Browse all 8 CVE security advisories affecting pyca. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Pyca develops cryptographic libraries for Python, enabling secure data handling and encryption. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from input validation flaws or insecure deserialization. The project maintains a strong security focus with regular audits and rapid patching cycles. While no major incidents have been widely reported, the 8 CVEs on record highlight potential risks in complex cryptographic implementations. Security researchers note that while the libraries are generally robust, misconfigurations or improper use can introduce vulnerabilities, emphasizing the need for careful implementation and ongoing security awareness.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-39892 | cryptography has a buffer overflow if non-contiguous buffers were passed to APIs — cryptographyCWE-119 | 8.1AI | HighAI | 2026-04-08 |
| CVE-2026-34073 | cryptography has incomplete DNS name constraint enforcement on peer names — cryptographyCWE-295 | 9.1AI | CriticalAI | 2026-03-31 |
| CVE-2026-26007 | cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves — cryptographyCWE-345 | 6.5 | - | 2026-02-10 |
| CVE-2024-26130 | cryptography NULL pointer deference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override — cryptographyCWE-476 | 7.5 | High | 2024-02-21 |
| CVE-2023-49083 | cryptography vulnerable to NULL-dereference when loading PKCS7 certificates — cryptographyCWE-476 | 5.9 | Medium | 2023-11-29 |
| CVE-2023-23931 | Cipher.update_into can corrupt memory in pyca cryptography — cryptographyCWE-754 | 4.8 | Medium | 2023-02-07 |
This page lists every published CVE security advisory associated with pyca. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.