:31:36Z/

url

https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a

reference_url

https://github.com/pyca/cryptography/pull/9926

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:31:36Z/

url

https://github.com/pyca/cryptography/pull/9926

reference_url

https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:31:36Z/

url

https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-254.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-254.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2024/10/msg00012.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/10/msg00012.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV/

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:31:36Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV/

reference_url

http://www.openwall.com/lists/oss-security/2023/11/29/2

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2023/11/29/2

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057108
reference_id	1057108
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057108

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2255331
reference_id	2255331
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2255331

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-49083

reference_id

CVE-2023-49083

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-49083

reference_url

https://github.com/advisories/GHSA-jfhm-5ghh-2f97

reference_id

GHSA-jfhm-5ghh-2f97

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jfhm-5ghh-2f97

reference_url	https://security.gentoo.org/glsa/202407-06
reference_id	GLSA-202407-06
reference_type
scores
url	https://security.gentoo.org/glsa/202407-06

reference_url	https://access.redhat.com/errata/RHSA-2024:10965
reference_id	RHSA-2024:10965
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:10965

reference_url	https://access.redhat.com/errata/RHSA-2024:1640
reference_id	RHSA-2024:1640
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1640

reference_url	https://access.redhat.com/errata/RHSA-2024:1878
reference_id	RHSA-2024:1878
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1878

reference_url	https://access.redhat.com/errata/RHSA-2024:2337
reference_id	RHSA-2024:2337
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2337

reference_url	https://access.redhat.com/errata/RHSA-2024:3105
reference_id	RHSA-2024:3105
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3105

reference_url	https://access.redhat.com/errata/RHSA-2024:3781
reference_id	RHSA-2024:3781
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3781

reference_url	https://access.redhat.com/errata/RHSA-2025:13098
reference_id	RHSA-2025:13098
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13098

reference_url	https://access.redhat.com/errata/RHSA-2025:13100
reference_id	RHSA-2025:13100
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13100

reference_url	https://access.redhat.com/errata/RHSA-2025:13101
reference_id	RHSA-2025:13101
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13101

reference_url	https://access.redhat.com/errata/RHSA-2025:13102
reference_id	RHSA-2025:13102
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13102

reference_url	https://access.redhat.com/errata/RHSA-2025:13103
reference_id	RHSA-2025:13103
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13103

reference_url	https://access.redhat.com/errata/RHSA-2025:13104
reference_id	RHSA-2025:13104
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13104

reference_url	https://access.redhat.com/errata/RHSA-2025:14553
reference_id	RHSA-2025:14553
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14553

reference_url	https://access.redhat.com/errata/RHSA-2025:15874
reference_id	RHSA-2025:15874
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15874

reference_url	https://usn.ubuntu.com/6539-1/
reference_id	USN-6539-1
reference_type
scores
url	https://usn.ubuntu.com/6539-1/

fixed_packages

url pkg:pypi/cryptography@41.0.6

purl pkg:pypi/cryptography@41.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2n3b-ghpm-s3fb

vulnerability	VCID-n45m-e281-97ar

vulnerability	VCID-rtu1-e9yg-97cx

vulnerability	VCID-wegt-2wzm-euhw

vulnerability	VCID-wu6a-6z5z-zuba

vulnerability	VCID-yyrx-r985-fycc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@41.0.6

aliases CVE-2023-49083, GHSA-jfhm-5ghh-2f97, PYSEC-2023-254

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cyf1-6j45-x3b4

url VCID-n45m-e281-97ar

vulnerability_id VCID-n45m-e281-97ar

summary

Python Cryptography package vulnerable to Bleichenbacher timing oracle attack
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50782.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50782.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-50782

reference_id

reference_type

scores

value	0.00879
scoring_system	epss
scoring_elements	0.75653
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-50782

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2254432

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-15T16:14:33Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2254432

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50782
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50782

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pyca/cryptography

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography

reference_url

https://github.com/pyca/cryptography/issues/9785

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/issues/9785

reference_url

https://www.couchbase.com/alerts

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.couchbase.com/alerts

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059308
reference_id	1059308
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059308

