cryptography (pypi) security advisories

HIGH 7.5

PyPI

CVE-2024-26130

Feb 21, 2024

HIGH 7.5

PyPI

CVE-2024-26130

cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override

Feb 21, 2024

UNKNOWN

PyPI

CVE-2023-38325

Jul 14, 2023

UNKNOWN

PyPI

CVE-2026-39892

Cryptography vulnerable to buffer overflow if non-contiguous buffers were passed to APIs

Apr 8, 2026

MEDIUM 5.3

PyPI

CVE-2026-34073

cryptography has incomplete DNS name constraint enforcement on peer names

Mar 27, 2026

CRITICAL 9.8

PyPI

CVE-2026-39892

Apr 8, 2026

MEDIUM 5.3

PyPI

CVE-2026-34073

Mar 31, 2026

MEDIUM 5.5

PyPI

CVE-2024-0727

Null pointer dereference in PKCS12 parsing

Jan 26, 2024

UNKNOWN

PyPI

CVE-2026-26007

cryptography Vulnerable to a Subgroup Attack Due to Missing Subgroup Validation for SECT Curves

Feb 10, 2026

MEDIUM 6.5

PyPI

CVE-2023-23931

Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf

Feb 7, 2023

HIGH 7.5

PyPI

CVE-2023-50782

Python Cryptography package vulnerable to Bleichenbacher timing oracle attack

Feb 5, 2024

UNKNOWN

PyPI

CVE-2023-23931

Feb 7, 2023

UNKNOWN

PyPI

GHSA-v8gr-m533-ghj9

Vulnerable OpenSSL included in cryptography wheels

Sep 21, 2023

UNKNOWN

PyPI

GHSA-jm77-qphf-c4w8

pyca/cryptography's wheels include vulnerable OpenSSL

Aug 1, 2023

MEDIUM 5.9

PyPI

CVE-2023-49083

cryptography vulnerable to NULL-dereference when loading PKCS7 certificates

Nov 28, 2023

HIGH 7.4

PyPI

CVE-2023-0286

Vulnerable OpenSSL included in cryptography wheels

Feb 8, 2023

HIGH 7.5

PyPI

CVE-2023-38325

cryptography mishandles SSH certificates

Jul 14, 2023

UNKNOWN

PyPI

CVE-2024-12797

Vulnerable OpenSSL included in cryptography wheels

Feb 11, 2025

UNKNOWN

PyPI

GHSA-h4gh-qq45-vh27

pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels

Sep 3, 2024

UNKNOWN

PyPI

GHSA-5cpq-8wj7-hf2v

Vulnerable OpenSSL included in cryptography wheels

Jun 2, 2023

CRITICAL 9.1

PyPI

CVE-2020-36242

PyCA Cryptography symmetrically encrypting large values can lead to integer overflow

Feb 10, 2021

UNKNOWN

PyPI

GHSA-39hc-v87j-747x

Vulnerable OpenSSL included in cryptography wheels

Nov 2, 2022

MEDIUM 5.9

PyPI

CVE-2020-25659

RSA decryption vulnerable to Bleichenbacher timing vulnerability

Oct 27, 2020

HIGH 7.5

PyPI

CVE-2016-9243

Improper input validation in cryptography

May 17, 2022

HIGH 7.5

PyPI

CVE-2018-10903

PyCA Cryptography vulnerable to GCM tag forgery

Jul 31, 2018

HIGH 7.5

PyPI

CVE-2023-49083

Nov 29, 2023

UNKNOWN

PyPI

CVE-2020-36242

Feb 7, 2021

UNKNOWN

PyPI

CVE-2020-25659

Jan 11, 2021

UNKNOWN

PyPI

CVE-2018-10903

Jul 30, 2018

UNKNOWN

PyPI

CVE-2016-9243

Mar 27, 2017

cryptography

Vulnerabilities

CVE-2024-26130

cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override

CVE-2023-38325

Cryptography vulnerable to buffer overflow if non-contiguous buffers were passed to APIs

cryptography has incomplete DNS name constraint enforcement on peer names

CVE-2026-39892

CVE-2026-34073

Null pointer dereference in PKCS12 parsing

cryptography Vulnerable to a Subgroup Attack Due to Missing Subgroup Validation for SECT Curves

Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf

Python Cryptography package vulnerable to Bleichenbacher timing oracle attack

CVE-2023-23931

Vulnerable OpenSSL included in cryptography wheels

pyca/cryptography's wheels include vulnerable OpenSSL

cryptography vulnerable to NULL-dereference when loading PKCS7 certificates

Vulnerable OpenSSL included in cryptography wheels

cryptography mishandles SSH certificates

Vulnerable OpenSSL included in cryptography wheels

pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels

Vulnerable OpenSSL included in cryptography wheels

PyCA Cryptography symmetrically encrypting large values can lead to integer overflow

Vulnerable OpenSSL included in cryptography wheels

RSA decryption vulnerable to Bleichenbacher timing vulnerability

Improper input validation in cryptography

PyCA Cryptography vulnerable to GCM tag forgery

CVE-2023-49083

CVE-2020-36242

CVE-2020-25659

CVE-2018-10903

CVE-2016-9243

Start Securing