Cryptography vulnerable to buffer overflow if non-contiguous buffers were passed to APIs
RSS Feed
MODERATE
GHSA-p423-j2cm-9vmq
CVE-2026-39892
Description:
If a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. For example:
h = Hash(SHA256())
b.update(buf[::-1])
would read past the end of the buffer on Python >3.11
Affected Packages
| Ecosystem | Package | Vulnerable Versions | Patched Version |
|---|---|---|---|
| pypi |
cryptography
|
>= 45.0.0, < 46.0.7 |
46.0.7
|
chore(deps-dev): update sqlalchemy-exasol requirement from <3.0,>=2.4.0 to >=2.4.0,<8.0
Open 3 days ago
arsenyspb/superset #133
pip:sqlalchemy-exasol
Bump the uv group across 1 directory with 8 updates
Open 4 days ago
GlacierEQ/graphiti #2
pip:python-multipart
pip:urllib3
+6 more
build(deps): bump the uv group across 2 directories with 17 updates
Closed 4 days ago
open-webui/open-webui #24734
pip:lxml
pip:python-multipart
+12 more
build(deps): bump the uv group across 1 directory with 6 updates
Open 4 days ago
GlacierEQ/langflow #40
pip:cryptography
pip:requests
+4 more
build(deps): bump the pip group across 2 directories with 8 updates
Closed 5 days ago
open-webui/open-webui #24699
pip:python-multipart
pip:cryptography
+6 more
Bump the uv group across 1 directory with 7 updates
Open 5 days ago
GlacierEQ/code-graph-mcp #2
pip:black
pip:python-multipart
+5 more
build(deps): bump the uv group across 1 directory with 10 updates
Open 5 days ago
GlacierEQ/bigcases2 #2
pip:django
pip:urllib3
+8 more
build(deps): bump the pip group across 2 directories with 8 updates
Closed 5 days ago
open-webui/open-webui #24694
pip:python-multipart
pip:cryptography
+6 more
Bump the pip group across 1 directory with 6 updates
Open 5 days ago
MTES-MCT/apilos #2165
pip:setuptools
pip:lxml
+4 more
Chore(deps): Bump the npm-dependencies group across 1 directory with 11 updates
Closed 5 days ago
tarlepp/angular-ngrx-frontend #3821
npm:eslint
npm:typescript
+9 more
chore(deps): bump the uv group across 2 directories with 7 updates
Open 5 days ago
vectorize-io/hindsight #1613
pip:pytest
pip:cryptography
+3 more
Build(deps): bump the uv group across 2 directories with 5 updates
Open 5 days ago
Idun-Group/idun-agent-platform #652
pip:python-multipart
pip:urllib3
+3 more
build(deps): bump the uv group across 1 directory with 9 updates
Open 7 days ago
Anselmoo/spectrafit #2108
pip:lxml
pip:flask
+6 more
chore(deps)(deps): bump the minor-and-patch group across 1 directory with 24 updates
Open 7 days ago
outshift-open/ioc-cfn-mgmt-backend-svc #32
pip:coverage
pip:uvicorn
+21 more
chore(deps): bump the pip group across 2 directories with 7 updates
Closed 7 days ago
pilotwaffle/TORQ-CONSOLE #167
pip:django
pip:jinja2
+5 more
chore(deps)(deps-dev): bump the development-dependencies group with 11 updates
Closed 8 days ago
ashoksainiengineer/ai-pandit-app #27
npm:vitest
npm:@vitest/coverage-v8
+9 more
chore(deps-dev): bump snyk from 1.1304.1 to 1.1304.2
Open 8 days ago
ptarmiganlabs/ctrl-q #677
npm:snyk
chore(deps): bump the security group with 3 updates
Open 8 days ago
qnbs/CannaGuide-2025 #200
npm:@sentry/react
npm:snyk
+1 more
Bump cryptography from 46.0.6 to 46.0.7
Closed 8 days ago
ShAuRyA-Noodle/Sleep-Token #4
pip:cryptography
Chore(deps): Bump the npm-dependencies group across 1 directory with 9 updates
Closed 8 days ago
tarlepp/angular-ngrx-frontend #3815
npm:eslint
npm:typescript
+7 more
chore(deps): bump the pip group across 2 directories with 1 update
Open 9 days ago
TruvetaPublic/OpenLinkToken #331
pip:cryptography
Bump the uv group across 2 directories with 16 updates
Closed 10 days ago
open-webui/open-webui #24478
pip:lxml
pip:python-multipart
+11 more
Bump the pip group across 2 directories with 8 updates
Closed 10 days ago
open-webui/open-webui #24446
pip:python-multipart
pip:cryptography
+6 more
Bump the pip group across 2 directories with 8 updates
Closed 10 days ago
open-webui/open-webui #24442
pip:python-multipart
