VulnerableCode Package Details - pkg:pypi/pyopenssl@26.0.0

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-dt7c-fvqj-2bek	pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback If a user provided callback to `set_tlsext_servername_callback` raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Unhandled exceptions now result in rejecting the connection. Credit to Leury Castillo for reporting this issue.	CVE-2026-27448 GHSA-vp96-hxj8-p424
VCID-mt1s-vhfk-5bda	pyOpenSSL DTLS cookie callback buffer overflow If a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Cookie values that are too long are now rejected.	CVE-2026-27459 GHSA-5pwr-322w-8jr4

Vulnerability

Summary

Aliases

VCID-dt7c-fvqj-2bek

pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback If a user provided callback to `set_tlsext_servername_callback` raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Unhandled exceptions now result in rejecting the connection. Credit to **Leury Castillo** for reporting this issue.

CVE-2026-27448
GHSA-vp96-hxj8-p424

VCID-mt1s-vhfk-5bda

pyOpenSSL DTLS cookie callback buffer overflow If a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Cookie values that are too long are now rejected.

CVE-2026-27459
GHSA-5pwr-322w-8jr4

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-06T16:31:08.016012+00:00	GitLab Importer	Fixing	VCID-dt7c-fvqj-2bek	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pyOpenSSL/CVE-2026-27448.yml	38.6.0
2026-05-06T16:31:04.843415+00:00	GitLab Importer	Fixing	VCID-mt1s-vhfk-5bda	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pyOpenSSL/CVE-2026-27459.yml	38.6.0
2026-04-29T23:25:47.722074+00:00	GitLab Importer	Fixing	VCID-dt7c-fvqj-2bek	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pyOpenSSL/CVE-2026-27448.yml	38.5.0
2026-04-29T23:25:44.767855+00:00	GitLab Importer	Fixing	VCID-mt1s-vhfk-5bda	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pyOpenSSL/CVE-2026-27459.yml	38.5.0
2026-04-18T04:14:53.594479+00:00	GitLab Importer	Fixing	VCID-dt7c-fvqj-2bek	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pyOpenSSL/CVE-2026-27448.yml	38.4.0
2026-04-18T04:14:53.342477+00:00	GitLab Importer	Fixing	VCID-mt1s-vhfk-5bda	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pyOpenSSL/CVE-2026-27459.yml	38.4.0
2026-04-02T17:01:09.108032+00:00	GHSA Importer	Fixing	VCID-mt1s-vhfk-5bda	https://github.com/advisories/GHSA-5pwr-322w-8jr4	38.1.0
2026-04-02T17:01:08.677307+00:00	GHSA Importer	Fixing	VCID-dt7c-fvqj-2bek	https://github.com/advisories/GHSA-vp96-hxj8-p424	38.1.0
2026-04-01T12:54:10.503781+00:00	GithubOSV Importer	Fixing	VCID-dt7c-fvqj-2bek	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-vp96-hxj8-p424/GHSA-vp96-hxj8-p424.json	38.0.0
2026-04-01T12:53:50.732104+00:00	GithubOSV Importer	Fixing	VCID-mt1s-vhfk-5bda	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-5pwr-322w-8jr4/GHSA-5pwr-322w-8jr4.json	38.0.0