CRITICAL 9.4 PyPI
GHSA-4jqp-9qjv-57m2 · CVE-2026-1709, PYSEC-2026-74 Keylime Missing Authentication for Critical Function and Improper Authentication
Modified: 5/20/2026
package
PyPI / keylime
pkg:pypi/keylime
MEDIUM 4.3 PyPI
GHSA-9jxq-5x44-gx23 · CVE-2025-1057 Keylime registrar is vulnerable to Denial-of-Service attack when updated to version 7.12.0
Modified: 3/15/2025
MEDIUM 6.5 PyPI
GHSA-f4r5-q63f-gcww · CVE-2023-38201, PYSEC-2023-160 Keylime registrar and (untrusted) Agent can be bypassed by an attacker
Modified: 2/4/2026
LOW 2.3 PyPI
GHSA-g4wg-cfpf-9689 · CVE-2023-3674, PYSEC-2023-128 keylime fails to flag device as untrusted when signature does not validate
Modified: 2/15/2025
MEDIUM 5.1 PyPI
GHSA-hff2-x2j9-gxgv · CVE-2022-3500, PYSEC-2022-42995 Keylime: unhandled exceptions could lead to invalid attestation states
Modified: 4/29/2025
CRITICAL 9.1 PyPI
GHSA-jf66-3q76-h5p5 · CVE-2022-1053, PYSEC-2022-184 Tenant and Verifier might not use the same registrar data
Modified: 5/5/2026
HIGH 7.5 PyPI
GHSA-pg75-v6fp-8q59 · CVE-2023-38200 Keylime's registrar vulnerable to Denial-of-service attack via a single open connection
Modified: 2/14/2025
MEDIUM 6.3 PyPI
GHSA-q8w6-w55c-ccv5 · CVE-2026-6420 Keylime has a hardcoded attestation challenge nonce that allows replay attacks
Modified: 5/11/2026
HIGH 8.2 PyPI
GHSA-xh5w-g8gq-r3v9 · CVE-2025-13609, PYSEC-2025-77 Keylime allows users to register new agents by recycling existing UUIDs when using different TPM devices
Modified: 5/29/2026
— PyPI
PYSEC-2022-184 · CVE-2022-1053, GHSA-jf66-3q76-h5p5 Modified: 5/5/2026
— PyPI
PYSEC-2022-42995 · CVE-2022-3500, GHSA-hff2-x2j9-gxgv Modified: 11/8/2023
LOW 2.8 PyPI
PYSEC-2023-128 · CVE-2023-3674, GHSA-g4wg-cfpf-9689 Modified: 11/8/2023
MEDIUM 6.5 PyPI
PYSEC-2023-160 · CVE-2023-38201, GHSA-f4r5-q63f-gcww Modified: 11/8/2023
HIGH 8.2 PyPI
PYSEC-2025-77 · CVE-2025-13609, GHSA-xh5w-g8gq-r3v9 Modified: 5/19/2026
CRITICAL 9.8 PyPI
PYSEC-2026-74 · CVE-2026-1709, GHSA-4jqp-9qjv-57m2 Modified: 5/20/2026