Vulnerabilities > Cryptography IO
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-05 | CVE-2023-50782 | Information Exposure Through Discrepancy vulnerability in multiple products A flaw was found in the python-cryptography package. | 7.5 |
| 2023-11-29 | CVE-2023-49083 | Unspecified vulnerability in Cryptography.Io Cryptography cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. | 7.5 |
| 2023-07-14 | CVE-2023-38325 | Improper Certificate Validation vulnerability in Cryptography.Io Cryptography The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options. | 7.5 |
| 2023-02-07 | CVE-2023-23931 | Unspecified vulnerability in Cryptography.Io Cryptography cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. | 6.5 |
| 2021-02-07 | CVE-2020-36242 | Integer Overflow or Wraparound vulnerability in multiple products In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class. | 9.1 |
| 2021-01-11 | CVE-2020-25659 | python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext. | 5.9 |
| 2017-03-27 | CVE-2016-9243 | HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size. | 7.5 |