pyup-update-cryptography-43.0.3-to-46.0.6
3 weeks ago
Update cryptography from 43.0.3 to 46.0.6
cbor2 5.8.0 and pyOpenSSL 24.2.1 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| cbor2 | 5.8.0 | <5.9.0 |
show Affected versions of the cbor2 package are vulnerable to Denial of Service (DoS) due to uncontrolled recursion when decoding deeply nested CBOR data. The cbor2.loads() function creates a CBORDecoder and calls decode(), which dispatches nested Array and Map values to recursive handlers such as decode_array and decode_map without an independent depth-tracking limit in cbor2/decoder.py and source/decoder.c. |
| pyOpenSSL | 24.2.1 | >=0.14.0,<26.0.0 |
show Affected versions of the pyOpenSSL package are vulnerable to Improper Input Validation due to a failure to securely handle exceptions in a user-supplied callback. The set_tlsext_servername_callback API accepts a callback that, in affected versions, allows an unhandled exception to cause the TLS connection to be accepted instead of rejected, creating a fail-open condition in any security-sensitive logic implemented in that callback. |
| pyOpenSSL | 24.2.1 | >=22.0.0,<26.0.0 |
show Affected versions of the pyOpenSSL package are vulnerable to Classic Buffer Overflow due to missing length validation on DTLS cookie values returned by a user-provided callback. The vulnerability is in the DTLS cookie generation path that uses set_cookie_generate_callback, where pyOpenSSL passes the callback’s return value into an OpenSSL-provided buffer without rejecting values longer than 256 bytes. |
master
3 weeks ago
Update regex from 2026.2.19 to 2026.2.28 (#1133)
Co-authored-by: vEpiphyte <epiphyte@vertex.link>
cbor2 5.8.0, pyOpenSSL 24.2.1 and cryptography 43.0.3 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| cbor2 | 5.8.0 | <5.9.0 |
show Affected versions of the cbor2 package are vulnerable to Denial of Service (DoS) due to uncontrolled recursion when decoding deeply nested CBOR data. The cbor2.loads() function creates a CBORDecoder and calls decode(), which dispatches nested Array and Map values to recursive handlers such as decode_array and decode_map without an independent depth-tracking limit in cbor2/decoder.py and source/decoder.c. |
| pyOpenSSL | 24.2.1 | >=0.14.0,<26.0.0 |
show Affected versions of the pyOpenSSL package are vulnerable to Improper Input Validation due to a failure to securely handle exceptions in a user-supplied callback. The set_tlsext_servername_callback API accepts a callback that, in affected versions, allows an unhandled exception to cause the TLS connection to be accepted instead of rejected, creating a fail-open condition in any security-sensitive logic implemented in that callback. |
| pyOpenSSL | 24.2.1 | >=22.0.0,<26.0.0 |
show Affected versions of the pyOpenSSL package are vulnerable to Classic Buffer Overflow due to missing length validation on DTLS cookie values returned by a user-provided callback. The vulnerability is in the DTLS cookie generation path that uses set_cookie_generate_callback, where pyOpenSSL passes the callback’s return value into an OpenSSL-provided buffer without rejecting values longer than 256 bytes. |
| cryptography | 43.0.3 | <46.0.5 |
show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid. |
| cryptography | 43.0.3 | <46.0.6 |
show Affected versions of the cryptography package are vulnerable to Improper Certificate Validation due to incomplete enforcement of DNS name constraints on peer names. The certificate validation logic applied DNS name constraints only to Subject Alternative Name (SAN) entries in child certificates, but did not apply the same checks to the peer name presented during validation, which allowed a mismatch between wildcard certificate matching and excluded subtree constraints. |
| cryptography | 43.0.3 | >=42.0.0,<44.0.1 |
show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. |
pyup-update-requests-2.32.5-to-2.33.0
3 weeks ago
Update requests from 2.32.5 to 2.33.0
cbor2 5.8.0, pyOpenSSL 24.2.1 and cryptography 43.0.3 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| cbor2 | 5.8.0 | <5.9.0 |
show Affected versions of the cbor2 package are vulnerable to Denial of Service (DoS) due to uncontrolled recursion when decoding deeply nested CBOR data. The cbor2.loads() function creates a CBORDecoder and calls decode(), which dispatches nested Array and Map values to recursive handlers such as decode_array and decode_map without an independent depth-tracking limit in cbor2/decoder.py and source/decoder.c. |
| pyOpenSSL | 24.2.1 | >=0.14.0,<26.0.0 |
