Vulnerable OpenSSL included in cryptography wheels

GHSA-5cpq-8wj7-hf2v

Published Jun 2, 2023 · Modified Feb 4, 2026

Description

pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 0.5-40.0.2 are vulnerable to a security issue. More details about the vulnerability itself can be found in https://www.openssl.org/news/secadv/20230530.txt.

If you are building cryptography source ("sdist") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.

References

WEB https://github.com/pyca/cryptography/security/advisories/GHSA-5cpq-8wj7-hf2v
WEB https://github.com/pyca/cryptography/commit/8708245ccdeaff21d65eea68a4f8d2a7c5949a22
WEB https://cryptography.io/en/latest/changelog/#v41-0-0
PACKAGE https://github.com/pyca/cryptography

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes