Python/paramiko/2.0.8
SSH2 protocol library
https://pypi.org/project/paramiko
LGPL-3.0-or-later
2 Security Vulnerabilities
Paramiko Authentication Bypass vulnerability
Published date: 2018-10-10T16:10:10Z
CVE: CVE-2018-1000805
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000805
- https://github.com/advisories/GHSA-f2j6-wrhh-v25m
- https://github.com/paramiko/paramiko/issues/1283
- https://access.redhat.com/errata/RHBA-2018:3497
- https://access.redhat.com/errata/RHSA-2018:3347
- https://access.redhat.com/errata/RHSA-2018:3406
- https://access.redhat.com/errata/RHSA-2018:3505
- https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt
- https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html
- https://usn.ubuntu.com/3796-1/
- https://usn.ubuntu.com/3796-2/
- https://usn.ubuntu.com/3796-3/
- https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html
- https://github.com/pypa/advisory-database/tree/main/vulns/paramiko/PYSEC-2018-69.yaml
- https://usn.ubuntu.com/3796-1
- https://usn.ubuntu.com/3796-2
- https://usn.ubuntu.com/3796-3
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
Affected versions: ["1.10.1", "1.10.5", "1.16.1", "1.17.6", "1.5.2", "2.0.1", "2.0.4", "1.10.0", "1.10.7", "1.13.1", "1.18.2", "1.18.3", "1.5.4", "1.7", "1.7.2", "1.10.3", "1.11.0", "1.14.2", "1.17.2", "1.7.1", "1.7.5", "1.10.6", "1.11.1", "1.12.2", "1.14.0", "1.15.0", "1.15.3", "1.17.0", "1.17.1", "1.17.3", "1.6.3", "1.7.7.1", "2.0.6", "2.0.7", "2.0.8", "1.10.2", "1.10.4", "1.15.1", "1.15.4", "1.17.5", "1.18.1", "1.18.4", "1.8.1", "2.0.0", "1.12.0", "1.15.2", "1.16.2", "1.18.0", "1.5.1", "1.6.1", "2.0.5", "1.11.3", "1.11.4", "1.12.1", "1.13.4", "1.17.4", "1.18.5", "1.6.2", "1.6.4", "1.7.6", "1.8.0", "1.9.0", "2.0.3", "1.11.2", "1.11.5", "1.11.6", "1.12.3", "1.12.4", "1.13.0", "1.13.2", "1.13.3", "1.14.1", "1.14.3", "1.15.5", "1.16.0", "1.16.3", "1.6", "1.7.4", "1.7.7.2", "2.0.2", "2.1.5", "2.1.2", "2.1.4", "2.1.3", "2.1.0", "2.1.1", "2.2.0", "2.2.3", "2.2.2", "2.2.1", "2.3.1", "2.3.0", "2.3.2", "2.4.0", "2.4.1"]
Secure versions: [5.0.0]
Recommendation: Update to version 5.0.0.
Paramiko rsakey.py allows the SHA-1 algorithm
Published date: 2026-05-06T00:31:33Z
CVE: CVE-2026-44405
Links:
In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm.
Affected versions: ["1.10.1", "1.10.5", "1.16.1", "1.17.6", "1.5.2", "2.0.1", "2.0.4", "1.10.0", "1.10.7", "1.13.1", "1.18.2", "1.18.3", "1.5.4", "1.7", "1.7.2", "0.1-bulbasaur", "0.9-doduo", "0.9-fearow", "1.10.3", "1.11.0", "1.14.2", "1.17.2", "1.3.1", "1.7.1", "1.7.5", "0.9-horsea", "1.1", "1.10.6", "1.11.1", "1.12.2", "1.14.0", "1.15.0", "1.15.3", "1.17.0", "1.17.1", "1.17.3", "1.3", "1.6.3", "1.7.7.1", "2.0.6", "2.0.7", "2.0.8", "0.1-charmander", "0.9-eevee", "1.0", "1.10.2", "1.10.4", "1.15.1", "1.15.4", "1.17.5", "1.18.1", "1.18.4", "1.8.1", "2.0.0", "2.1.5", "2.1.6", "2.4.3", "2.5.1", "2.1.2", "2.1.4", "2.2.0", "2.2.4", "2.3.3", "0.9-gyarados", "1.12.0", "1.15.2", "1.16.2", "1.18.0", "1.4", "1.5.1", "1.6.1", "2.0.5", "2.1.3", "2.3.1", "2.5.0", "2.2.3", "2.6.0", "1.11.3", "1.11.4", "1.12.1", "1.13.4", "1.17.4", "1.18.5", "1.2", "1.6.2", "1.6.4", "1.7.6", "1.8.0", "1.9.0", "2.0.3", "2.0.9", "2.1.0", "2.3.0", "2.4.2", "2.7.1", "2.1.1", "2.2.2", "2.4.0", "2.7.2", "0.9-ivysaur", "1.11.2", "1.11.5", "1.11.6", "1.12.3", "1.12.4", "1.13.0", "1.13.2", "1.13.3", "1.14.1", "1.14.3", "1.15.5", "1.16.0", "1.16.3", "1.6", "1.7.4", "1.7.7.2", "2.0.2", "2.4.1", "2.7.0", "2.2.1", "2.3.2", "2.8.0", "2.8.1", "2.9.0", "2.9.1", "2.9.2", "2.10.0", "2.10.1", "2.10.2", "2.10.3", "2.9.3", "2.10.4", "2.9.4", "2.10.5", "2.11.0", "2.9.5", "2.10.6", "2.12.0", "2.11.1", "3.0.0", "3.1.0", "3.2.0", "3.3.1", "3.3.0", "3.4.0", "3.4.1", "3.3.2", "3.5.0", "3.5.1", "4.0.0"]
Secure versions: [5.0.0]
Recommendation: Update to version 5.0.0.
151 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 1.12.2 | LGPL-3.0-or-later | 3 | 2014-02-14 - 18:06 | over 12 years |
| 1.12.1 | LGPL-3.0-or-later | 3 | 2014-01-09 - 00:45 | over 12 years |
| 1.12.0 | LGPL-3.0-or-later | 3 | 2013-09-28 - 05:06 | over 12 years |
| 1.11.6 | LGPL-3.0-or-later | 3 | 2014-05-07 - 21:34 | about 12 years |
| 1.11.5 | LGPL-3.0-or-later | 3 | 2014-03-14 - 04:28 | over 12 years |
| 1.11.4 | LGPL-3.0-or-later | 3 | 2014-02-14 - 18:06 | over 12 years |
| 1.11.3 | LGPL-3.0-or-later | 3 | 2014-01-09 - 00:42 | over 12 years |
| 1.11.2 | LGPL-3.0-or-later | 3 | 2013-09-28 - 05:06 | over 12 years |
| 1.11.1 | LGPL-3.0-or-later | 3 | 2013-09-21 - 01:02 | over 12 years |
| 1.11.0 | LGPL-3.0-or-later | 3 | 2013-07-26 - 22:08 | almost 13 years |
| 1.10.7 | LGPL-3.0-or-later | 3 | 2014-03-14 - 04:26 | over 12 years |
| 1.10.6 | LGPL-3.0-or-later | 3 | 2014-02-14 - 18:06 | over 12 years |
| 1.10.5 | LGPL-3.0-or-later | 3 | 2014-01-09 - 00:42 | over 12 years |
| 1.10.4 | LGPL-3.0-or-later | 3 | 2013-09-28 - 05:04 | over 12 years |