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2
reference_id	cpe:/a:redhat:ansible_automation_platform:2
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhui:4::el8
reference_id	cpe:/a:redhat:rhui:4::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhui:4::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6
reference_id	cpe:/a:redhat:satellite:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id	cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id	cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id	cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9

reference_url

https://access.redhat.com/security/cve/CVE-2023-50782

reference_id

CVE-2023-50782

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-15T16:14:33Z/

url

https://access.redhat.com/security/cve/CVE-2023-50782

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-50782

reference_id

CVE-2023-50782

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-50782

reference_url

https://github.com/advisories/GHSA-3ww4-gg4f-jr7f

reference_id

GHSA-3ww4-gg4f-jr7f

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3ww4-gg4f-jr7f

reference_url	https://usn.ubuntu.com/6673-1/
reference_id	USN-6673-1
reference_type
scores
url	https://usn.ubuntu.com/6673-1/

reference_url	https://usn.ubuntu.com/6673-2/
reference_id	USN-6673-2
reference_type
scores
url	https://usn.ubuntu.com/6673-2/

fixed_packages

url pkg:pypi/cryptography@42.0.0

purl pkg:pypi/cryptography@42.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2n3b-ghpm-s3fb

vulnerability	VCID-7j9u-q6e6-jkhd

vulnerability	VCID-rtu1-e9yg-97cx

vulnerability	VCID-wegt-2wzm-euhw

vulnerability	VCID-wu6a-6z5z-zuba

vulnerability	VCID-yyrx-r985-fycc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@42.0.0

aliases CVE-2023-50782, GHSA-3ww4-gg4f-jr7f

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n45m-e281-97ar

url VCID-rtu1-e9yg-97cx

vulnerability_id VCID-rtu1-e9yg-97cx

summary pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels

references

reference_url

https://github.com/pyca/cryptography

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography

reference_url

https://openssl-library.org/news/secadv/20240903.txt

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://openssl-library.org/news/secadv/20240903.txt

reference_url

https://github.com/advisories/GHSA-h4gh-qq45-vh27

reference_id

GHSA-h4gh-qq45-vh27

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h4gh-qq45-vh27

reference_url

https://github.com/pyca/cryptography/security/advisories/GHSA-h4gh-qq45-vh27

reference_id

GHSA-h4gh-qq45-vh27

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/security/advisories/GHSA-h4gh-qq45-vh27

fixed_packages

url pkg:pypi/cryptography@43.0.1

purl pkg:pypi/cryptography@43.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2n3b-ghpm-s3fb

vulnerability	VCID-7j9u-q6e6-jkhd

vulnerability	VCID-wu6a-6z5z-zuba

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@43.0.1

aliases GHSA-h4gh-qq45-vh27

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rtu1-e9yg-97cx

url VCID-wegt-2wzm-euhw

vulnerability_id VCID-wegt-2wzm-euhw

summary cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26130.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26130.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-26130

reference_id

reference_type

scores

value	0.00437
scoring_system	epss
scoring_elements	0.63367
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-26130

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pyca/cryptography

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography

reference_url

https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-14T19:56:07Z/

url

https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55

reference_url

https://github.com/pyca/cryptography/pull/10423

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-14T19:56:07Z/

url

https://github.com/pyca/cryptography/pull/10423

reference_url

https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-14T19:56:07Z/

url

https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2024-225.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2024-225.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064778
reference_id	1064778
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064778

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2269617
reference_id	2269617
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2269617

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-26130

reference_id

CVE-2024-26130

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-26130

reference_url

https://github.com/advisories/GHSA-6vqw-3v5j-54x4

reference_id

GHSA-6vqw-3v5j-54x4

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6vqw-3v5j-54x4

reference_url	https://security.gentoo.org/glsa/202407-06
reference_id	GLSA-202407-06
reference_type
scores
url	https://security.gentoo.org/glsa/202407-06

reference_url	https://access.redhat.com/errata/RHSA-2024:3781
reference_id	RHSA-2024:3781
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3781

reference_url	https://access.redhat.com/errata/RHSA-2024:7987
reference_id	RHSA-2024:7987
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:7987

reference_url	https://access.redhat.com/errata/RHSA-2025:1335
reference_id	RHSA-2025:1335
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1335

reference_url	https://access.redhat.com/errata/RHSA-2025:15608
reference_id	RHSA-2025:15608
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15608

reference_url	https://usn.ubuntu.com/6673-1/
reference_id	USN-6673-1
reference_type
scores
url	https://usn.ubuntu.com/6673-1/

reference_url	https://usn.ubuntu.com/6673-3/
reference_id	USN-6673-3
reference_type
scores
url	https://usn.ubuntu.com/6673-3/

fixed_packages

url pkg:pypi/cryptography@42.0.4

purl pkg:pypi/cryptography@42.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2n3b-ghpm-s3fb

vulnerability	VCID-7j9u-q6e6-jkhd

vulnerability	VCID-rtu1-e9yg-97cx

vulnerability	VCID-wu6a-6z5z-zuba

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@42.0.4

aliases CVE-2024-26130, GHSA-6vqw-3v5j-54x4, PYSEC-2024-225

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wegt-2wzm-euhw

url VCID-wu6a-6z5z-zuba

vulnerability_id VCID-wu6a-6z5z-zuba

summary cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography would allow a peer named bar.example.com to validate against a wildcard leaf certificate for *.example.com, even if the leaf's parent certificate (or upwards) contained an excluded subtree constraint for bar.example.com. This issue has been patched in version 46.0.6.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34073.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34073.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-34073

reference_id

reference_type

scores

value	9e-05
scoring_system	epss
scoring_elements	0.01019
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-34073