show Affected versions of the pyOpenSSL package are vulnerable to Improper Input Validation due to a failure to securely handle exceptions in a user-supplied callback. The set_tlsext_servername_callback API accepts a callback that, in affected versions, allows an unhandled exception to cause the TLS connection to be accepted instead of rejected, creating a fail-open condition in any security-sensitive logic implemented in that callback. |
| pyOpenSSL | 24.2.1 | >=22.0.0,<26.0.0 |
show Affected versions of the pyOpenSSL package are vulnerable to Classic Buffer Overflow due to missing length validation on DTLS cookie values returned by a user-provided callback. The vulnerability is in the DTLS cookie generation path that uses set_cookie_generate_callback, where pyOpenSSL passes the callback’s return value into an OpenSSL-provided buffer without rejecting values longer than 256 bytes. |
| cryptography | 43.0.3 | <46.0.5 |
show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid. |
| cryptography | 43.0.3 | <46.0.6 |
show Affected versions of the cryptography package are vulnerable to Improper Certificate Validation due to incomplete enforcement of DNS name constraints on peer names. The certificate validation logic applied DNS name constraints only to Subject Alternative Name (SAN) entries in child certificates, but did not apply the same checks to the peer name presented during validation, which allowed a mismatch between wildcard certificate matching and excluded subtree constraints. |
| cryptography | 43.0.3 | >=42.0.0,<44.0.1 |
show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. |
pyup-update-regex-2026.2.19-to-2026.2.28
3 weeks ago
Merge branch 'master' into pyup-update-regex-2026.2.19-to-2026.2.28
cbor2 5.8.0, pyOpenSSL 24.2.1 and cryptography 43.0.3 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| cbor2 | 5.8.0 | <5.9.0 |
show Affected versions of the cbor2 package are vulnerable to Denial of Service (DoS) due to uncontrolled recursion when decoding deeply nested CBOR data. The cbor2.loads() function creates a CBORDecoder and calls decode(), which dispatches nested Array and Map values to recursive handlers such as decode_array and decode_map without an independent depth-tracking limit in cbor2/decoder.py and source/decoder.c. |
| pyOpenSSL | 24.2.1 | >=0.14.0,<26.0.0 |
show Affected versions of the pyOpenSSL package are vulnerable to Improper Input Validation due to a failure to securely handle exceptions in a user-supplied callback. The set_tlsext_servername_callback API accepts a callback that, in affected versions, allows an unhandled exception to cause the TLS connection to be accepted instead of rejected, creating a fail-open condition in any security-sensitive logic implemented in that callback. |
| pyOpenSSL | 24.2.1 | >=22.0.0,<26.0.0 |
show Affected versions of the pyOpenSSL package are vulnerable to Classic Buffer Overflow due to missing length validation on DTLS cookie values returned by a user-provided callback. The vulnerability is in the DTLS cookie generation path that uses set_cookie_generate_callback, where pyOpenSSL passes the callback’s return value into an OpenSSL-provided buffer without rejecting values longer than 256 bytes. |
| cryptography | 43.0.3 | <46.0.5 |
show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid. |
| cryptography | 43.0.3 | <46.0.6 |
show Affected versions of the cryptography package are vulnerable to Improper Certificate Validation due to incomplete enforcement of DNS name constraints on peer names. The certificate validation logic applied DNS name constraints only to Subject Alternative Name (SAN) entries in child certificates, but did not apply the same checks to the peer name presented during validation, which allowed a mismatch between wildcard certificate matching and excluded subtree constraints. |
| cryptography | 43.0.3 | >=42.0.0,<44.0.1 |
show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. |
pyup-update-jsonpointer-3.0.0-to-3.1.1
3 weeks, 2 days ago
Update jsonpointer from 3.0.0 to 3.1.1
pyOpenSSL 24.2.1 and cryptography 43.0.3 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| pyOpenSSL | 24.2.1 | >=0.14.0,<26.0.0 |
show Affected versions of the pyOpenSSL package are vulnerable to Improper Input Validation due to a failure to securely handle exceptions in a user-supplied callback. The set_tlsext_servername_callback API accepts a callback that, in affected versions, allows an unhandled exception to cause the TLS connection to be accepted instead of rejected, creating a fail-open condition in any security-sensitive logic implemented in that callback. |
| pyOpenSSL | 24.2.1 | >=22.0.0,<26.0.0 |
