{"url":"http://public2.vulnerablecode.io/api/packages/6716?format=json","purl":"pkg:pypi/cryptography@2.0.3","type":"pypi","namespace":"","name":"cryptography","version":"2.0.3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"46.0.5","latest_non_vulnerable_version":"46.0.7","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17794?format=json","vulnerability_id":"VCID-4j5v-k162-tfgd","summary":"Vulnerable OpenSSL included in cryptography wheels\npyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 0.5-40.0.2 is vulnerable to a security issue. More details about the vulnerability itself can be found in https://www.openssl.org/news/secadv/20230530.txt.\n\nIf you are building cryptography source (\"sdist\") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.","references":[{"reference_url":"https://cryptography.io/en/latest/changelog/#v41-0-0","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cryptography.io/en/latest/changelog/#v41-0-0"},{"reference_url":"https://github.com/pyca/cryptography","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pyca/cryptography"},{"reference_url":"https://github.com/pyca/cryptography/commit/8708245ccdeaff21d65eea68a4f8d2a7c5949a22","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pyca/cryptography/commit/8708245ccdeaff21d65eea68a4f8d2a7c5949a22"},{"reference_url":"https://github.com/advisories/GHSA-5cpq-8wj7-hf2v","reference_id":"GHSA-5cpq-8wj7-hf2v","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5cpq-8wj7-hf2v"},{"reference_url":"https://github.com/pyca/cryptography/security/advisories/GHSA-5cpq-8wj7-hf2v","reference_id":"GHSA-5cpq-8wj7-hf2v","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pyca/cryptography/security/advisories/GHSA-5cpq-8wj7-hf2v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/36501?format=json","purl":"pkg:pypi/cryptography@41.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-48jq-1u5d-tkan"},{"vulnerability":"VCID-av98-fhpr-tkhh"},{"vulnerability":"VCID-f44c-ygbw-bufn"},{"vulnerability":"VCID-g772-pn9e-7ufv"},{"vulnerability":"VCID-hpev-apm4-sqfw"},{"vulnerability":"VCID-npaa-km8e-f3gs"},{"vulnerability":"VCID-p5vx-kq3j-b3ds"},{"vulnerability":"VCID-r78e-t88x-a3ed"},{"vulnerability":"VCID-x7vf-dyab-qbhq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@41.0.0"}],"aliases":["GHSA-5cpq-8wj7-hf2v","GMS-2023-1778"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4j5v-k162-tfgd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5762?format=json","vulnerability_id":"VCID-4nw9-zhuy-y7cz","summary":"A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3600","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3600"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10903.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10903.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10903","reference_id":"","reference_type":"","scores":[{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43919","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43917","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43867","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43937","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43914","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.4387","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43889","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43905","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43938","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10903"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10903","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10903","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10903"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-fcf9-3qw3-gxmj","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fcf9-3qw3-gxmj"},{"reference_url":"https://github.com/pyca/cryptography","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pyca/cryptography"},{"reference_url":"https://github.com/pyca/cryptography/commit/d4378e42937b56f473ddade2667f919ce32208cb","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pyca/cryptography/commit/d4378e42937b56f473ddade2667f919ce32208cb"},{"reference_url":"https://github.com/pyca/cryptography/pull/4342","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pyca/cryptography/pull/4342"},{"reference_url":"https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2018-52.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2018-52.yaml"},{"reference_url":"https://usn.ubuntu.com/3720-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3720-1"},{"reference_url":"https://usn.ubuntu.com/3720-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3720-1/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1602931","reference_id":"1602931","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1602931"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904072","reference_id":"904072","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904072"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10903","reference_id":"CVE-2018-10903","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10903"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6725?format=json","purl":"pkg:pypi/cryptography@2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4j5v-k162-tfgd"},{"vulnerability":"VCID-f44c-ygbw-bufn"},{"vulnerability":"VCID-hpev-apm4-sqfw"},{"vulnerability":"VCID-npaa-km8e-f3gs"},{"vulnerability":"VCID-u4f5-k68d-wfd1"},{"vulnerability":"VCID-vmx8-tjg2-uuec"},{"vulnerability":"VCID-x2wm-3tk7-wbbv"},{"vulnerability":"VCID-x7vf-dyab-qbhq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@2.3"}],"aliases":["CVE-2018-10903","GHSA-fcf9-3qw3-gxmj","PYSEC-2018-52"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4nw9-zhuy-y7cz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20964?format=json","vulnerability_id":"VCID-f44c-ygbw-bufn","summary":"cryptography Vulnerable to a Subgroup Attack Due to Missing Subgroup Validation for SECT Curves\n## Vulnerability Summary\n\nThe `public_key_from_numbers` (or `EllipticCurvePublicNumbers.public_key()`), `EllipticCurvePublicNumbers.public_key()`, `load_der_public_key()` and `load_pem_public_key()` functions do not verify that the point belongs to the expected prime-order subgroup of the curve.\n\nThis missing validation allows an attacker to provide a public key point `P` from a small-order subgroup.  This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as `S = [victim_private_key]P` via ECDH,  this leaks information about `victim_private_key mod (small_subgroup_order)`. For curves with cofactor > 1, this reveals the least significant bits of the private key.  