pip:cryptography
+6 more
Bump the pip group across 4 directories with 7 updates
Closed 11 days ago
XavierMP14/uv #16
pip:uv
pip:cryptography
+5 more
chore(deps): bump cryptography from 46.0.6 to 46.0.7 in /python/agents/software-bug-assistant
Open 11 days ago
jgeofil/adk-samples #27
pip:cryptography
chore(deps): bump the uv group across 3 directories with 8 updates
Closed 11 days ago
AKJUS/semgrep #204
pip:protobuf
pip:python-multipart
+4 more
Bump snyk from 1.1304.1 to 1.1304.2
Open 12 days ago
exploradoresdemadrid/decide #2057
npm:snyk
Bump the uv group across 2 directories with 23 updates
Closed 12 days ago
open-webui/open-webui #24422
pip:werkzeug
pip:lxml
+17 more
Bump the pip group across 3 directories with 9 updates
Closed 12 days ago
nssuwan186-dev/uv #15
pip:setuptools
pip:jinja2
+4 more
Bump cryptography from 45.0.4 to 46.0.7
Closed 14 days ago
Velocidex/pyvelociraptor #38
pip:cryptography
Bump the uv group across 2 directories with 24 updates
Closed 14 days ago
open-webui/open-webui #24366
pip:torch
pip:werkzeug
+18 more
chore(deps): bump the uv group across 1 directory with 4 updates
Closed 15 days ago
Canner/WrenAI #2213
pip:lxml
pip:python-multipart
+2 more
Bump cryptography from 46.0.5 to 46.0.7
Open 15 days ago
TECHKNOWMAD-LABS/pitch-critic #7
pip:cryptography
Bump the uv group across 2 directories with 3 updates
Closed 15 days ago
justinwritescode/polyglottal-yt-dlp #462
pip:pytest
pip:cryptography
+1 more
chore(deps): bump the uv group across 1 directory with 2 updates
Open 16 days ago
SharkPark-App/SharkPark #162
pip:pytest
pip:cryptography
chore(deps): bump cryptography from 46.0.5 to 46.0.7
Closed 16 days ago
rame10566/smartledger #2
pip:cryptography
Bump the uv group across 1 directory with 5 updates
Open 16 days ago
jayvicsanantonio/blender-mcp #2
pip:h11
pip:cryptography
+3 more
Bump cryptography from 44.0.2 to 46.0.7
Closed 17 days ago
hawkli-1994/CF-Ares #16
pip:cryptography
chore(deps): bump the uv group across 4 directories with 10 updates
Open 17 days ago
langwatch/langwatch #3684
pip:tornado
pip:python-multipart
+5 more
chore(deps): bump the uv group across 4 directories with 12 updates
Closed 17 days ago
langwatch/langwatch #3677
pip:tornado
pip:python-multipart
+7 more
chore(deps): bump the uv group across 3 directories with 6 updates
Open 17 days ago
langwatch/langwatch #3676
pip:tornado
pip:cryptography
+4 more
chore(deps): bump the uv group across 4 directories with 13 updates
Open 17 days ago
langwatch/langwatch #3672
pip:tornado
pip:python-multipart
+8 more
build(deps): bump cryptography from 45.0.4 to 46.0.7
Closed 17 days ago
danielsimonjr/Windows-mcp #8
pip:cryptography
Bump the dependencies group across 3 directories with 69 updates
Open 18 days ago
Hari-Sri-T/InvenGraph-AI #17
pip:boto3
pip:django
+64 more
chore(deps): bump cryptography from 46.0.6 to 46.0.7 in /mcp-server
Open 18 days ago
Glad-Labs/poindexter #322
pip:cryptography
chore(deps): bump the uv group across 1 directory with 10 updates
Open 18 days ago
lvndry/clausea #44
pip:litellm
pip:lxml
+6 more
chore(deps): bump the uv group across 1 directory with 3 updates
Closed 18 days ago
langwatch/langwatch #3649
pip:black
pip:cryptography
+1 more
Bump cryptography from 46.0.5 to 46.0.7
Open 18 days ago
introspection-org/introspection-python-sdk #7
pip:cryptography
Bump the pip group across 1 directory with 3 updates
Open 19 days ago
joseguzman1337/MITMf #6
pip:lxml
pip:cryptography
+1 more
Actions
Advisory Details
| Published: | April 08, 2026 about 1 month ago |
| Updated: | May 11, 2026 8 days ago |
| CVSS Score: | 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
| EPSS: | 0.02% 7th percentile |
| Source: | Github |
| Classification: | GENERAL |
| UUID: | GSA_kwCzR0hTQS1wNDIzLWoyY20tOXZtcc4ABU9H |
PR Statistics
PR Status
Open
302 (54.4%)
Merged
0 (0.0%)
Closed
253 (45.6%)
Update Types
Major
207 (12.2%)
Minor
533 (31.5%)
Patch
901 (53.3%)