show Affected versions of the pyOpenSSL package are vulnerable to Classic Buffer Overflow due to missing length validation on DTLS cookie values returned by a user-provided callback. The vulnerability is in the DTLS cookie generation path that uses set_cookie_generate_callback, where pyOpenSSL passes the callback’s return value into an OpenSSL-provided buffer without rejecting values longer than 256 bytes. |
| cryptography | 43.0.3 | <46.0.5 |
show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid. |
| cryptography | 43.0.3 | <46.0.6 |
show Affected versions of the cryptography package are vulnerable to Improper Certificate Validation due to incomplete enforcement of DNS name constraints on peer names. The certificate validation logic applied DNS name constraints only to Subject Alternative Name (SAN) entries in child certificates, but did not apply the same checks to the peer name presented during validation, which allowed a mismatch between wildcard certificate matching and excluded subtree constraints. |
| cryptography | 43.0.3 | >=42.0.0,<44.0.1 |
show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. |
pyup-update-types-python-dateutil-2.9.0.20250822-to-2.9.0.20260323
3 weeks, 3 days ago
Update types-python-dateutil from 2.9.0.20250822 to 2.9.0.20260323
pyOpenSSL 24.2.1 and cryptography 43.0.3 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| pyOpenSSL | 24.2.1 | >=0.14.0,<26.0.0 |
show Affected versions of the pyOpenSSL package are vulnerable to Improper Input Validation due to a failure to securely handle exceptions in a user-supplied callback. The set_tlsext_servername_callback API accepts a callback that, in affected versions, allows an unhandled exception to cause the TLS connection to be accepted instead of rejected, creating a fail-open condition in any security-sensitive logic implemented in that callback. |
| pyOpenSSL | 24.2.1 | >=22.0.0,<26.0.0 |
show Affected versions of the pyOpenSSL package are vulnerable to Classic Buffer Overflow due to missing length validation on DTLS cookie values returned by a user-provided callback. The vulnerability is in the DTLS cookie generation path that uses set_cookie_generate_callback, where pyOpenSSL passes the callback’s return value into an OpenSSL-provided buffer without rejecting values longer than 256 bytes. |
| cryptography | 43.0.3 | <46.0.5 |
show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid. |
| cryptography | 43.0.3 | <46.0.6 |
show Affected versions of the cryptography package are vulnerable to Improper Certificate Validation due to incomplete enforcement of DNS name constraints on peer names. The certificate validation logic applied DNS name constraints only to Subject Alternative Name (SAN) entries in child certificates, but did not apply the same checks to the peer name presented during validation, which allowed a mismatch between wildcard certificate matching and excluded subtree constraints. |
| cryptography | 43.0.3 | >=42.0.0,<44.0.1 |
show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. |
pyup-update-cbor2-5.8.0-to-5.9.0
3 weeks, 3 days ago
Update cbor2 from 5.8.0 to 5.9.0
pyOpenSSL 24.2.1 and cryptography 43.0.3 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| pyOpenSSL | 24.2.1 | >=0.14.0,<26.0.0 |
show Affected versions of the pyOpenSSL package are vulnerable to Improper Input Validation due to a failure to securely handle exceptions in a user-supplied callback. The set_tlsext_servername_callback API accepts a callback that, in affected versions, allows an unhandled exception to cause the TLS connection to be accepted instead of rejected, creating a fail-open condition in any security-sensitive logic implemented in that callback. |
| pyOpenSSL | 24.2.1 | >=22.0.0,<26.0.0 |
show Affected versions of the pyOpenSSL package are vulnerable to Classic Buffer Overflow due to missing length validation on DTLS cookie values returned by a user-provided callback. The vulnerability is in the DTLS cookie generation path that uses set_cookie_generate_callback, where pyOpenSSL passes the callback’s return value into an OpenSSL-provided buffer without rejecting values longer than 256 bytes. |
| cryptography | 43.0.3 | <46.0.5 |
show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid. |
| cryptography | 43.0.3 | <46.0.6 |
show Affected versions of the cryptography package are vulnerable to Improper Certificate Validation due to incomplete enforcement of DNS name constraints on peer names. The certificate validation logic applied DNS name constraints only to Subject Alternative Name (SAN) entries in child certificates, but did not apply the same checks to the peer name presented during validation, which allowed a mismatch between wildcard certificate matching and excluded subtree constraints. |