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34073
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34073

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pyca/cryptography

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	1.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography

reference_url

https://github.com/pyca/cryptography/security/advisories/GHSA-m959-cc7f-wv43

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	1.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:50:17Z/

url

https://github.com/pyca/cryptography/security/advisories/GHSA-m959-cc7f-wv43

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-34073

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	1.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-34073

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2453276
reference_id	2453276
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2453276

reference_url

https://github.com/advisories/GHSA-m959-cc7f-wv43

reference_id

GHSA-m959-cc7f-wv43

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m959-cc7f-wv43

reference_url	https://access.redhat.com/errata/RHSA-2026:7295
reference_id	RHSA-2026:7295
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7295

fixed_packages

url pkg:pypi/cryptography@46.0.6

purl pkg:pypi/cryptography@46.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vg4s-htkt-17bj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@46.0.6

aliases CVE-2026-34073, GHSA-m959-cc7f-wv43, PYSEC-2026-35

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wu6a-6z5z-zuba

url VCID-yyrx-r985-fycc

vulnerability_id VCID-yyrx-r985-fycc

summary

Null pointer dereference in PKCS12 parsing
Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL
to crash leading to a potential Denial of Service attack

Impact summary: Applications loading files in the PKCS12 format from untrusted
sources might terminate abruptly.

A file in PKCS12 format can contain certificates and keys and may come from an
untrusted source. The PKCS12 specification allows certain fields to be NULL, but
OpenSSL does not correctly check for this case. This can lead to a NULL pointer
dereference that results in OpenSSL crashing. If an application processes PKCS12
files from an untrusted source using the OpenSSL APIs then that application will
be vulnerable to this issue.

OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),
PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()
and PKCS12_newpass().

We have also fixed a similar issue in SMIME_write_PKCS7(). However since this
function is related to writing data we do not consider it security significant.

The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0727.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0727.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-0727

reference_id

reference_type

scores

value	0.00238
scoring_system	epss
scoring_elements	0.47001
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-0727

reference_url

https://cert-portal.siemens.com/productcert/html/ssa-265688.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://cert-portal.siemens.com/productcert/html/ssa-265688.html

reference_url

https://cert-portal.siemens.com/productcert/html/ssa-277137.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://cert-portal.siemens.com/productcert/html/ssa-277137.html

reference_url

https://cert-portal.siemens.com/productcert/html/ssa-331112.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://cert-portal.siemens.com/productcert/html/ssa-331112.html

reference_url

https://cert-portal.siemens.com/productcert/html/ssa-769027.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://cert-portal.siemens.com/productcert/html/ssa-769027.html

reference_url

https://cert-portal.siemens.com/productcert/html/ssa-915275.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://cert-portal.siemens.com/productcert/html/ssa-915275.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0727
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0727

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2

reference_url

https://github.com/github/advisory-database/pull/3472

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/github/advisory-database/pull/3472

reference_url

https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:15:21Z/

url

https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2

reference_url

https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:15:21Z/

url

https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a

reference_url

https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:15:21Z/

url

https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c

reference_url

https://github.com/openssl/openssl/pull/23362

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openssl/openssl/pull/23362

reference_url

https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d

reference_url

https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:15:21Z/

url

https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8

reference_url

https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:15:21Z/

url

https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539

reference_url

https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html

reference_url

https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html

reference_url

https://security.netapp.com/advisory/ntap-20240208-0006

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240208-0006

reference_url

https://www.openssl.org/news/secadv/20240125.txt

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:15:21Z/

url

https://www.openssl.org/news/secadv/20240125.txt

reference_url

http://www.openwall.com/lists/oss-security/2024/03/11/1

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2024/03/11/1

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061582
reference_id	1061582
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061582

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2259944
reference_id	2259944
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2259944

