{"ecosystem":"pypi","package":"keyring","version":null,"bugs":[{"id":798,"ecosystem":"pypi","package_name":"keyring","affected_version":null,"fixed_version":"0.10","bug_id":"osv:GHSA-p86x-652p-6385","title":"Incorrect Default Permissions in keyring","description":"Python keyring lib before 0.10 created keyring files with world-readable permissions.","severity":"high","status":"fixed","source":"osv","source_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5577","labels":["CVE-2012-5577","PYSEC-2019-181"],"created_at":"2026-04-19T04:31:51.701677+00:00","updated_at":"2026-04-19T04:31:51.701677+00:00"},{"id":797,"ecosystem":"pypi","package_name":"keyring","affected_version":null,"fixed_version":"0.9.2","bug_id":"osv:GHSA-p3h7-3c45-qj4v","title":"Python Keyring does not securely initialize encryption cipher","description":"Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for `CryptedFileKeyring` files, which makes it easier for local users to obtain passwords via a brute-force attack.","severity":"high","status":"fixed","source":"osv","source_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4571","labels":["CVE-2012-4571","PYSEC-2012-8"],"created_at":"2026-04-19T04:31:51.701110+00:00","updated_at":"2026-04-19T04:31:51.701110+00:00"},{"id":796,"ecosystem":"pypi","package_name":"keyring","affected_version":null,"fixed_version":"0.10","bug_id":"osv:GHSA-8867-vpm3-g98g","title":"Incorrect Default Permissions in keyring","description":"Python keyring has insecure permissions on new databases, allowing world-readable files to be created.","severity":"high","status":"fixed","source":"osv","source_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5578","labels":["CVE-2012-5578","PYSEC-2019-182"],"created_at":"2026-04-19T04:31:51.700207+00:00","updated_at":"2026-04-19T04:31:51.700207+00:00"},{"id":801,"ecosystem":"pypi","package_name":"keyring","affected_version":null,"fixed_version":"0.10.1","bug_id":"osv:PYSEC-2019-182","title":"PYSEC-2019-182: advisory","description":"Python keyring has insecure permissions on new databases allowing world-readable files to be created","severity":"medium","status":"fixed","source":"osv","source_url":"https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1031465","labels":["CVE-2012-5578","GHSA-8867-vpm3-g98g"],"created_at":"2026-04-19T04:31:51.703130+00:00","updated_at":"2026-04-19T04:31:51.703130+00:00"},{"id":800,"ecosystem":"pypi","package_name":"keyring","affected_version":null,"fixed_version":"0.10","bug_id":"osv:PYSEC-2019-181","title":"PYSEC-2019-181: advisory","description":"Python keyring lib before 0.10 created keyring files with world-readable permissions.","severity":"medium","status":"fixed","source":"osv","source_url":"https://security-tracker.debian.org/tracker/CVE-2012-5577","labels":["CVE-2012-5577","GHSA-p86x-652p-6385"],"created_at":"2026-04-19T04:31:51.702671+00:00","updated_at":"2026-04-19T04:31:51.702671+00:00"},{"id":799,"ecosystem":"pypi","package_name":"keyring","affected_version":null,"fixed_version":"0.9.2","bug_id":"osv:PYSEC-2012-8","title":"PYSEC-2012-8: advisory","description":"Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack.","severity":"medium","status":"fixed","source":"osv","source_url":"https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1004845","labels":["CVE-2012-4571","GHSA-p3h7-3c45-qj4v"],"created_at":"2026-04-19T04:31:51.702199+00:00","updated_at":"2026-04-19T04:31:51.702199+00:00"}],"total":6,"_cache":"miss"}