| cryptography | 43.0.3 | >=42.0.0,<44.0.1 |
show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. |
pyup-update-jsonpointer-3.0.0-to-3.1.0
3 weeks, 5 days ago
Update jsonpointer from 3.0.0 to 3.1.0
pyOpenSSL 24.2.1 and cryptography 43.0.3 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| pyOpenSSL | 24.2.1 | >=0.14.0,<26.0.0 |
show Affected versions of the pyOpenSSL package are vulnerable to Improper Input Validation due to a failure to securely handle exceptions in a user-supplied callback. The set_tlsext_servername_callback API accepts a callback that, in affected versions, allows an unhandled exception to cause the TLS connection to be accepted instead of rejected, creating a fail-open condition in any security-sensitive logic implemented in that callback. |
| pyOpenSSL | 24.2.1 | >=22.0.0,<26.0.0 |
show Affected versions of the pyOpenSSL package are vulnerable to Classic Buffer Overflow due to missing length validation on DTLS cookie values returned by a user-provided callback. The vulnerability is in the DTLS cookie generation path that uses set_cookie_generate_callback, where pyOpenSSL passes the callback’s return value into an OpenSSL-provided buffer without rejecting values longer than 256 bytes. |
| cryptography | 43.0.3 | <46.0.5 |
show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid. |
| cryptography | 43.0.3 | <46.0.6 |
show Affected versions of the cryptography package are vulnerable to Improper Certificate Validation due to incomplete enforcement of DNS name constraints on peer names. The certificate validation logic applied DNS name constraints only to Subject Alternative Name (SAN) entries in child certificates, but did not apply the same checks to the peer name presented during validation, which allowed a mismatch between wildcard certificate matching and excluded subtree constraints. |
| cryptography | 43.0.3 | >=42.0.0,<44.0.1 |
show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. |
pyup-update-attrs-23.1.0-to-26.1.0
3 weeks, 6 days ago
Update attrs from 23.1.0 to 26.1.0
pyOpenSSL 24.2.1 and cryptography 43.0.3 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| pyOpenSSL | 24.2.1 | >=0.14.0,<26.0.0 |
show Affected versions of the pyOpenSSL package are vulnerable to Improper Input Validation due to a failure to securely handle exceptions in a user-supplied callback. The set_tlsext_servername_callback API accepts a callback that, in affected versions, allows an unhandled exception to cause the TLS connection to be accepted instead of rejected, creating a fail-open condition in any security-sensitive logic implemented in that callback. |
| pyOpenSSL | 24.2.1 | >=22.0.0,<26.0.0 |
show Affected versions of the pyOpenSSL package are vulnerable to Classic Buffer Overflow due to missing length validation on DTLS cookie values returned by a user-provided callback. The vulnerability is in the DTLS cookie generation path that uses set_cookie_generate_callback, where pyOpenSSL passes the callback’s return value into an OpenSSL-provided buffer without rejecting values longer than 256 bytes. |
| cryptography | 43.0.3 | <46.0.5 |
show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid. |
| cryptography | 43.0.3 | <46.0.6 |
show Affected versions of the cryptography package are vulnerable to Improper Certificate Validation due to incomplete enforcement of DNS name constraints on peer names. The certificate validation logic applied DNS name constraints only to Subject Alternative Name (SAN) entries in child certificates, but did not apply the same checks to the peer name presented during validation, which allowed a mismatch between wildcard certificate matching and excluded subtree constraints. |
| cryptography | 43.0.3 | >=42.0.0,<44.0.1 |
show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. |
pyup-update-lmdb-1.7.3-to-2.1.1
3 weeks, 6 days ago
Update lmdb from 1.7.3 to 2.1.1
pyOpenSSL 24.2.1 and cryptography 43.0.3 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| pyOpenSSL | 24.2.1 | >=0.14.0,<26.0.0 |
show Affected versions of the pyOpenSSL package are vulnerable to Improper Input Validation due to a failure to securely handle exceptions in a user-supplied callback. The set_tlsext_servername_callback API accepts a callback that, in affected versions, allows an unhandled exception to cause the TLS connection to be accepted instead of rejected, creating a fail-open condition in any security-sensitive logic implemented in that callback. |