When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup.\n\nOnly SECT curves are impacted by this.\n\n## Credit\n\nThis vulnerability was discovered by:\n- XlabAI Team of Tencent Xuanwu Lab\n- Atuin Automated Vulnerability Discovery Engine","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26007.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26007.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26007","reference_id":"","reference_type":"","scores":[{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00691","published_at":"2026-04-13T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00708","published_at":"2026-04-07T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00707","published_at":"2026-04-08T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00697","published_at":"2026-04-11T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00944","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26007"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26007","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26007"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pyca/cryptography","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pyca/cryptography"},{"reference_url":"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:28:38Z/"}],"url":"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c"},{"reference_url":"https://github.com/pyca/cryptography/releases/tag/46.0.5","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pyca/cryptography/releases/tag/46.0.5"},{"reference_url":"https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:28:38Z/"}],"url":"https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26007","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26007"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/02/10/4","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/02/10/4"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127926","reference_id":"1127926","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127926"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438762","reference_id":"2438762","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438762"},{"reference_url":"https://github.com/advisories/GHSA-r6ph-v2qm-q3c2","reference_id":"GHSA-r6ph-v2qm-q3c2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r6ph-v2qm-q3c2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2694","reference_id":"RHSA-2026:2694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5168","reference_id":"RHSA-2026:5168","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5168"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5665","reference_id":"RHSA-2026:5665","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5665"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6308","reference_id":"RHSA-2026:6308","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6308"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6309","reference_id":"RHSA-2026:6309","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6309"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6404","reference_id":"RHSA-2026:6404","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6404"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6497","reference_id":"RHSA-2026:6497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6567","reference_id":"RHSA-2026:6567","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6567"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6568","reference_id":"RHSA-2026:6568","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6568"},{"reference_url":"https://usn.ubuntu.com/8087-1/","reference_id":"USN-8087-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8087-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62920?format=json","purl":"pkg:pypi/cryptography@46.0.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@46.0.5"}],"aliases":["CVE-2026-26007","GHSA-r6ph-v2qm-q3c2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f44c-ygbw-bufn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14009?format=json","vulnerability_id":"VCID-hpev-apm4-sqfw","summary":"Null pointer dereference in PKCS12 parsing\nIssue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\nto crash leading to a potential Denial of Service attack\n\nImpact summary: Applications loading files in the PKCS12 format from untrusted\nsources might terminate abruptly.\n\nA file in PKCS12 format can contain certificates and keys and may come from an\nuntrusted source. The PKCS12 specification allows certain fields to be NULL, but\nOpenSSL does not correctly check for this case. This can lead to a NULL pointer\ndereference that results in OpenSSL crashing. If an application processes PKCS12\nfiles from an untrusted source using the OpenSSL APIs then that application will\nbe vulnerable to this issue.\n\nOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\nPKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\nand PKCS12_newpass().\n\nWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\nfunction is related to writing data we do not consider it security significant.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0727.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0727.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-0727","reference_id":"","reference_type":"","scores":[{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46537","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46533","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46556","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46509","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46528","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46529","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46477","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-0727"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0727","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0727"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2"},{"reference_url":"https://github.com/github/advisory-database/pull/3472","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/github/advisory-database/pull/3472"},{"reference_url":"https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:15:21Z/"}],"url":"https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2"},{"reference_url":"https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:15:21Z/"}],"url":"https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a"},{"reference_url":"https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:15:21Z/"}],"url":