GHSA-hvc7-763r-4f3h

Summary

openssl-encrypt has no owner verification on key revocation — any client can revoke any key

Severity

medium

Published

2026-04-01

References

• https://github.com/jahlives/openssl_encrypt/security/advisories/GHSA-hvc7-763r-4f3h
• https://github.com/jahlives/openssl_encrypt/commit/05e45f393886b5bf7e924d2dd42099a9dd37f91d
• https://github.com/jahlives/openssl_encrypt

Related advisories

• GHSA-h45m-mgcp-q388 — critical · PyPI/openssl-encrypt
• GHSA-c65f-x25w-62jv — medium · PyPI/openssl-encrypt
• GHSA-4rh7-jwg9-m28m — medium · PyPI/openssl-encrypt
• GHSA-2vhw-q7vh-7xv2 — medium · PyPI/openssl-encrypt
• GHSA-8h88-gxp3-j7pg — medium · PyPI/openssl-encrypt
• GHSA-425g-fjhq-5h92 — medium · PyPI/openssl-encrypt
• GHSA-vfgx-5q85-58q3 — medium · PyPI/openssl-encrypt
• GHSA-h3m5-p59h-x88p — medium · PyPI/openssl-encrypt

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Summarize with AI

ChatGPTClaudePerplexity