pkg:PyPI/cryptography

25 total CVEsCRITICAL4HIGH10MEDIUM11

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2026-39892Cryptography vulnerable to buffer overflow if non-contiguous buffers were passed to APIs
    >= 45.0.0, < 46.0.7
  • CRITICAL9.8CVE-2026-39892Cryptography vulnerable to buffer overflow if non-contiguous buffers were passed to APIs
    >= 45.0.0, < 46.0.7
  • CRITICAL9.1CVE-2020-36242PyCA Cryptography symmetrically encrypting large values can lead to integer overflow
    >= 3.1, < 3.3.2
  • CRITICAL9.1CVE-2020-36242PyCA Cryptography symmetrically encrypting large values can lead to integer overflow
    >= 3.1, < 3.3.2
  • HIGH7.5CVE-2024-26130cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override
    >= 38.0.0, < 42.0.4
  • HIGH7.5CVE-2024-26130cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override
    from 0, < 97d231672763cdb5959a3b191e692a362f1b9e55, < 97d231672763cdb5959a3b191e692a362f1b9e55 | >= 38.0.0, < 42.0.4
  • HIGH7.5CVE-2023-50782Python Cryptography package vulnerable to Bleichenbacher timing oracle attack
    from 0, < 42.0.0
  • HIGH7.5CVE-2023-38325cryptography mishandles SSH certificates
    >= 40.0.0, < 41.0.2
  • HIGH7.5CVE-2023-38325cryptography mishandles SSH certificates
    >= 40.0.0, < 41.0.2
  • HIGH7.5CVE-2016-9243Improper input validation in cryptography
    from 0, < b924696b2e8731f39696584d12cceeb3aeb2d874 | from 0, < 1.5.3
  • HIGH7.5CVE-2016-9243Improper input validation in cryptography
    from 0, < 1.5.3
  • HIGH7.5CVE-2018-10903PyCA Cryptography vulnerable to GCM tag forgery
    >= 1.9, < 2.3
  • HIGH7.5CVE-2018-10903PyCA Cryptography vulnerable to GCM tag forgery
    >= 1.9.0, < 2.3
  • HIGH7.4CVE-2023-0286Vulnerable OpenSSL included in cryptography wheels
    >= 0.8.1, < 39.0.1
  • MEDIUM6.5CVE-2026-26007cryptography Vulnerable to a Subgroup Attack Due to Missing Subgroup Validation for SECT Curves
    from 0, < 46.0.5
  • MEDIUM6.5CVE-2023-23931Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf
    from 0, < 94a50a9731f35405f0357fa5f3b177d46a726ab3 | >= 1.8, < 39.0.1
  • MEDIUM6.5CVE-2023-23931Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf
    >= 1.8, < 39.0.1
  • MEDIUM6.3CVE-2024-12797Vulnerable OpenSSL included in cryptography wheels
    >= 42.0.0, < 44.0.1
  • MEDIUM5.9CVE-2023-49083cryptography vulnerable to NULL-dereference when loading PKCS7 certificates
    >= 3.1, < 41.0.6
  • MEDIUM5.9CVE-2023-49083cryptography vulnerable to NULL-dereference when loading PKCS7 certificates
    from 0, < f09c261ca10a31fe41b1262306db7f8f1da0e48a | >= 3.1, < 41.0.6
  • MEDIUM5.9CVE-2020-25659RSA decryption vulnerable to Bleichenbacher timing vulnerability
    from 0, < 3.2
  • MEDIUM5.9CVE-2020-25659RSA decryption vulnerable to Bleichenbacher timing vulnerability
    from 0, < 3.2.1
  • MEDIUM5.5CVE-2024-0727Null pointer dereference in PKCS12 parsing
    from 0, < 42.0.2
  • MEDIUM5.3CVE-2026-34073cryptography has incomplete DNS name constraint enforcement on peer names
    from 0, < 46.0.6
  • MEDIUM5.3CVE-2026-34073cryptography has incomplete DNS name constraint enforcement on peer names
    from 0, < 46.0.6