"https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c"},{"reference_url":"https://github.com/openssl/openssl/pull/23362","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openssl/openssl/pull/23362"},{"reference_url":"https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d"},{"reference_url":"https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:15:21Z/"}],"url":"https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8"},{"reference_url":"https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:15:21Z/"}],"url":"https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-0727","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-0727"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240208-0006","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240208-0006"},{"reference_url":"https://www.openssl.org/news/secadv/20240125.txt","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:15:21Z/"}],"url":"https://www.openssl.org/news/secadv/20240125.txt"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/03/11/1","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/03/11/1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061582","reference_id":"1061582","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061582"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2259944","reference_id":"2259944","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2259944"},{"reference_url":"https://github.com/advisories/GHSA-9v9h-cgj8-h64p","reference_id":"GHSA-9v9h-cgj8-h64p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9v9h-cgj8-h64p"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2447","reference_id":"RHSA-2024:2447","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2447"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:9088","reference_id":"RHSA-2024:9088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:9088"},{"reference_url":"https://usn.ubuntu.com/6622-1/","reference_id":"USN-6622-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6622-1/"},{"reference_url":"https://usn.ubuntu.com/6632-1/","reference_id":"USN-6632-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6632-1/"},{"reference_url":"https://usn.ubuntu.com/6709-1/","reference_id":"USN-6709-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6709-1/"},{"reference_url":"https://usn.ubuntu.com/7018-1/","reference_id":"USN-7018-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7018-1/"},{"reference_url":"https://usn.ubuntu.com/7894-1/","reference_id":"USN-7894-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7894-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44727?format=json","purl":"pkg:pypi/cryptography@42.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f44c-ygbw-bufn"},{"vulnerability":"VCID-g772-pn9e-7ufv"},{"vulnerability":"VCID-gqj1-zam7-c3bv"},{"vulnerability":"VCID-p5vx-kq3j-b3ds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@42.0.2"}],"aliases":["CVE-2024-0727","GHSA-9v9h-cgj8-h64p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hpev-apm4-sqfw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18589?format=json","vulnerability_id":"VCID-npaa-km8e-f3gs","summary":"pyca/cryptography's wheels include vulnerable OpenSSL\npyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 0.8-41.0.2 is vulnerable to several security issues. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20230731.txt, https://www.openssl.org/news/secadv/20230719.txt, and https://www.openssl.org/news/secadv/20230714.txt.\n\nIf you are building cryptography source (\"sdist\") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.","references":[{"reference_url":"https://github.com/pyca/cryptography","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pyca/cryptography"},{"reference_url":"https://github.com/pyca/cryptography/commit/b22271cf3c3dd8dc8978f8f4b00b5c7060b6538d","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pyca/cryptography/commit/b22271cf3c3dd8dc8978f8f4b00b5c7060b6538d"},{"reference_url":"https://github.com/pyca/cryptography/commit/bfa4d95f0f356f2d535efd5c775e0fb3efe90ef2","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pyca/cryptography/commit/bfa4d95f0f356f2d535efd5c775e0fb3efe90ef2"},{"reference_url":"https://www.openssl.org/news/secadv/20230714.txt","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openssl.org/news/secadv/20230714.txt"},{"reference_url":"https://www.openssl.org/news/secadv/20230719.txt","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openssl.org/news/secadv/20230719.txt"},{"reference_url":"https://www.openssl.org/news/secadv/20230731.txt","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openssl.org/news/secadv/20230731.txt"},{"reference_url":"https://github.com/advisories/GHSA-jm77-qphf-c4w8","reference_id":"GHSA-jm77-qphf-c4w8","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jm77-qphf-c4w8"},{"reference_url":"https://github.com/pyca/cryptography/security/advisories/GHSA-jm77-qphf-c4w8","reference_id":"GHSA-jm77-qphf-c4w8","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pyca/cryptography/security/advisories/GHSA-jm77-qphf-c4w8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41528?format=json","purl":"pkg:pypi/cryptography@41.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-48jq-1u5d-tkan"},{"vulnerability":"VCID-f44c-ygbw-bufn"},{"vulnerability":"VCID-g772-pn9e-7ufv"},{"vulnerability":"VCID-hpev-apm4-sqfw"},{"vulnerability":"VCID-p5vx-kq3j-b3ds"},{"vulnerability":"VCID-r78e-t88x-a3ed"},{"vulnerability":"VCID-x7vf-dyab-qbhq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@41.0.3"}],"aliases":["GHSA-jm77-qphf-c4w8","GMS-2023-1898"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-npaa-km8e-f3gs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9949?format=json","vulnerability_id":"VCID-u4f5-k68d-wfd1","summary":"cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23931.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23931.