HIGH 7.4 PyPI crates.io
GHSA-x4qr-2fvf-3mr5 · CVE-2023-0286, RUSTSEC-2023-0006 Vulnerable OpenSSL included in cryptography wheels
Modified: 2/4/2026
package
crates.io / openssl-src
pkg:crates.io/openssl-src
HIGH 7.5 crates.io
GHSA-29xx-hcv2-c4cp · CVE-2023-0216, RUSTSEC-2023-0011 openssl-src subject to Invalid pointer dereference in `d2i_PKCS7` functions
Modified: 2/4/2026
HIGH 7.5 crates.io
GHSA-3wx7-46ch-7rq2 · CVE-2022-2097, RUSTSEC-2022-0032 AES OCB fails to encrypt some bytes
Modified: 2/4/2026
HIGH 7.5 crates.io
GHSA-4f63-89w9-3jjv · CVE-2022-3358, RUSTSEC-2022-0059 Using a Custom Cipher with `NID_undef` may lead to NULL encryption
Modified: 2/4/2026
CRITICAL 9.8 crates.io
GHSA-5ww6-px42-wc85 · CVE-2021-3711, RUSTSEC-2021-0097 SM2 Decryption Buffer Overflow
Modified: 6/24/2024
MEDIUM 5.9 crates.io
GHSA-638m-m8mh-7gw2 · CVE-2022-1434, RUSTSEC-2022-0026 Incorrect MAC key used in the RC4-MD5 ciphersuite
Modified: 2/4/2026
CRITICAL 9.8 crates.io
GHSA-735f-pg76-fxc4 · CVE-2022-2274, RUSTSEC-2022-0033 openssl-src heap memory corruption with RSA private key operation
Modified: 11/8/2023
MEDIUM 5.9 crates.io
GHSA-83mx-573x-5rw9 · BIT-node-2021-3449, BIT-node-min-2021-3449 openssl-src NULL pointer Dereference in signature_algorithms processing
Modified: 12/16/2024
MEDIUM 5.9 crates.io
GHSA-84rm-qf37-fgc2 · CVE-2021-23841, RUSTSEC-2021-0058 Integer Overflow in openssl-src
Modified: 11/8/2023
HIGH 7.4 crates.io
GHSA-8hfj-xrj2-pm22 · BIT-node-2021-3450, BIT-node-min-2021-3450 Certificate check bypass in openssl-src
Modified: 12/16/2024
CRITICAL 9.8 crates.io
GHSA-8rwr-x37p-mx23 · BIT-node-2022-3602, BIT-node-min-2022-3602 X.509 Email Address 4-byte Buffer Overflow
Modified: 2/4/2026
HIGH 7.5 crates.io
GHSA-g323-fr93-4j3c · CVE-2022-1473, RUSTSEC-2022-0025 Resource leakage when decoding certificates and keys
Modified: 2/4/2026
HIGH 7.5 crates.io
GHSA-h8jm-2x53-xhp5 · BIT-node-2022-3786, BIT-node-min-2022-3786 X.509 Email Address Variable Length Buffer Overflow
Modified: 2/4/2026
HIGH 7.5 crates.io
GHSA-jq65-29v4-4x35 · CVE-2020-1967, RUSTSEC-2020-0015 Null pointer deference in openssl-src
Modified: 2/4/2026
MEDIUM 5.3 crates.io
GHSA-mfm6-r9g2-q4r7 · CVE-2022-1343, RUSTSEC-2022-0027 `OCSP_basic_verify` may incorrectly verify the response signing certificate
Modified: 2/4/2026
HIGH 7.5 crates.io
GHSA-mmjf-f5jw-w72q · BIT-node-2021-4044, BIT-node-min-2021-4044 Invalid handling of `X509_verify_cert()` internal errors in libssl
Modified: 12/16/2024
MEDIUM 5.9 crates.io
GHSA-p52g-cm5j-mjv4 · CVE-2022-4304, RUSTSEC-2023-0007 openssl-src subject to Timing Oracle in RSA Decryption
Modified: 2/4/2026
HIGH 7.4 crates.io
GHSA-q9wj-f4qw-6vfj · CVE-2021-3712, RUSTSEC-2021-0098 Read buffer overruns processing ASN.1 strings
Modified: 5/5/2026
HIGH 7.5 crates.io
GHSA-qgm6-9472-pwq7 · BIT-node-2021-23840, BIT-node-min-2021-23840 Integer Overflow in openssl-src
Modified: 12/16/2024
HIGH 7.5 crates.io
GHSA-r7jw-wp68-3xch · CVE-2023-0215, RUSTSEC-2023-0009 openssl-src vulnerable to Use-after-free following `BIO_new_NDEF`
Modified: 2/4/2026
HIGH 7.5 crates.io
GHSA-v5w6-wcm8-jm4q · CVE-2022-4450, RUSTSEC-2023-0010 openssl-src contains Double free after calling `PEM_read_bio_ex`
Modified: 2/4/2026
HIGH 7.5 crates.io
GHSA-vr8j-hgmm-jh9r · CVE-2022-3996 Denial of service by double-checked locking in openssl-src
Modified: 2/4/2026
HIGH 7.5 crates.io
GHSA-vrh7-x64v-7vxq · CVE-2023-0401, RUSTSEC-2023-0013 openssl-src contains `NULL` dereference during PKCS7 data verification
Modified: 2/4/2026
HIGH 7.5 crates.io
GHSA-vxrh-cpg7-8vjr · CVE-2023-0217, RUSTSEC-2023-0012 openssl-src subject to NULL dereference validating DSA public key
Modified: 2/4/2026
CRITICAL 9.1 crates.io
GHSA-w67w-mw4j-8qrv · CVE-2022-4203, RUSTSEC-2023-0008 openssl-src contains Read Buffer Overflow in X.509 Name Constraint
