{"package":"pycrypto","ecosystem":"pypi","latest_version":"2.6.1","description":"Cryptographic modules for Python.","license":"Public domain","homepage":"http://www.pycrypto.org/","repository":"","downloads_weekly":1994633,"health":{"score":49,"risk":"high","breakdown":{"maintenance":0,"popularity":17,"security":21,"maturity":9,"community":2},"deprecated":false,"max_score":100},"vulnerabilities":{"count":4,"critical":0,"high":0,"medium":2,"low":2,"details":[{"vuln_id":"CVE-2018-6594","severity":"medium","summary":"Pycrypto generates weak key parameters","affected_versions":">=0","fixed_version":null,"source":"osv","published_at":"2018-07-12T20:29:26Z"},{"vuln_id":"CVE-2013-7459","severity":"medium","summary":"Buffer Overflow in pycrypto","affected_versions":">=0","fixed_version":null,"source":"osv","published_at":"2018-12-14T18:51:38Z"},{"vuln_id":"CVE-2013-7459","severity":"unknown","summary":"Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.","affected_versions":">=0","fixed_version":"8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4","source":"osv","published_at":"2017-02-15T15:59:00Z"},{"vuln_id":"CVE-2018-6594","severity":"unknown","summary":"lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.","affected_versions":">=0","fixed_version":null,"source":"osv","published_at":"2018-02-03T15:29:00Z"}]},"versions":{"latest":"2.6.1","total_count":13,"recent":["1.9a2","1.9a5","1.9a6","2.0","2.0.1","2.1.0","2.2","2.3","2.4","2.4.1","2.5","2.6","2.6.1"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":1,"first_published":null,"last_published":"2014-06-20T08:10:20.813938Z","dependencies_count":0,"dependencies":[]},"recommendation":{"action":"safe_to_use","issues":[],"use_version":"2.6.1","version_hint":"Update to >= 8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4 to fix known vulnerabilities","summary":"pycrypto@2.6.1 is safe to use (health: 49/100)"},"requested_version":null,"_cache":"miss","_response_ms":478,"_powered_by":"depscope.dev — free package intelligence for AI agents"}