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-23931","reference_id":"","reference_type":"","scores":[{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74131","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74137","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74155","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74134","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74086","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74114","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74087","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74119","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-23931"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23931","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23931"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pyca/cryptography","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pyca/cryptography"},{"reference_url":"https://github.com/pyca/cryptography/commit/d6951dca25de45abd52da51b608055371fbcde4e","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pyca/cryptography/commit/d6951dca25de45abd52da51b608055371fbcde4e"},{"reference_url":"https://github.com/pyca/cryptography/pull/8230","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pyca/cryptography/pull/8230"},{"reference_url":"https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:11Z/"}],"url":"https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3"},{"reference_url":"https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:11Z/"}],"url":"https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-11.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-11.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/10/msg00012.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/10/msg00012.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230324-0007","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20230324-0007"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031049","reference_id":"1031049","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031049"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2171817","reference_id":"2171817","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2171817"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-23931","reference_id":"CVE-2023-23931","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-23931"},{"reference_url":"https://github.com/advisories/GHSA-w7pp-m8wf-vj6r","reference_id":"GHSA-w7pp-m8wf-vj6r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w7pp-m8wf-vj6r"},{"reference_url":"https://security.gentoo.org/glsa/202407-06","reference_id":"GLSA-202407-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4693","reference_id":"RHSA-2023:4693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4971","reference_id":"RHSA-2023:4971","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4971"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6615","reference_id":"RHSA-2023:6615","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6615"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6793","reference_id":"RHSA-2023:6793","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6793"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7096","reference_id":"RHSA-2023:7096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7096"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7341","reference_id":"RHSA-2023:7341","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7341"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2985","reference_id":"RHSA-2024:2985","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2985"},{"reference_url":"https://usn.ubuntu.com/6539-1/","reference_id":"USN-6539-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6539-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32007?format=json","purl":"pkg:pypi/cryptography@39.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-48jq-1u5d-tkan"},{"vulnerability":"VCID-4j5v-k162-tfgd"},{"vulnerability":"VCID-f44c-ygbw-bufn"},{"vulnerability":"VCID-g772-pn9e-7ufv"},{"vulnerability":"VCID-hpev-apm4-sqfw"},{"vulnerability":"VCID-npaa-km8e-f3gs"},{"vulnerability":"VCID-p5vx-kq3j-b3ds"},{"vulnerability":"VCID-r78e-t88x-a3ed"},{"vulnerability":"VCID-x7vf-dyab-qbhq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@39.0.1"}],"aliases":["CVE-2023-23931","GHSA-w7pp-m8wf-vj6r","PYSEC-2023-11"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u4f5-k68d-wfd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6241?format=json","vulnerability_id":"VCID-vmx8-tjg2-uuec","summary":"python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25659.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25659.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25659","reference_id":"","reference_type":"","scores":[{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48585","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48573","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.486","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48578","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48582","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48528","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48577","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48517","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48553","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25659"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25659","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25659"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-hggm-jpg3-v476","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hggm-jpg3-v476"},{"reference_url":"https://github.com/pyca/cryptography","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pyca/cryptography"},{"reference_url":"https://github.com/pyca/cryptography/commit/58494b41d6ecb0f56b7c5f05d5f5e3ca0320d494","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pyca/cryptography/commit/58494b41d6ecb0f56b7c5f05d5f5e3ca0320d494"},{"reference_url":"https://github.com/pyca/cryptography/pull/5507","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pyca/cryptography/pull/5507"},{"reference_url":"https://github.com/pyca/cryptography/pull/5507/commits/ce1bef6f1ee06ac497ca0c837fbd1c7ef6c2472b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pyca/cryptography/pull/5507/commits/ce1bef6f1ee06ac497ca0c837fbd1c7ef6c2472b"},{"reference_url":"https://github.com/pyca/cryptography/security/advisories/GHSA-hggm-jpg3-v476","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pyca/cryptography/security/advisories/GHSA-hggm-jpg3-v476"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2021-62.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2021-62.