Is paramiko safe to use?

paramiko has 2 known vulnerabilities on the latest version (5.0.0). DepScope rates its health at 89/100 (low risk).

What is the latest version of paramiko?

The latest version of paramiko is 5.0.0, released 2026-05-09.

Does paramiko have known vulnerabilities?

Yes. paramiko has 2 known vulnerabilities. See depscope.dev/pkg/pypi/paramiko for details.

Is paramiko deprecated?

No, paramiko is actively maintained. Latest release: 5.0.0 (2026-05-09).

What are alternatives to paramiko?

Popular alternatives to paramiko in PyPI include: boto3, packaging, idna, certifi, urllib3.

What license does paramiko use?

paramiko is licensed under LGPL-2.1.

paramiko

pypiv5.0.0

SSH2 protocol library

License LGPL-2.1weak copyleft143 versions4 deps33,856,100 weekly dl

paramiko/paramiko

/ 100

Health

safe to use

[email protected] is safe to use (health: 89/100)

Update to >= 0.0.0-20231218163308-9d2ee975ef9f to fix known vulnerabilities

Health breakdown0 – 100

25/25

maintenance

20/20

popularity

23/25

security

15/15

maturity

6/15

community

0/15

popularity_floor

Vulnerabilities

1 medium1 low

Advisories (2)

Severity	ID	Summary	Fixed in
medium	CVE-2023-48795	Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin	0.0.0-20231218163308-9d2ee975ef9f
low	CVE-2026-44405	Paramiko rsakey.py allows the SHA-1 algorithm	—

Threat intelligence

1 likely exploited (EPSS ≥ 0.5)

Threat tier per vulnerability derived from CISA KEV catalog + FIRST.org EPSS scores.

OSS Scorecard

OpenSSF security posture score

4.2/10

weak

Maintainer trust

Active maintainers (3m)

1

Contributors (12m)

1

Primary author dominance

100%

GitHub stars

9,730

single active maintainer 3msingle author dominance

Quality signals

OSS Criticality

0.50medium

Download trend

stable(0%)

Health History

Dependency Tree

License Audit

Dependencies (4)

bcrypt cryptography invoke pynacl

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/pypi/paramiko