HIGH 7.4 PyPI crates.io
GHSA-x4qr-2fvf-3mr5 · CVE-2023-0286, RUSTSEC-2023-0006 Vulnerable OpenSSL included in cryptography wheels
Modified: 2/4/2026
package
PyPI / cryptography
pkg:pypi/cryptography
MEDIUM PyPI
GHSA-39hc-v87j-747x Vulnerable OpenSSL included in cryptography wheels
Modified: 12/3/2024
HIGH 7.5 PyPI
GHSA-3ww4-gg4f-jr7f · CVE-2023-50782 Python Cryptography package vulnerable to Bleichenbacher timing oracle attack
Modified: 2/28/2026
LOW PyPI
GHSA-5cpq-8wj7-hf2v Vulnerable OpenSSL included in cryptography wheels
Modified: 2/4/2026
HIGH 7.5 PyPI
GHSA-6vqw-3v5j-54x4 · CVE-2024-26130, PYSEC-2024-225 cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override
Modified: 6/10/2026
LOW PyPI
GHSA-79v4-65xg-pq4g · CVE-2024-12797 Vulnerable OpenSSL included in cryptography wheels
Modified: 2/4/2026
MEDIUM 5.5 PyPI
GHSA-9v9h-cgj8-h64p · CVE-2024-0727 Null pointer dereference in PKCS12 parsing
Modified: 5/13/2026
HIGH 7.5 PyPI
GHSA-cf7p-gm2m-833m · CVE-2023-38325, PYSEC-2023-112 cryptography mishandles SSH certificates
Modified: 2/4/2026
HIGH 7.5 PyPI
GHSA-fcf9-3qw3-gxmj · CVE-2018-10903, PYSEC-2018-52 PyCA Cryptography vulnerable to GCM tag forgery
Modified: 9/13/2024
MEDIUM PyPI
GHSA-h4gh-qq45-vh27 pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels
Modified: 2/4/2026
MEDIUM 5.9 PyPI
GHSA-hggm-jpg3-v476 · CVE-2020-25659, PYSEC-2021-62 RSA decryption vulnerable to Bleichenbacher timing vulnerability
Modified: 11/24/2024
MEDIUM 5.9 PyPI
GHSA-jfhm-5ghh-2f97 · CVE-2023-49083, PYSEC-2023-254 cryptography vulnerable to NULL-dereference when loading PKCS7 certificates
Modified: 2/4/2026
LOW PyPI
GHSA-jm77-qphf-c4w8 pyca/cryptography's wheels include vulnerable OpenSSL
Modified: 2/4/2026
MEDIUM 5.3 PyPI
GHSA-m959-cc7f-wv43 · CVE-2026-34073, PYSEC-2026-35 cryptography has incomplete DNS name constraint enforcement on peer names
Modified: 6/5/2026
MEDIUM PyPI
GHSA-p423-j2cm-9vmq · CVE-2026-39892, PYSEC-2026-36 Cryptography vulnerable to buffer overflow if non-contiguous buffers were passed to APIs
Modified: 6/5/2026
HIGH 7.5 PyPI
GHSA-q3cj-2r34-2cwc · CVE-2016-9243, PYSEC-2017-8 Improper input validation in cryptography
Modified: 9/13/2024
HIGH PyPI
GHSA-r6ph-v2qm-q3c2 · CVE-2026-26007 cryptography Vulnerable to a Subgroup Attack Due to Missing Subgroup Validation for SECT Curves
Modified: 5/11/2026
CRITICAL 9.1 PyPI
GHSA-rhm9-p9w5-fwm7 · CVE-2020-36242, PYSEC-2021-63 PyCA Cryptography symmetrically encrypting large values can lead to integer overflow
Modified: 2/15/2025
LOW PyPI
GHSA-v8gr-m533-ghj9 Vulnerable OpenSSL included in cryptography wheels
Modified: 2/4/2026
MEDIUM 6.5 PyPI
GHSA-w7pp-m8wf-vj6r · CVE-2023-23931, PYSEC-2023-11 Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf
Modified: 3/30/2026
— PyPI
PYSEC-2017-8 · CVE-2016-9243, GHSA-q3cj-2r34-2cwc Modified: 11/8/2023
— PyPI
PYSEC-2018-52 · CVE-2018-10903, GHSA-fcf9-3qw3-gxmj Modified: 11/8/2023
— PyPI
PYSEC-2021-62 · CVE-2020-25659, GHSA-hggm-jpg3-v476 Modified: 11/8/2023
— PyPI
PYSEC-2021-63 · CVE-2020-36242, GHSA-rhm9-p9w5-fwm7 Modified: 11/8/2023
— PyPI
PYSEC-2023-11 · CVE-2023-23931, GHSA-w7pp-m8wf-vj6r Modified: 2/22/2026
— PyPI
PYSEC-2023-112 · CVE-2023-38325, GHSA-cf7p-gm2m-833m Modified: 6/10/2026
HIGH 7.5 PyPI
PYSEC-2023-254 · CVE-2023-49083, GHSA-jfhm-5ghh-2f97 Modified: 2/17/2024
HIGH 7.5 PyPI
PYSEC-2024-225 · CVE-2024-26130, GHSA-6vqw-3v5j-54x4 Modified: 6/10/2026
MEDIUM 5.3 PyPI
PYSEC-2026-35 · CVE-2026-34073, GHSA-m959-cc7f-wv43 Modified: 5/20/2026
CRITICAL 9.8 PyPI
PYSEC-2026-36 · CVE-2026-39892, GHSA-p423-j2cm-9vmq Modified: 5/20/2026