| 1.10.3 | LGPL-3.0-or-later | 3 | 2013-09-21 - 00:56 | over 12 years |
| 1.10.2 | LGPL-3.0-or-later | 3 | 2013-07-26 - 22:08 | almost 13 years |
| 1.10.1 | LGPL-3.0-or-later | 3 | 2013-04-05 - 20:04 | about 13 years |
| 1.10.0 | LGPL-3.0-or-later | 3 | 2013-03-01 - 22:58 | over 13 years |
| 1.9.0 | LGPL-3.0-or-later | 3 | 2012-11-06 - 22:53 | over 13 years |
| 1.8.1 | LGPL-3.0-or-later | 3 | 2012-11-06 - 21:57 | over 13 years |
| 1.8.0 | LGPL-3.0-or-later | 3 | 2012-10-03 - 00:08 | over 13 years |
| 1.7.7.2 | LGPL-3.0-or-later | 3 | 2012-05-17 - 01:34 | about 14 years |
| 1.7.7.1 | LGPL-3.0-or-later | 3 | 2011-05-23 - 23:24 | about 15 years |
| 1.7.6 | LGPL-3.0-or-later | 3 | 2010-10-27 - 03:00 | over 15 years |
| 1.7.5 | LGPL-3.0-or-later | 3 | 2012-09-26 - 22:51 | over 13 years |
| 1.7.4 | LGPL-3.0-or-later | 3 | 2012-09-30 - 21:10 | over 13 years |
| 1.7.2 | LGPL-3.0-or-later | 3 | 2012-09-26 - 22:50 | over 13 years |
| 1.7.1 | LGPL-3.0-or-later | 4 | 2012-09-26 - 22:50 | over 13 years |
| 1.7 | LGPL-3.0-or-later | 4 | 2012-09-26 - 22:49 | over 13 years |
| 1.6.4 | LGPL-3.0-or-later | 4 | 2012-09-26 - 22:48 | over 13 years |
| 1.6.3 | LGPL-3.0-or-later | 4 | 2012-09-26 - 22:48 | over 13 years |
| 1.6.2 | LGPL-3.0-or-later | 4 | 2012-09-26 - 22:47 | over 13 years |
| 1.6.1 | LGPL-3.0-or-later | 4 | 2012-09-26 - 22:47 | over 13 years |
| 1.6 | LGPL-3.0-or-later | 4 | 2012-09-26 - 22:46 | over 13 years |
| 1.5.4 | LGPL-3.0-or-later | 4 | 2012-09-26 - 22:46 | over 13 years |
| 1.5.2 | LGPL-3.0-or-later | 4 | 2012-09-26 - 22:45 | over 13 years |
| 1.5.1 | LGPL-3.0-or-later | 4 | 2012-09-26 - 22:44 | over 13 years |
| 1.4 | LGPL-3.0-or-later | 3 | 2012-09-26 - 22:43 | over 13 years |
| 1.3.1 | LGPL-3.0-or-later | 3 | 2012-09-26 - 22:42 | over 13 years |
| 1.3 | LGPL-3.0-or-later | 3 | 2012-09-26 - 22:42 | over 13 years |
| 1.2 | LGPL-3.0-or-later | 3 | 2012-09-26 - 22:41 | over 13 years |
| 1.1 | LGPL-3.0-or-later | 3 | 2012-09-26 - 22:40 | over 13 years |
| 1.0 | LGPL-3.0-or-later | 3 | 2012-09-26 - 22:39 | over 13 years |
| 0.1-bulbasaur | LGPL-3.0-or-later | 3 | 2012-09-26 - 22:31 | over 13 years |
| 0.9-doduo | LGPL-3.0-or-later | 3 | 2012-09-26 - 22:33 | over 13 years |
| 0.9-fearow | LGPL-3.0-or-later | 3 | 2012-09-26 - 22:35 | over 13 years |
| 0.9-horsea | LGPL-3.0-or-later | 3 | 2012-09-26 - 22:38 | over 13 years |
| 0.1-charmander | LGPL-3.0-or-later | 3 | 2012-09-26 - 22:33 | over 13 years |
| 0.9-eevee | LGPL-3.0-or-later | 3 | 2012-09-26 - 22:35 | over 13 years |
| 0.9-gyarados | LGPL-3.0-or-later | 3 | 2012-09-26 - 22:36 | over 13 years |