cryptography — CVE history (PyPI)

cryptography

7 CVEs affect the cryptography PyPI package (highest CVSS 7.5). Latest disclosed: 2026-04-08. Full CVE history sourced from NVD.

Summary

Package
cryptography (PyPI)
Total CVEs
7
Actively exploited (CISA KEV)
0
Highest CVSS
7.5
Latest disclosed
2026-04-08

Recent CVEs (top 7)

CVESeverityCVSSKEVPublishedSummary
CVE-2026-398922026-04-08cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.
CVE-2026-340732026-03-31cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.
CVE-2026-260072026-02-10cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.
CVE-2024-26130High7.52024-02-21cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.
CVE-2023-49083Medium5.92023-11-29cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.
CVE-2023-23931Medium4.82023-02-07cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.
CVE-2016-9243High7.52017-03-27HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.

All-time worst (top 4 by CVSS)

CVESeverityCVSSKEVPublishedSummary
CVE-2024-26130High7.52024-02-21cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.
CVE-2016-9243High7.52017-03-27HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.
CVE-2023-49083Medium5.92023-11-29cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.
CVE-2023-23931Medium4.82023-02-07cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.