VulnerableCode Package Details - pkg:pypi/cryptography@0.2.1

Search for packages

Package details: pkg:pypi/cryptography@0.2.1

Essentials
History (10)

purl	pkg:pypi/cryptography@0.2.1

Next non-vulnerable version	44.0.1
Latest non-vulnerable version	44.0.1
Risk	4.0

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-asvq-g6rg-6fb6 Aliases: CVE-2023-50782 GHSA-3ww4-gg4f-jr7f	Python Cryptography package vulnerable to Bleichenbacher timing oracle attack A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.	42.0.0 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-fvfv-bp4e-bygg Aliases: CVE-2016-9243 GHSA-q3cj-2r34-2cwc PYSEC-2017-8	HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.	1.5.3 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-g16w-7n3v-a3em Aliases: CVE-2020-25659 GHSA-hggm-jpg3-v476 PYSEC-2021-62	python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.	3.2 Affected by 10 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.2.1 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-vyp9-gg98-wqdc Aliases: CVE-2024-0727 GHSA-9v9h-cgj8-h64p	Null pointer dereference in PKCS12 parsing Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.	42.0.2 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T11:33:36.534305+00:00	GitLab Importer	Affected by	VCID-asvq-g6rg-6fb6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/cryptography/CVE-2023-50782.yml	37.0.0
2025-08-01T11:31:54.223842+00:00	GitLab Importer	Affected by	VCID-vyp9-gg98-wqdc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/cryptography/CVE-2024-0727.yml	37.0.0
2025-08-01T10:30:15.076661+00:00	GitLab Importer	Affected by	VCID-fvfv-bp4e-bygg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/cryptography/CVE-2016-9243.yml	37.0.0
2025-08-01T09:44:17.125631+00:00	GitLab Importer	Affected by	VCID-g16w-7n3v-a3em	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/cryptography/CVE-2020-25659.yml	37.0.0
2025-08-01T08:57:16.168427+00:00	GHSA Importer	Affected by	VCID-fvfv-bp4e-bygg	https://github.com/advisories/GHSA-q3cj-2r34-2cwc	37.0.0
2025-08-01T08:37:45.280206+00:00	PyPI Importer	Affected by	VCID-g16w-7n3v-a3em	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	37.0.0
2025-08-01T08:33:14.769753+00:00	PyPI Importer	Affected by	VCID-fvfv-bp4e-bygg	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	37.0.0
2025-08-01T08:24:11.865616+00:00	GHSA Importer	Affected by	VCID-g16w-7n3v-a3em	https://github.com/advisories/GHSA-hggm-jpg3-v476	37.0.0
2025-07-31T08:10:35.474737+00:00	Pypa Importer	Affected by	VCID-g16w-7n3v-a3em	https://github.com/pypa/advisory-database/blob/main/vulns/cryptography/PYSEC-2021-62.yaml	37.0.0
2025-07-31T08:06:17.256560+00:00	Pypa Importer	Affected by	VCID-fvfv-bp4e-bygg	https://github.com/pypa/advisory-database/blob/main/vulns/cryptography/PYSEC-2017-8.yaml	37.0.0