VulnerableCode Package Details - pkg:pypi/cryptography@42.0.4

Search for packages

Vulnerability	Summary	Fixed by
VCID-fa2w-8q46-1fcb Aliases: GHSA-h4gh-qq45-vh27	pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels	43.0.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-ypp8-vqu8-f7en Aliases: CVE-2024-12797 GHSA-79v4-65xg-pq4g	openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected	44.0.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-fa2w-8q46-1fcb
Aliases:
GHSA-h4gh-qq45-vh27

pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels

43.0.1
Affected by 1 other vulnerability.

VCID-ypp8-vqu8-f7en
Aliases:
CVE-2024-12797
GHSA-79v4-65xg-pq4g

openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected

44.0.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-wmwm-snjw-aaam	cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.	CGA-f4qg-9fw4-8247 CVE-2024-26130 GHSA-6vqw-3v5j-54x4 PYSEC-2024-225

Vulnerability

Summary

Aliases

VCID-wmwm-snjw-aaam

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.

CGA-f4qg-9fw4-8247
CVE-2024-26130
GHSA-6vqw-3v5j-54x4
PYSEC-2024-225

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-20T17:16:28.194697+00:00	GitLab Importer	Affected by	VCID-ypp8-vqu8-f7en	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/cryptography/CVE-2024-12797.yml	36.1.3
2025-06-20T17:07:22.204763+00:00	GitLab Importer	Affected by	VCID-fa2w-8q46-1fcb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/cryptography/GHSA-h4gh-qq45-vh27.yml	36.1.3
2025-06-03T23:51:41.781931+00:00	GitLab Importer	Affected by	VCID-ypp8-vqu8-f7en	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/cryptography/CVE-2024-12797.yml	36.1.0
2025-06-03T23:43:28.359742+00:00	GitLab Importer	Affected by	VCID-fa2w-8q46-1fcb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/cryptography/GHSA-h4gh-qq45-vh27.yml	36.1.0
2025-06-02T23:50:30.442879+00:00	GitLab Importer	Affected by	VCID-ypp8-vqu8-f7en	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/cryptography/CVE-2024-12797.yml	36.1.2
2025-06-02T23:41:47.787995+00:00	GitLab Importer	Affected by	VCID-fa2w-8q46-1fcb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/cryptography/GHSA-h4gh-qq45-vh27.yml	36.1.2
2025-04-04T11:32:36.750546+00:00	GithubOSV Importer	Fixing	VCID-wmwm-snjw-aaam	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-6vqw-3v5j-54x4/GHSA-6vqw-3v5j-54x4.json	36.0.0
2025-04-03T22:41:32.919745+00:00	GitLab Importer	Affected by	VCID-ypp8-vqu8-f7en	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/cryptography/CVE-2024-12797.yml	36.0.0
2025-04-03T22:22:28.722096+00:00	GitLab Importer	Affected by	VCID-fa2w-8q46-1fcb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/cryptography/GHSA-h4gh-qq45-vh27.yml	36.0.0
2025-03-29T10:49:56.756045+00:00	GHSA Importer	Fixing	VCID-wmwm-snjw-aaam	https://github.com/advisories/GHSA-6vqw-3v5j-54x4	36.0.0
2025-03-28T22:57:42.648399+00:00	PyPI Importer	Fixing	VCID-wmwm-snjw-aaam	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	36.0.0
2025-03-28T16:49:18.187844+00:00	GitLab Importer	Fixing	VCID-wmwm-snjw-aaam	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/cryptography/CVE-2024-26130.yml	36.0.0
2025-03-28T15:58:50.328824+00:00	Pypa Importer	Fixing	VCID-wmwm-snjw-aaam	https://github.com/pypa/advisory-database/blob/main/vulns/cryptography/PYSEC-2024-225.yaml	36.0.0
2025-02-18T01:11:50.168889+00:00	GitLab Importer	Affected by	VCID-fa2w-8q46-1fcb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/cryptography/GHSA-h4gh-qq45-vh27.yml	35.1.0
2024-11-20T23:34:10.058228+00:00	GitLab Importer	Affected by	VCID-fa2w-8q46-1fcb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/cryptography/GHSA-h4gh-qq45-vh27.yml	35.0.0
2024-11-18T23:23:05.842272+00:00	GitLab Importer	Affected by	VCID-fa2w-8q46-1fcb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/cryptography/GHSA-h4gh-qq45-vh27.yml	34.3.2
2024-10-15T19:22:02.878552+00:00	GithubOSV Importer	Fixing	VCID-wmwm-snjw-aaam	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-6vqw-3v5j-54x4/GHSA-6vqw-3v5j-54x4.json	34.0.2
2024-10-08T00:19:52.672192+00:00	GitLab Importer	Affected by	VCID-fa2w-8q46-1fcb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/cryptography/GHSA-h4gh-qq45-vh27.yml	34.0.2
2024-10-07T22:06:48.569355+00:00	GHSA Importer	Fixing	VCID-wmwm-snjw-aaam	https://github.com/advisories/GHSA-6vqw-3v5j-54x4	34.0.2
2024-10-07T16:15:43.768773+00:00	GHSA Importer	Affected by	VCID-fa2w-8q46-1fcb	https://github.com/advisories/GHSA-h4gh-qq45-vh27	34.0.2
2024-10-07T01:49:15.926892+00:00	GitLab Importer	Affected by	VCID-fa2w-8q46-1fcb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/cryptography/GHSA-h4gh-qq45-vh27.yml	34.0.1
2024-09-22T16:40:12.964720+00:00	GHSA Importer	Affected by	VCID-fa2w-8q46-1fcb	https://github.com/advisories/GHSA-h4gh-qq45-vh27	34.0.1
2024-09-18T09:18:41.971482+00:00	GithubOSV Importer	Fixing	VCID-wmwm-snjw-aaam	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-6vqw-3v5j-54x4/GHSA-6vqw-3v5j-54x4.json	34.0.1
2024-09-17T22:27:13.930171+00:00	GitLab Importer	Fixing	VCID-wmwm-snjw-aaam	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/cryptography/CVE-2024-26130.yml	34.0.1
2024-09-17T22:13:19.792242+00:00	GHSA Importer	Fixing	VCID-wmwm-snjw-aaam	https://github.com/advisories/GHSA-6vqw-3v5j-54x4	34.0.1
2024-04-23T23:12:48.847399+00:00	GithubOSV Importer	Fixing	VCID-wmwm-snjw-aaam	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-6vqw-3v5j-54x4/GHSA-6vqw-3v5j-54x4.json	34.0.0rc4
2024-04-23T17:43:03.922486+00:00	GitLab Importer	Fixing	VCID-wmwm-snjw-aaam	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/cryptography/CVE-2024-26130.yml	34.0.0rc4
2024-04-23T17:41:25.328817+00:00	GHSA Importer	Fixing	VCID-wmwm-snjw-aaam	https://github.com/advisories/GHSA-6vqw-3v5j-54x4	34.0.0rc4