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25659","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25659"},{"reference_url":"https://pypi.org/project/cryptography","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pypi.org/project/cryptography"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1889988","reference_id":"1889988","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1889988"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973247","reference_id":"973247","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973247"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1608","reference_id":"RHSA-2021:1608","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1608"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2239","reference_id":"RHSA-2021:2239","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2239"},{"reference_url":"https://usn.ubuntu.com/4613-1/","reference_id":"USN-4613-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4613-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/14758?format=json","purl":"pkg:pypi/cryptography@3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-48jq-1u5d-tkan"},{"vulnerability":"VCID-4j5v-k162-tfgd"},{"vulnerability":"VCID-bjpd-6kh8-1bbs"},{"vulnerability":"VCID-f44c-ygbw-bufn"},{"vulnerability":"VCID-hpev-apm4-sqfw"},{"vulnerability":"VCID-npaa-km8e-f3gs"},{"vulnerability":"VCID-r78e-t88x-a3ed"},{"vulnerability":"VCID-u4f5-k68d-wfd1"},{"vulnerability":"VCID-vmx8-tjg2-uuec"},{"vulnerability":"VCID-x2wm-3tk7-wbbv"},{"vulnerability":"VCID-x7vf-dyab-qbhq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@3.2"},{"url":"http://public2.vulnerablecode.io/api/packages/14759?format=json","purl":"pkg:pypi/cryptography@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-48jq-1u5d-tkan"},{"vulnerability":"VCID-4j5v-k162-tfgd"},{"vulnerability":"VCID-bjpd-6kh8-1bbs"},{"vulnerability":"VCID-f44c-ygbw-bufn"},{"vulnerability":"VCID-hpev-apm4-sqfw"},{"vulnerability":"VCID-npaa-km8e-f3gs"},{"vulnerability":"VCID-r78e-t88x-a3ed"},{"vulnerability":"VCID-u4f5-k68d-wfd1"},{"vulnerability":"VCID-x2wm-3tk7-wbbv"},{"vulnerability":"VCID-x7vf-dyab-qbhq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@3.2.1"}],"aliases":["CVE-2020-25659","GHSA-hggm-jpg3-v476","PYSEC-2021-62"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vmx8-tjg2-uuec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16373?format=json","vulnerability_id":"VCID-x2wm-3tk7-wbbv","summary":"Access of Resource Using Incompatible Type ('Type Confusion')\nThere is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0286.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0286.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0286","reference_id":"","reference_type":"","scores":[{"value":"0.88474","scoring_system":"epss","scoring_elements":"0.99496","published_at":"2026-04-04T12:55:00Z"},{"value":"0.88474","scoring_system":"epss","scoring_elements":"0.99495","published_at":"2026-04-02T12:55:00Z"},{"value":"0.88981","scoring_system":"epss","scoring_elements":"0.99526","published_at":"2026-04-13T12:55:00Z"},{"value":"0.88981","scoring_system":"epss","scoring_elements":"0.99525","published_at":"2026-04-11T12:55:00Z"},{"value":"0.89087","scoring_system":"epss","scoring_elements":"0.99528","published_at":"2026-04-07T12:55:00Z"},{"value":"0.89087","scoring_system":"epss","scoring_elements":"0.99529","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0286"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286"},{"reference_url":"https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/"}],"url":"https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt"},{"reference_url":"https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/"}],"url":"https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pyca/cryptography","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pyca/cryptography"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/"}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/"}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/"}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d"},{"reference_url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2023-0006.html","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2023-0006.html"},{"reference_url":"https://security.gentoo.org/glsa/202402-08","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/"}],"url":"https://security.gentoo.org/glsa/202402-08"},{"reference_url":"https://www.openssl.org/news/secadv/20230207.txt","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/"}],"url":"https://www.openssl.org/news/secadv/20230207.txt"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164440","reference_id":"2164440","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164440"},{"reference_url":"https://access.redhat.com/security/cve/cve-2023-0286","reference_id":"CVE-2023-0286","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/cve-2023-0286"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0286","reference_id":"CVE-2023-0286","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0286"},{"reference_url":"https://github.com/advisories/GHSA-x4qr-2fvf-3mr5","reference_id":"GHSA-x4qr-2fvf-3mr5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x4qr-2fvf-3mr5"},{"reference_url":"https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5","reference_id":"GHSA-x4qr-2fvf-3mr5","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0946","reference_id":"RHSA-2023:0946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1199","reference_id":"RHSA-2023:1199","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1199"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1335","reference_id":"RHSA-2023:1335","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1405","reference_id":"RHSA-2023:1405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1437","reference_id":"RHSA-2023:1437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1438","reference_id":"RHSA-2023:1438","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1438"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1439","reference_id":"RHSA-2023:1439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1440","reference_id":"RHSA-2023:1440","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1440"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1441","reference_id":"RHSA-2023:1441","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1441"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2022","reference_id":"RHSA-2023:2022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2165","reference_id":"RHSA-2023:2165","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2932","reference_id":"RHSA-2023:2932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3354","reference_id":"RHSA-2023:3354","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3354"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3355","reference_id":"RHSA-2023:3355","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3355"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3420","reference_id":"RHSA-2023:3420","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