Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GHSA-8F95-V3JQ-CJ86
Vulnerability from github – Published: 2026-07-09 13:42 – Updated: 2026-07-09 13:42Impact
The argon2i_32 implementation does not check the nb_blocks size. If the caller does not provide a sufficiently large buffer based on the API contract, then argon2i_32 will write past the end of the buffer and possibly corrupt the heap.
Patches
Fixed in 4.0.2.8, which now verifies that nb_blocks is large enough. See 90ff5b1.
Workarounds
Provide a correctly sized nb_blocks buffer.
pymonocypher thanks Haris (hextheshadow) for the vulnerability report, details, and recommended fix.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "pymonocypher"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.0.2.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-53720"
],
"database_specific": {
"cwe_ids": [
"CWE-122",
"CWE-1284",
"CWE-787"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-09T13:42:46Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Impact\nThe argon2i_32 implementation does not check the nb_blocks size. If the caller does not provide a sufficiently large buffer based on the API contract, then argon2i_32 will write past the end of the buffer and possibly corrupt the heap.\n\n### Patches\nFixed in 4.0.2.8, which now verifies that nb_blocks is large enough. See [90ff5b1](https://github.com/jetperch/pymonocypher/commit/90ff5b13b13b5673c372e188f482d8c172e6ab86).\n\n### Workarounds\nProvide a correctly sized nb_blocks buffer.\n\npymonocypher thanks Haris (hextheshadow) for the vulnerability report, details, and recommended fix.",
"id": "GHSA-8f95-v3jq-cj86",
"modified": "2026-07-09T13:42:46Z",
"published": "2026-07-09T13:42:46Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/jetperch/pymonocypher/security/advisories/GHSA-8f95-v3jq-cj86"
},
{
"type": "WEB",
"url": "https://github.com/jetperch/pymonocypher/commit/90ff5b13b13b5673c372e188f482d8c172e6ab86"
},
{
"type": "PACKAGE",
"url": "https://github.com/jetperch/pymonocypher"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "pymonocypher: Potential heap buffer overflow on nb_blocks in argon2i_32 when provided buffer is too small"
}
PYSEC-2026-3000
Vulnerability from pysec - Published: 2026-07-13 15:46 - Updated: 2026-07-13 16:05Impact
The argon2i_32 implementation does not check the nb_blocks size. If the caller does not provide a sufficiently large buffer based on the API contract, then argon2i_32 will write past the end of the buffer and possibly corrupt the heap.
Patches
Fixed in 4.0.2.8, which now verifies that nb_blocks is large enough. See 90ff5b1.
Workarounds
Provide a correctly sized nb_blocks buffer.
pymonocypher thanks Haris (hextheshadow) for the vulnerability report, details, and recommended fix.
| Name | purl | pymonocypher | pkg:pypi/pymonocypher |
|---|
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "pymonocypher",
"purl": "pkg:pypi/pymonocypher"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.0.2.8"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.1.1",
"0.1.2",
"0.1.3",
"0.1.4",
"3.1.0.0",
"3.1.3.0",
"3.1.3.1",
"3.1.3.2",
"3.1.3.3",
"3.1.3.4",
"3.1.3.5",
"3.1.3.6",
"4.0.2.1",
"4.0.2.2",
"4.0.2.3",
"4.0.2.4",
"4.0.2.5",
"4.0.2.6",
"4.0.2.7"
]
}
],
"aliases": [
"CVE-2026-53720",
"GHSA-8f95-v3jq-cj86"
],
"details": "### Impact\nThe argon2i_32 implementation does not check the nb_blocks size. If the caller does not provide a sufficiently large buffer based on the API contract, then argon2i_32 will write past the end of the buffer and possibly corrupt the heap.\n\n### Patches\nFixed in 4.0.2.8, which now verifies that nb_blocks is large enough. See [90ff5b1](https://github.com/jetperch/pymonocypher/commit/90ff5b13b13b5673c372e188f482d8c172e6ab86).\n\n### Workarounds\nProvide a correctly sized nb_blocks buffer.\n\npymonocypher thanks Haris (hextheshadow) for the vulnerability report, details, and recommended fix.",
"id": "PYSEC-2026-3000",
"modified": "2026-07-13T16:05:55.334297Z",
"published": "2026-07-13T15:46:30.235469Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/jetperch/pymonocypher/security/advisories/GHSA-8f95-v3jq-cj86"
},
{
"type": "WEB",
"url": "https://github.com/jetperch/pymonocypher/commit/90ff5b13b13b5673c372e188f482d8c172e6ab86"
},
{
"type": "PACKAGE",
"url": "https://github.com/jetperch/pymonocypher"
},
{
"type": "PACKAGE",
"url": "https://pypi.org/project/pymonocypher"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-8f95-v3jq-cj86"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53720"
}
],
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "pymonocypher: Potential heap buffer overflow on nb_blocks in argon2i_32 when provided buffer is too small"
}