aws-encryption-sdk

PyPI2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting aws-encryption-sdkpage 1 of 1

CVE-2020-8897MEDIUMCVSS 4.8EG 4.8✓ Fixed in 2.0.0
2020-11-16
vulnerable: 1.2.0 ... 1.10.1 (17 versions)
A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0. Due to the non-committing property of AES-GCM (and other AEAD ciphers such as AES-GCM-SIV or (X)ChaCha20Poly1305)…
CVE-2026-6550MEDIUMCVSS 4.7EG 4.7✓ Fixed in 4.0.5
2026-04-20
vulnerable: 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4
Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and before version 4.0.5 might allow an authenticated local threat actor to bypass key commitment policy enforcement via a…

Check whether aws-encryption-sdk is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for aws-encryption-sdk CVEs against the assets you own.

Start Free Scan →