Modified: 2/4/2026
HIGH 7.5 crates.io
GHSA-x3mh-jvjw-3xwx · BIT-mariadb-2022-0778, BIT-mariadb-min-2022-0778 openssl-src's infinite loop in `BN_mod_sqrt()` reachable when parsing certificates
Modified: 2/4/2026
HIGH 7.5 crates.io
RUSTSEC-2020-0015 · CVE-2020-1967, GHSA-jq65-29v4-4x35 Crash causing Denial of Service attack
Modified: 7/15/2024
MEDIUM 5.9 crates.io
RUSTSEC-2021-0055 · BIT-node-2021-3449, BIT-node-min-2021-3449 NULL pointer deref in signature_algorithms processing
Modified: 12/16/2024
HIGH 7.4 crates.io
RUSTSEC-2021-0056 · BIT-node-2021-3450, BIT-node-min-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT
Modified: 12/16/2024
HIGH 7.5 crates.io
RUSTSEC-2021-0057 · BIT-node-2021-23840, BIT-node-min-2021-23840 Integer overflow in CipherUpdate
Modified: 12/16/2024
MEDIUM 5.9 crates.io
RUSTSEC-2021-0058 · CVE-2021-23841, GHSA-84rm-qf37-fgc2 Null pointer deref in `X509_issuer_and_serial_hash()`
Modified: 11/8/2023
CRITICAL 9.8 crates.io
RUSTSEC-2021-0097 · CVE-2021-3711, GHSA-5ww6-px42-wc85 SM2 Decryption Buffer Overflow
Modified: 11/8/2023
HIGH 7.4 crates.io
RUSTSEC-2021-0098 · CVE-2021-3712, GHSA-q9wj-f4qw-6vfj Read buffer overruns processing ASN.1 strings
Modified: 11/8/2023
— crates.io
RUSTSEC-2021-0129 · BIT-node-2021-4044, BIT-node-min-2021-4044 Invalid handling of `X509_verify_cert()` internal errors in libssl
Modified: 12/16/2024
— crates.io
RUSTSEC-2022-0014 · BIT-mariadb-2022-0778, BIT-mariadb-min-2022-0778 Infinite loop in `BN_mod_sqrt()` reachable when parsing certificates
Modified: 6/10/2025
HIGH 7.5 crates.io
RUSTSEC-2022-0025 · CVE-2022-1473, GHSA-g323-fr93-4j3c Resource leakage when decoding certificates and keys
Modified: 11/8/2023
MEDIUM 5.9 crates.io
RUSTSEC-2022-0026 · CVE-2022-1434, GHSA-638m-m8mh-7gw2 Incorrect MAC key used in the RC4-MD5 ciphersuite
Modified: 11/8/2023
MEDIUM 5.3 crates.io
RUSTSEC-2022-0027 · CVE-2022-1343, GHSA-mfm6-r9g2-q4r7 `OCSP_basic_verify` may incorrectly verify the response signing certificate
Modified: 11/8/2023
— crates.io
RUSTSEC-2022-0032 · CVE-2022-2097, GHSA-3wx7-46ch-7rq2 AES OCB fails to encrypt some bytes
Modified: 11/8/2023
— crates.io
RUSTSEC-2022-0033 · CVE-2022-2274, GHSA-735f-pg76-fxc4 Heap memory corruption with RSA private key operation
Modified: 11/8/2023
— crates.io
RUSTSEC-2022-0059 · CVE-2022-3358, GHSA-4f63-89w9-3jjv Using a Custom Cipher with `NID_undef` may lead to NULL encryption
Modified: 11/8/2023
— crates.io
RUSTSEC-2022-0064 · BIT-node-2022-3602, BIT-node-min-2022-3602 X.509 Email Address 4-byte Buffer Overflow
Modified: 12/16/2024
— crates.io
RUSTSEC-2022-0065 · BIT-node-2022-3786, BIT-node-min-2022-3786 X.509 Email Address Variable Length Buffer Overflow
Modified: 12/16/2024
— crates.io
RUSTSEC-2023-0006 · CVE-2023-0286, GHSA-x4qr-2fvf-3mr5 X.400 address type confusion in X.509 `GeneralName`
Modified: 11/8/2023
— crates.io
RUSTSEC-2023-0007 · CVE-2022-4304, GHSA-p52g-cm5j-mjv4 Timing Oracle in RSA Decryption
Modified: 11/8/2023
— crates.io
RUSTSEC-2023-0008 · CVE-2022-4203, GHSA-w67w-mw4j-8qrv X.509 Name Constraints Read Buffer Overflow
Modified: 11/8/2023
— crates.io
RUSTSEC-2023-0009 · CVE-2023-0215, GHSA-r7jw-wp68-3xch Use-after-free following `BIO_new_NDEF`
Modified: 11/8/2023
— crates.io
RUSTSEC-2023-0010 · CVE-2022-4450, GHSA-v5w6-wcm8-jm4q Double free after calling `PEM_read_bio_ex`
Modified: 11/8/2023
— crates.io
RUSTSEC-2023-0011 · CVE-2023-0216, GHSA-29xx-hcv2-c4cp Invalid pointer dereference in `d2i_PKCS7` functions
Modified: 11/8/2023
— crates.io
RUSTSEC-2023-0012 · CVE-2023-0217, GHSA-vxrh-cpg7-8vjr `NULL` dereference validating DSA public key
Modified: 11/8/2023
— crates.io
RUSTSEC-2023-0013 · CVE-2023-0401, GHSA-vrh7-x64v-7vxq `NULL` dereference during PKCS7 data verification
Modified: 11/8/2023