| pyOpenSSL | 24.2.1 | >=22.0.0,<26.0.0 |
show Affected versions of the pyOpenSSL package are vulnerable to Classic Buffer Overflow due to missing length validation on DTLS cookie values returned by a user-provided callback. The vulnerability is in the DTLS cookie generation path that uses set_cookie_generate_callback, where pyOpenSSL passes the callback’s return value into an OpenSSL-provided buffer without rejecting values longer than 256 bytes. |
| cryptography | 43.0.3 | <46.0.5 |
show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid. |
| cryptography | 43.0.3 | <46.0.6 |
show Affected versions of the cryptography package are vulnerable to Improper Certificate Validation due to incomplete enforcement of DNS name constraints on peer names. The certificate validation logic applied DNS name constraints only to Subject Alternative Name (SAN) entries in child certificates, but did not apply the same checks to the peer name presented during validation, which allowed a mismatch between wildcard certificate matching and excluded subtree constraints. |
| cryptography | 43.0.3 | >=42.0.0,<44.0.1 |
show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. |
pyup-update-lmdb-1.7.3-to-2.1.0
4 weeks ago
Update lmdb from 1.7.3 to 2.1.0
pyOpenSSL 24.2.1 and cryptography 43.0.3 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| pyOpenSSL | 24.2.1 | >=0.14.0,<26.0.0 |
show Affected versions of the pyOpenSSL package are vulnerable to Improper Input Validation due to a failure to securely handle exceptions in a user-supplied callback. The set_tlsext_servername_callback API accepts a callback that, in affected versions, allows an unhandled exception to cause the TLS connection to be accepted instead of rejected, creating a fail-open condition in any security-sensitive logic implemented in that callback. |
| pyOpenSSL | 24.2.1 | >=22.0.0,<26.0.0 |
show Affected versions of the pyOpenSSL package are vulnerable to Classic Buffer Overflow due to missing length validation on DTLS cookie values returned by a user-provided callback. The vulnerability is in the DTLS cookie generation path that uses set_cookie_generate_callback, where pyOpenSSL passes the callback’s return value into an OpenSSL-provided buffer without rejecting values longer than 256 bytes. |
| cryptography | 43.0.3 | <46.0.5 |
show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid. |
| cryptography | 43.0.3 | <46.0.6 |
show Affected versions of the cryptography package are vulnerable to Improper Certificate Validation due to incomplete enforcement of DNS name constraints on peer names. The certificate validation logic applied DNS name constraints only to Subject Alternative Name (SAN) entries in child certificates, but did not apply the same checks to the peer name presented during validation, which allowed a mismatch between wildcard certificate matching and excluded subtree constraints. |
| cryptography | 43.0.3 | >=42.0.0,<44.0.1 |
show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. |
pyup-update-lmdb-1.7.3-to-2.0.0
4 weeks, 1 day ago
Update lmdb from 1.7.3 to 2.0.0
pyOpenSSL 24.2.1 and cryptography 43.0.3 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| pyOpenSSL | 24.2.1 | >=0.14.0,<26.0.0 |
show Affected versions of the pyOpenSSL package are vulnerable to Improper Input Validation due to a failure to securely handle exceptions in a user-supplied callback. The set_tlsext_servername_callback API accepts a callback that, in affected versions, allows an unhandled exception to cause the TLS connection to be accepted instead of rejected, creating a fail-open condition in any security-sensitive logic implemented in that callback. |
| pyOpenSSL | 24.2.1 | >=22.0.0,<26.0.0 |
show Affected versions of the pyOpenSSL package are vulnerable to Classic Buffer Overflow due to missing length validation on DTLS cookie values returned by a user-provided callback. The vulnerability is in the DTLS cookie generation path that uses set_cookie_generate_callback, where pyOpenSSL passes the callback’s return value into an OpenSSL-provided buffer without rejecting values longer than 256 bytes. |
| cryptography | 43.0.3 | <46.0.5 |
show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid. |
| cryptography | 43.0.3 | <46.0.6 |
show Affected versions of the cryptography package are vulnerable to Improper Certificate Validation due to incomplete enforcement of DNS name constraints on peer names. The certificate validation logic applied DNS name constraints only to Subject Alternative Name (SAN) entries in child certificates, but did not apply the same checks to the peer name presented during validation, which allowed a mismatch between wildcard certificate matching and excluded subtree constraints. |
