pkg:PyPI/cryptography

All known vulnerabilities

• CRITICAL9.8CVE-2026-39892Cryptography vulnerable to buffer overflow if non-contiguous buffers were passed to APIs
  >= 45.0.0, < 46.0.7
• CRITICAL9.8CVE-2026-39892Cryptography vulnerable to buffer overflow if non-contiguous buffers were passed to APIs
  >= 45.0.0, < 46.0.7
• CRITICAL9.1CVE-2020-36242PyCA Cryptography symmetrically encrypting large values can lead to integer overflow
  >= 3.1, < 3.3.2
• CRITICAL9.1PyCA Cryptography symmetrically encrypting large values can lead to integer overflow
  >= 3.1, < 3.3.2
• HIGH7.5cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override
  >= 38.0.0, < 42.0.4
• HIGH7.5cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override
  from 0, < 97d231672763cdb5959a3b191e692a362f1b9e55, < 97d231672763cdb5959a3b191e692a362f1b9e55 | >= 38.0.0, < 42.0.4
• HIGH7.5Python Cryptography package vulnerable to Bleichenbacher timing oracle attack
  from 0, < 42.0.0
• HIGH7.5cryptography mishandles SSH certificates
  >= 40.0.0, < 41.0.2
• HIGH7.5cryptography mishandles SSH certificates
  >= 40.0.0, < 41.0.2
• HIGH7.5Improper input validation in cryptography
  from 0, < b924696b2e8731f39696584d12cceeb3aeb2d874 | from 0, < 1.5.3
• HIGH7.5Improper input validation in cryptography
  from 0, < 1.5.3
• HIGH7.5PyCA Cryptography vulnerable to GCM tag forgery
  >= 1.9, < 2.3
• HIGH7.5PyCA Cryptography vulnerable to GCM tag forgery
  >= 1.9.0, < 2.3
• HIGH7.4X.400 address type confusion in X.509 `GeneralName`
  >= 0.8.1, < 39.0.1
• MEDIUM6.5cryptography Vulnerable to a Subgroup Attack Due to Missing Subgroup Validation for SECT Curves
  from 0, < 46.0.5
• MEDIUM6.5python-cryptography - security update
  from 0, < 94a50a9731f35405f0357fa5f3b177d46a726ab3 | >= 1.8, < 39.0.1
• MEDIUM6.5python-cryptography - security update
  >= 1.8, < 39.0.1
• MEDIUM6.3Vulnerable OpenSSL included in cryptography wheels
  >= 42.0.0, < 44.0.1
• MEDIUM5.9cryptography vulnerable to NULL-dereference when loading PKCS7 certificates
  >= 3.1, < 41.0.6
• MEDIUM5.9cryptography vulnerable to NULL-dereference when loading PKCS7 certificates
  from 0, < f09c261ca10a31fe41b1262306db7f8f1da0e48a | >= 3.1, < 41.0.6
• MEDIUM5.9RSA decryption vulnerable to Bleichenbacher timing vulnerability
  from 0, < 3.2
• MEDIUM5.9RSA decryption vulnerable to Bleichenbacher timing vulnerability
  from 0, < 3.2.1
• MEDIUM5.5Null pointer dereference in PKCS12 parsing
  from 0, < 42.0.2
• MEDIUM5.3cryptography has incomplete DNS name constraint enforcement on peer names
  from 0, < 46.0.6
• MEDIUM5.3cryptography has incomplete DNS name constraint enforcement on peer names
  from 0, < 46.0.6