Browse all 3 CVE security advisories affecting certifi. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Certifi provides certificate lifecycle management solutions for organizations. Historically, the product has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and access control flaws. These issues have allowed attackers to execute arbitrary code, manipulate sessions, or gain elevated privileges within the system. While no major public security incidents have been widely reported, the three documented CVEs highlight consistent patterns of security weaknesses in web management interfaces and authentication mechanisms. The product's core functionality involves automating certificate issuance and renewal, making secure implementation critical for preventing potential service disruptions or unauthorized access to sensitive cryptographic materials.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-39689 | Certifi removes GLOBALTRUST root certificate — python-certifiCWE-345 | 7.5 | High | 2024-07-05 |
| CVE-2023-37920 | Certifi's removal of e-Tugra root certificate — python-certifiCWE-345 | 7.5 | High | 2023-07-25 |
| CVE-2022-23491 | Removal of TrustCor root certificate — python-certifiCWE-345 | 6.8 | Medium | 2022-12-07 |
This page lists every published CVE security advisory associated with certifi. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.