| cryptography | 43.0.3 | >=42.0.0,<44.0.1 |
show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. |
pyup-update-charset-normalizer-3.4.3-to-3.4.6
1 month ago
Update charset-normalizer from 3.4.3 to 3.4.6
cryptography 43.0.3 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| cryptography | 43.0.3 | <46.0.5 |
show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid. |
| cryptography | 43.0.3 | <46.0.6 |
show Affected versions of the cryptography package are vulnerable to Improper Certificate Validation due to incomplete enforcement of DNS name constraints on peer names. The certificate validation logic applied DNS name constraints only to Subject Alternative Name (SAN) entries in child certificates, but did not apply the same checks to the peer name presented during validation, which allowed a mismatch between wildcard certificate matching and excluded subtree constraints. |
| cryptography | 43.0.3 | >=42.0.0,<44.0.1 |
show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. |
pyup-update-pyopenssl-24.2.1-to-26.0.0
1 month ago
Update pyopenssl from 24.2.1 to 26.0.0
cryptography 43.0.3 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| cryptography | 43.0.3 | <46.0.5 |
show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid. |
| cryptography | 43.0.3 | <46.0.6 |
show Affected versions of the cryptography package are vulnerable to Improper Certificate Validation due to incomplete enforcement of DNS name constraints on peer names. The certificate validation logic applied DNS name constraints only to Subject Alternative Name (SAN) entries in child certificates, but did not apply the same checks to the peer name presented during validation, which allowed a mismatch between wildcard certificate matching and excluded subtree constraints. |
| cryptography | 43.0.3 | >=42.0.0,<44.0.1 |
show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. |
pyup-update-lmdb-1.7.3-to-1.8.1
1 month ago
Update lmdb from 1.7.3 to 1.8.1
cryptography 43.0.3 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| cryptography | 43.0.3 | <46.0.5 |
show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid. |
| cryptography | 43.0.3 | <46.0.6 |
show Affected versions of the cryptography package are vulnerable to Improper Certificate Validation due to incomplete enforcement of DNS name constraints on peer names. The certificate validation logic applied DNS name constraints only to Subject Alternative Name (SAN) entries in child certificates, but did not apply the same checks to the peer name presented during validation, which allowed a mismatch between wildcard certificate matching and excluded subtree constraints. |
| cryptography | 43.0.3 | >=42.0.0,<44.0.1 |
show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. |
Python 3 badge
URL
https://pyup.io/repos/github/vertexproject/vtx-base-image/python-3-shield.svg
Markdown
[](https://pyup.io/repos/github/vertexproject/vtx-base-image/)
Restructured Text
.. image:: https://pyup.io/repos/github/vertexproject/vtx-base-image/python-3-shield.svg
:target: https://pyup.io/repos/github/vertexproject/vtx-base-image/
:alt: Python 3
HTML
<a href="https://pyup.io/repos/github/vertexproject/vtx-base-image/"><img src="https://pyup.io/repos/github/vertexproject/vtx-base-image/shield.svg" alt="Python 3" /></a>
Textile
!https://pyup.io/repos/github/vertexproject/vtx-base-image/python-3-shield.svg(Python 3)!:https://pyup.io/repos/github/vertexproject/vtx-base-image/
RDoc
{<img src="https://pyup.io/repos/github/vertexproject/vtx-base-image/python-3-shield.svg" alt="Python 3" />}[https://pyup.io/repos/github/vertexproject/vtx-base-image/]
pyup.io badge
URL
https://pyup.io/repos/github/vertexproject/vtx-base-image/shield.svg
Markdown
[](https://pyup.io/repos/github/vertexproject/vtx-base-image/)
Restructured Text
.. image:: https://pyup.io/repos/github/vertexproject/vtx-base-image/shield.svg
:target: https://pyup.io/repos/github/vertexproject/vtx-base-image/
:alt: Updates
HTML
<a href="https://pyup.io/repos/github/vertexproject/vtx-base-image/"><img src="https://pyup.io/repos/github/vertexproject/vtx-base-image/shield.svg" alt="Updates" /></a>
Textile
!https://pyup.io/repos/github/vertexproject/vtx-base-image/shield.svg(Updates)!:https://pyup.io/repos/github/vertexproject/vtx-base-image/
RDoc
{<img src="https://pyup.io/repos/github/vertexproject/vtx-base-image/shield.svg" alt="Updates" />}[https://pyup.io/repos/github/vertexproject/vtx-base-image/]