Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-z9ad-ts2t-1bdj

Summary cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7.

Aliases

alias	CVE-2026-39892

alias	GHSA-p423-j2cm-9vmq

alias	PYSEC-2026-36

Fixed_packages

url	pkg:pypi/cryptography@46.0.7
purl	pkg:pypi/cryptography@46.0.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@46.0.7

Affected_packages

url pkg:pypi/cryptography@45.0.0

purl pkg:pypi/cryptography@45.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jksg-v3x3-z3d3

vulnerability	VCID-z9ad-ts2t-1bdj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@45.0.0

url pkg:pypi/cryptography@45.0.1

purl pkg:pypi/cryptography@45.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jksg-v3x3-z3d3

vulnerability	VCID-z9ad-ts2t-1bdj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@45.0.1

url pkg:pypi/cryptography@45.0.2

purl pkg:pypi/cryptography@45.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jksg-v3x3-z3d3

vulnerability	VCID-z9ad-ts2t-1bdj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@45.0.2

url pkg:pypi/cryptography@45.0.3

purl pkg:pypi/cryptography@45.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jksg-v3x3-z3d3

vulnerability	VCID-z9ad-ts2t-1bdj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@45.0.3

url pkg:pypi/cryptography@45.0.4

purl pkg:pypi/cryptography@45.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jksg-v3x3-z3d3

vulnerability	VCID-z9ad-ts2t-1bdj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@45.0.4

url pkg:pypi/cryptography@45.0.5

purl pkg:pypi/cryptography@45.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jksg-v3x3-z3d3

vulnerability	VCID-z9ad-ts2t-1bdj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@45.0.5

url pkg:pypi/cryptography@45.0.6

purl pkg:pypi/cryptography@45.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jksg-v3x3-z3d3

vulnerability	VCID-z9ad-ts2t-1bdj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@45.0.6

url pkg:pypi/cryptography@45.0.7

purl pkg:pypi/cryptography@45.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jksg-v3x3-z3d3

vulnerability	VCID-z9ad-ts2t-1bdj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@45.0.7

url pkg:pypi/cryptography@46.0.0

purl pkg:pypi/cryptography@46.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jksg-v3x3-z3d3

vulnerability	VCID-z9ad-ts2t-1bdj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@46.0.0

url pkg:pypi/cryptography@46.0.1

purl pkg:pypi/cryptography@46.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jksg-v3x3-z3d3

vulnerability	VCID-z9ad-ts2t-1bdj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@46.0.1

url pkg:pypi/cryptography@46.0.2

purl pkg:pypi/cryptography@46.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jksg-v3x3-z3d3

vulnerability	VCID-z9ad-ts2t-1bdj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@46.0.2

url pkg:pypi/cryptography@46.0.3

purl pkg:pypi/cryptography@46.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jksg-v3x3-z3d3

vulnerability	VCID-z9ad-ts2t-1bdj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@46.0.3

url pkg:pypi/cryptography@46.0.4

purl pkg:pypi/cryptography@46.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jksg-v3x3-z3d3

vulnerability	VCID-z9ad-ts2t-1bdj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@46.0.4

url pkg:pypi/cryptography@46.0.5

purl pkg:pypi/cryptography@46.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jksg-v3x3-z3d3

vulnerability	VCID-z9ad-ts2t-1bdj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@46.0.5

url pkg:pypi/cryptography@46.0.6

purl pkg:pypi/cryptography@46.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-z9ad-ts2t-1bdj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@46.0.6

References

reference_url

https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq

reference_url

http://www.openwall.com/lists/oss-security/2026/04/08/12

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

http://www.openwall.com/lists/oss-security/2026/04/08/12

Weaknesses

Exploits

Severity_range_score 9.8 - 9.8

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z9ad-ts2t-1bdj

Vulnerability Instance