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-0727

reference_id

CVE-2024-0727

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-0727

reference_url

https://github.com/advisories/GHSA-9v9h-cgj8-h64p

reference_id

GHSA-9v9h-cgj8-h64p

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9v9h-cgj8-h64p

reference_url	https://access.redhat.com/errata/RHSA-2024:2447
reference_id	RHSA-2024:2447
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2447

reference_url	https://access.redhat.com/errata/RHSA-2024:9088
reference_id	RHSA-2024:9088
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9088

reference_url	https://usn.ubuntu.com/6622-1/
reference_id	USN-6622-1
reference_type
scores
url	https://usn.ubuntu.com/6622-1/

reference_url	https://usn.ubuntu.com/6632-1/
reference_id	USN-6632-1
reference_type
scores
url	https://usn.ubuntu.com/6632-1/

reference_url	https://usn.ubuntu.com/6709-1/
reference_id	USN-6709-1
reference_type
scores
url	https://usn.ubuntu.com/6709-1/

reference_url	https://usn.ubuntu.com/7018-1/
reference_id	USN-7018-1
reference_type
scores
url	https://usn.ubuntu.com/7018-1/

reference_url	https://usn.ubuntu.com/7894-1/
reference_id	USN-7894-1
reference_type
scores
url	https://usn.ubuntu.com/7894-1/

fixed_packages

url pkg:pypi/cryptography@42.0.2

purl pkg:pypi/cryptography@42.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2n3b-ghpm-s3fb

vulnerability	VCID-7j9u-q6e6-jkhd

vulnerability	VCID-rtu1-e9yg-97cx

vulnerability	VCID-wegt-2wzm-euhw

vulnerability	VCID-wu6a-6z5z-zuba

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@42.0.2

aliases CVE-2024-0727, GHSA-9v9h-cgj8-h64p

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yyrx-r985-fycc

Fixing_vulnerabilities

url VCID-dca7-jkuq-uka3

vulnerability_id VCID-dca7-jkuq-uka3

summary The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38325.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38325.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-38325

reference_id

reference_type

scores

value	0.01168
scoring_system	epss
scoring_elements	0.78962
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-38325

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pyca/cryptography

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography

reference_url

https://github.com/pyca/cryptography/commit/1ca7adc97b76a9dfbd3d850628b613eb93b78fc3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/commit/1ca7adc97b76a9dfbd3d850628b613eb93b78fc3

reference_url

https://github.com/pyca/cryptography/compare/41.0.1...41.0.2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:00:20Z/

url

https://github.com/pyca/cryptography/compare/41.0.1...41.0.2

reference_url

https://github.com/pyca/cryptography/issues/9207

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:00:20Z/

url

https://github.com/pyca/cryptography/issues/9207

reference_url

https://github.com/pyca/cryptography/pull/7960

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/pull/7960

reference_url

https://github.com/pyca/cryptography/pull/9208

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:00:20Z/

url

https://github.com/pyca/cryptography/pull/9208

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-112.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-112.yaml

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMCCTYY3CSNQBFFYYC5DAV6KATHWCUZK

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMCCTYY3CSNQBFFYYC5DAV6KATHWCUZK

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMCCTYY3CSNQBFFYYC5DAV6KATHWCUZK

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMCCTYY3CSNQBFFYYC5DAV6KATHWCUZK

reference_url

https://pypi.org/project/cryptography/#history

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:00:20Z/

url

https://pypi.org/project/cryptography/#history

reference_url

https://security.netapp.com/advisory/ntap-20230824-0010

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20230824-0010

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2231271
reference_id	2231271
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2231271

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-38325

reference_id

CVE-2023-38325

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-38325

reference_url

https://github.com/advisories/GHSA-cf7p-gm2m-833m

reference_id

GHSA-cf7p-gm2m-833m

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cf7p-gm2m-833m

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMCCTYY3CSNQBFFYYC5DAV6KATHWCUZK/

reference_id

NMCCTYY3CSNQBFFYYC5DAV6KATHWCUZK

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:00:20Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMCCTYY3CSNQBFFYYC5DAV6KATHWCUZK/

reference_url

https://security.netapp.com/advisory/ntap-20230824-0010/

reference_id

ntap-20230824-0010

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T16:00:20Z/

url

https://security.netapp.com/advisory/ntap-20230824-0010/

fixed_packages

url pkg:pypi/cryptography@41.0.2

purl pkg:pypi/cryptography@41.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2n3b-ghpm-s3fb

vulnerability	VCID-6yx5-ejqy-gbce

vulnerability	VCID-bnkr-dheg-wyen

vulnerability	VCID-cyf1-6j45-x3b4

vulnerability	VCID-n45m-e281-97ar

vulnerability	VCID-rtu1-e9yg-97cx

vulnerability	VCID-wegt-2wzm-euhw

vulnerability	VCID-wu6a-6z5z-zuba

vulnerability	VCID-yyrx-r985-fycc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@41.0.2

aliases CVE-2023-38325, GHSA-cf7p-gm2m-833m, PYSEC-2023-112

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dca7-jkuq-uka3

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@41.0.2

Package Instance