Skip to main content

Cryptography

7 CVEs product

Monthly

CVE-2026-26007 PyPI HIGH PATCH This Week

Private-key information disclosure in the pyca/cryptography Python package (versions <= 46.0.4) arises because public-key loading and construction routines skip prime-order subgroup validation for SECT binary elliptic curves, letting an attacker submit a small-order point that leaks bits of a victim's private key during ECDH or enables signature forgery in ECDSA. Per the CVSS vector exploitation is unauthenticated and network-reachable (PR:N/AV:N) but high-complexity (AC:H), and only the rarely used SECT/binary curves are affected. There is no public exploit identified at time of analysis, EPSS risk is negligible (0.01%), and a fix is available in 46.0.5.

Python Cryptography Information Disclosure
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2024-26130 PyPI HIGH PATCH This Week

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Python Denial Of Service Cryptography
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-50782 PyPI HIGH PATCH This Week

A flaw was found in the python-cryptography package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Python Ansible Automation Platform Enterprise Linux Update Infrastructure +2
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-49083 PyPI HIGH POC PATCH This Week

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Python Null Pointer Dereference Cryptography
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-38325 PyPI HIGH POC PATCH This Week

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Cryptography
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-23931 PyPI MEDIUM POC PATCH This Month

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Cryptography
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2016-9243 PyPI HIGH PATCH This Week

HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Cryptography Fedora Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Private-key information disclosure in the pyca/cryptography Python package (versions <= 46.0.4) arises because public-key loading and construction routines skip prime-order subgroup validation for SECT binary elliptic curves, letting an attacker submit a small-order point that leaks bits of a victim's private key during ECDH or enables signature forgery in ECDSA. Per the CVSS vector exploitation is unauthenticated and network-reachable (PR:N/AV:N) but high-complexity (AC:H), and only the rarely used SECT/binary curves are affected. There is no public exploit identified at time of analysis, EPSS risk is negligible (0.01%), and a fix is available in 46.0.5.

Python Cryptography Information Disclosure
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH PATCH This Week

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Python Denial Of Service +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A flaw was found in the python-cryptography package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Python Ansible Automation Platform +4
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Python Null Pointer Dereference +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Cryptography
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Cryptography
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Cryptography Fedora +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy