CRITICAL 9.4 PyPI
GHSA-4jqp-9qjv-57m2 · CVE-2026-1709, PYSEC-2026-74 Keylime Missing Authentication for Critical Function and Improper Authentication
수정: 2026. 5. 20.
package
PyPI / keylime
pkg:pypi/keylime
MEDIUM 4.3 PyPI
GHSA-9jxq-5x44-gx23 · CVE-2025-1057 Keylime registrar is vulnerable to Denial-of-Service attack when updated to version 7.12.0
수정: 2025. 3. 15.
MEDIUM 6.5 PyPI
GHSA-f4r5-q63f-gcww · CVE-2023-38201, PYSEC-2023-160 Keylime registrar and (untrusted) Agent can be bypassed by an attacker
수정: 2026. 2. 4.
LOW 2.3 PyPI
GHSA-g4wg-cfpf-9689 · CVE-2023-3674, PYSEC-2023-128 keylime fails to flag device as untrusted when signature does not validate
수정: 2025. 2. 15.
MEDIUM 5.1 PyPI
GHSA-hff2-x2j9-gxgv · CVE-2022-3500, PYSEC-2022-42995 Keylime: unhandled exceptions could lead to invalid attestation states
수정: 2025. 4. 29.
CRITICAL 9.1 PyPI
GHSA-jf66-3q76-h5p5 · CVE-2022-1053, PYSEC-2022-184 Tenant and Verifier might not use the same registrar data
수정: 2026. 5. 5.
HIGH 7.5 PyPI
GHSA-pg75-v6fp-8q59 · CVE-2023-38200 Keylime's registrar vulnerable to Denial-of-service attack via a single open connection
수정: 2025. 2. 14.
MEDIUM 6.3 PyPI
GHSA-q8w6-w55c-ccv5 · CVE-2026-6420 Keylime has a hardcoded attestation challenge nonce that allows replay attacks
수정: 2026. 5. 11.
HIGH 8.2 PyPI
GHSA-xh5w-g8gq-r3v9 · CVE-2025-13609, PYSEC-2025-77 Keylime allows users to register new agents by recycling existing UUIDs when using different TPM devices
수정: 2026. 5. 29.
— PyPI
PYSEC-2022-184 · CVE-2022-1053, GHSA-jf66-3q76-h5p5 수정: 2026. 5. 5.
— PyPI
PYSEC-2022-42995 · CVE-2022-3500, GHSA-hff2-x2j9-gxgv 수정: 2023. 11. 8.
LOW 2.8 PyPI
PYSEC-2023-128 · CVE-2023-3674, GHSA-g4wg-cfpf-9689 수정: 2023. 11. 8.
MEDIUM 6.5 PyPI
PYSEC-2023-160 · CVE-2023-38201, GHSA-f4r5-q63f-gcww 수정: 2023. 11. 8.
HIGH 8.2 PyPI
PYSEC-2025-77 · CVE-2025-13609, GHSA-xh5w-g8gq-r3v9 수정: 2026. 5. 19.
CRITICAL 9.8 PyPI
PYSEC-2026-74 · CVE-2026-1709, GHSA-4jqp-9qjv-57m2 수정: 2026. 5. 20.