{"ecosystem":"pypi","package":"rsa","version":null,"bugs":[{"id":716,"ecosystem":"pypi","package_name":"rsa","affected_version":"2.1","fixed_version":"4.7","bug_id":"osv:GHSA-xrx6-fmxq-rjj2","title":"Timing attacks in python-rsa","description":"It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA","severity":"high","status":"fixed","source":"osv","source_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25658","labels":["CVE-2020-25658","PYSEC-2020-100"],"created_at":"2026-04-19T04:31:44.094442+00:00","updated_at":"2026-04-19T04:31:44.094442+00:00"},{"id":714,"ecosystem":"pypi","package_name":"rsa","affected_version":null,"fixed_version":"4.1","bug_id":"osv:GHSA-537h-rv9q-vvph","title":"Python-RSA decryption of ciphertext leads to DoS","description":"Python-RSA before 4.1 ignores leading '\\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).","severity":"high","status":"fixed","source":"osv","source_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13757","labels":["CVE-2020-13757","PYSEC-2020-99"],"created_at":"2026-04-19T04:31:44.092906+00:00","updated_at":"2026-04-19T04:31:44.092906+00:00"},{"id":719,"ecosystem":"pypi","package_name":"rsa","affected_version":null,"fixed_version":"4.1","bug_id":"osv:PYSEC-2020-99","title":"PYSEC-2020-99: advisory","description":"Python-RSA before 4.1 ignores leading '\\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).","severity":"medium","status":"fixed","source":"osv","source_url":"https://github.com/sybrenstuvel/python-rsa/issues/146","labels":["CVE-2020-13757","GHSA-537h-rv9q-vvph"],"created_at":"2026-04-19T04:31:44.096268+00:00","updated_at":"2026-04-19T04:31:44.096268+00:00"},{"id":718,"ecosystem":"pypi","package_name":"rsa","affected_version":"2.1","fixed_version":"4.7","bug_id":"osv:PYSEC-2020-100","title":"PYSEC-2020-100: advisory","description":"It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.","severity":"medium","status":"fixed","source":"osv","source_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658","labels":["CVE-2020-25658","GHSA-xrx6-fmxq-rjj2"],"created_at":"2026-04-19T04:31:44.095598+00:00","updated_at":"2026-04-19T04:31:44.095598+00:00"},{"id":717,"ecosystem":"pypi","package_name":"rsa","affected_version":null,"fixed_version":"3.3","bug_id":"osv:PYSEC-2016-10","title":"PYSEC-2016-10: advisory","description":"The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.","severity":"medium","status":"fixed","source":"osv","source_url":"http://www.openwall.com/lists/oss-security/2016/01/05/3","labels":["CVE-2016-1494","GHSA-8rjr-6qq5-pj9p"],"created_at":"2026-04-19T04:31:44.095092+00:00","updated_at":"2026-04-19T04:31:44.095092+00:00"},{"id":715,"ecosystem":"pypi","package_name":"rsa","affected_version":null,"fixed_version":"3.3","bug_id":"osv:GHSA-8rjr-6qq5-pj9p","title":"Python RSA allows attackers to spoof signatures","description":"The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.","severity":"medium","status":"fixed","source":"osv","source_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1494","labels":["CVE-2016-1494","PYSEC-2016-10"],"created_at":"2026-04-19T04:31:44.093894+00:00","updated_at":"2026-04-19T04:31:44.093894+00:00"}],"total":6,"_cache":"miss"}