3420"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3421","reference_id":"RHSA-2023:3421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4124","reference_id":"RHSA-2023:4124","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4124"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4128","reference_id":"RHSA-2023:4128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4252","reference_id":"RHSA-2023:4252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5209","reference_id":"RHSA-2023:5209","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5209"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5136","reference_id":"RHSA-2024:5136","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5136"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6095","reference_id":"RHSA-2024:6095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7733","reference_id":"RHSA-2025:7733","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7733"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7895","reference_id":"RHSA-2025:7895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7895"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7937","reference_id":"RHSA-2025:7937","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7937"},{"reference_url":"https://usn.ubuntu.com/5844-1/","reference_id":"USN-5844-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5844-1/"},{"reference_url":"https://usn.ubuntu.com/5845-1/","reference_id":"USN-5845-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5845-1/"},{"reference_url":"https://usn.ubuntu.com/5845-2/","reference_id":"USN-5845-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5845-2/"},{"reference_url":"https://usn.ubuntu.com/6564-1/","reference_id":"USN-6564-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6564-1/"},{"reference_url":"https://usn.ubuntu.com/7894-1/","reference_id":"USN-7894-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7894-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32007?format=json","purl":"pkg:pypi/cryptography@39.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-48jq-1u5d-tkan"},{"vulnerability":"VCID-4j5v-k162-tfgd"},{"vulnerability":"VCID-f44c-ygbw-bufn"},{"vulnerability":"VCID-g772-pn9e-7ufv"},{"vulnerability":"VCID-hpev-apm4-sqfw"},{"vulnerability":"VCID-npaa-km8e-f3gs"},{"vulnerability":"VCID-p5vx-kq3j-b3ds"},{"vulnerability":"VCID-r78e-t88x-a3ed"},{"vulnerability":"VCID-x7vf-dyab-qbhq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@39.0.1"}],"aliases":["CVE-2023-0286","GHSA-x4qr-2fvf-3mr5"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x2wm-3tk7-wbbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15388?format=json","vulnerability_id":"VCID-x7vf-dyab-qbhq","summary":"Python Cryptography package vulnerable to Bleichenbacher timing oracle attack\nA flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50782.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50782.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-50782","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-15T16:14:33Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-50782"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50782","reference_id":"","reference_type":"","scores":[{"value":"0.00855","scoring_system":"epss","scoring_elements":"0.74909","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00855","scoring_system":"epss","scoring_elements":"0.74946","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00855","scoring_system":"epss","scoring_elements":"0.74956","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00855","scoring_system":"epss","scoring_elements":"0.74977","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00855","scoring_system":"epss","scoring_elements":"0.74954","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00855","scoring_system":"epss","scoring_elements":"0.74942","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00855","scoring_system":"epss","scoring_elements":"0.74907","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00855","scoring_system":"epss","scoring_elements":"0.74935","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50782"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2254432","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-15T16:14:33Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2254432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50782","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50782"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pyca/cryptography","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pyca/cryptography"},{"reference_url":"https://github.com/pyca/cryptography/issues/9785","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pyca/cryptography/issues/9785"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50782","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50782"},{"reference_url":"https://www.couchbase.com/alerts","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.couchbase.com/alerts"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059308","reference_id":"1059308","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059308"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2","reference_id":"cpe:/a:redhat:ansible_automation_platform:2","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhui:4::el8","reference_id":"cpe:/a:redhat:rhui:4::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhui:4::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6","reference_id":"cpe:/a:redhat:satellite:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://github.com/advisories/GHSA-3ww4-gg4f-jr7f","reference_id":"GHSA-3ww4-gg4f-jr7f","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3ww4-gg4f-jr7f"},{"reference_url":"https://usn.ubuntu.com/6673-1/","reference_id":"USN-6673-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6673-1/"},{"reference_url":"https://usn.ubuntu.com/6673-2/","reference_id":"USN-6673-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6673-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44725?format=json","purl":"pkg:pypi/cryptography@42.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f44c-ygbw-bufn"},{"vulnerability":"VCID-g772-pn9e-7ufv"},{"vulnerability":"VCID-gqj1-zam7-c3bv"},{"vulnerability":"VCID-hpev-apm4-sqfw"},{"vulnerability":"VCID-p5vx-kq3j-b3ds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@42.0.0"}],"aliases":["CVE-2023-50782","GHSA-3ww4-gg4f-jr7f"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x7vf-dyab-qbhq"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@2.0.3"}