Search for packages
| purl | pkg:pypi/paramiko@1.3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3nbs-d4je-67fb
Aliases: CVE-2018-7750 GHSA-232r-66cg-79px PYSEC-2018-19 |
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-mdkv-a82q-mke5
Aliases: CVE-2008-0299 GHSA-wqmm-q65g-2hqr PYSEC-2008-8 |
common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool. |
Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-08-01T10:21:33.498223+00:00 | GitLab Importer | Affected by | VCID-mdkv-a82q-mke5 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/paramiko/CVE-2008-0299.yml | 37.0.0 |
| 2025-08-01T09:12:49.870114+00:00 | GitLab Importer | Affected by | VCID-3nbs-d4je-67fb | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/paramiko/CVE-2018-7750.yml | 37.0.0 |
| 2025-08-01T08:01:34.964524+00:00 | GHSA Importer | Affected by | VCID-3nbs-d4je-67fb | https://github.com/advisories/GHSA-232r-66cg-79px | 37.0.0 |