Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

pyca — Vulnerabilities & Security Advisories 8

Browse all 8 CVE security advisories affecting pyca. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Pyca develops cryptographic libraries for Python, enabling secure data handling and encryption. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from input validation flaws or insecure deserialization. The project maintains a strong security focus with regular audits and rapid patching cycles. While no major incidents have been widely reported, the 8 CVEs on record highlight potential risks in complex cryptographic implementations. Security researchers note that while the libraries are generally robust, misconfigurations or improper use can introduce vulnerabilities, emphasizing the need for careful implementation and ongoing security awareness.

Top products by pyca: cryptography pyopenssl
CVE IDTitleCVSSSeverityPublished
CVE-2026-39892 cryptography has a buffer overflow if non-contiguous buffers were passed to APIs — cryptographyCWE-119 8.1AIHighAI2026-04-08
CVE-2026-34073 cryptography has incomplete DNS name constraint enforcement on peer names — cryptographyCWE-295 9.1AICriticalAI2026-03-31
CVE-2026-27459 pyOpenSSL DTLS cookie callback buffer overflow — pyopensslCWE-120 9.8 -2026-03-17
CVE-2026-27448 pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback — pyopensslCWE-636 5.3 -2026-03-17
CVE-2026-26007 cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves — cryptographyCWE-345 6.5 -2026-02-10
CVE-2024-26130 cryptography NULL pointer deference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override — cryptographyCWE-476 7.5 High2024-02-21
CVE-2023-49083 cryptography vulnerable to NULL-dereference when loading PKCS7 certificates — cryptographyCWE-476 5.9 Medium2023-11-29
CVE-2023-23931 Cipher.update_into can corrupt memory in pyca cryptography — cryptographyCWE-754 4.8 Medium2023-02-07

This page lists every published CVE security advisory associated with pyca. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.