Search for packages
Package details: pkg:pypi/cryptography@1.5.3
purl pkg:pypi/cryptography@1.5.3
Next non-vulnerable version 44.0.1
Latest non-vulnerable version 44.0.1
Risk 10.0
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-asvq-g6rg-6fb6
Aliases:
CVE-2023-50782
GHSA-3ww4-gg4f-jr7f
Python Cryptography package vulnerable to Bleichenbacher timing oracle attack A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
42.0.0
Affected by 4 other vulnerabilities.
VCID-avpj-snvy-8ucj
Aliases:
CVE-2023-0286
GHSA-x4qr-2fvf-3mr5
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.
39.0.1
Affected by 8 other vulnerabilities.
VCID-g16w-7n3v-a3em
Aliases:
CVE-2020-25659
GHSA-hggm-jpg3-v476
PYSEC-2021-62
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.
3.2
Affected by 10 other vulnerabilities.
3.2.1
Affected by 9 other vulnerabilities.
VCID-p92j-hr4h-ffab
Aliases:
GHSA-5cpq-8wj7-hf2v
GMS-2023-1778
Vulnerable OpenSSL included in cryptography wheels pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 0.5-40.0.2 are vulnerable to a security issue. More details about the vulnerability itself can be found in https://www.openssl.org/news/secadv/20230530.txt. If you are building cryptography source ("sdist") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.
41.0.0
Affected by 8 other vulnerabilities.
VCID-vyp9-gg98-wqdc
Aliases:
CVE-2024-0727
GHSA-9v9h-cgj8-h64p
Null pointer dereference in PKCS12 parsing Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.
42.0.2
Affected by 3 other vulnerabilities.
VCID-zgw3-pac5-8ff4
Aliases:
GHSA-jm77-qphf-c4w8
GMS-2023-1898
pyca/cryptography's wheels include vulnerable OpenSSL pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 0.8-41.0.2 are vulnerable to several security issues. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20230731.txt, https://www.openssl.org/news/secadv/20230719.txt, and https://www.openssl.org/news/secadv/20230714.txt. If you are building cryptography source ("sdist") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.
41.0.3
Affected by 6 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-fvfv-bp4e-bygg HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size. CVE-2016-9243
GHSA-q3cj-2r34-2cwc
PYSEC-2017-8

Date Actor Action Vulnerability Source VulnerableCode Version
2025-08-01T11:33:36.721479+00:00 GitLab Importer Affected by VCID-asvq-g6rg-6fb6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/cryptography/CVE-2023-50782.yml 37.0.0
2025-08-01T11:31:54.409398+00:00 GitLab Importer Affected by VCID-vyp9-gg98-wqdc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/cryptography/CVE-2024-0727.yml 37.0.0
2025-08-01T11:16:29.457917+00:00 GitLab Importer Affected by VCID-zgw3-pac5-8ff4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/cryptography/GMS-2023-1898.yml 37.0.0
2025-08-01T11:10:41.618787+00:00 GitLab Importer Affected by VCID-p92j-hr4h-ffab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/cryptography/GMS-2023-1778.yml 37.0.0
2025-08-01T11:00:17.677105+00:00 GitLab Importer Affected by VCID-avpj-snvy-8ucj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/cryptography/CVE-2023-0286.yml 37.0.0
2025-08-01T10:30:15.241236+00:00 GitLab Importer Fixing VCID-fvfv-bp4e-bygg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/cryptography/CVE-2016-9243.yml 37.0.0
2025-08-01T09:44:17.289726+00:00 GitLab Importer Affected by VCID-g16w-7n3v-a3em https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/cryptography/CVE-2020-25659.yml 37.0.0
2025-08-01T08:57:16.350992+00:00 GHSA Importer Fixing VCID-fvfv-bp4e-bygg https://github.com/advisories/GHSA-q3cj-2r34-2cwc 37.0.0
2025-08-01T08:37:45.448092+00:00 PyPI Importer Affected by VCID-g16w-7n3v-a3em https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 37.0.0
2025-08-01T08:33:14.935106+00:00 PyPI Importer Fixing VCID-fvfv-bp4e-bygg https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 37.0.0
2025-08-01T08:24:12.048117+00:00 GHSA Importer Affected by VCID-g16w-7n3v-a3em https://github.com/advisories/GHSA-hggm-jpg3-v476 37.0.0
2025-07-31T09:05:48.667560+00:00 GithubOSV Importer Fixing VCID-fvfv-bp4e-bygg https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-q3cj-2r34-2cwc/GHSA-q3cj-2r34-2cwc.json 37.0.0
2025-07-31T08:10:35.556854+00:00 Pypa Importer Affected by VCID-g16w-7n3v-a3em https://github.com/pypa/advisory-database/blob/main/vulns/cryptography/PYSEC-2021-62.yaml 37.0.0
2025-07-31T08:06:17.465860+00:00 Pypa Importer Fixing VCID-fvfv-bp4e-bygg https://github.com/pypa/advisory-database/blob/main/vulns/cryptography/PYSEC-2017-8.yaml 37.0.0