cbor2

PyPI2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting cbor2page 1 of 1

CVE-2024-26134HIGHCVSS 7.5EG 7.5✓ Fixed in 5.6.2
2024-02-19
vulnerable: 5.5.1, 5.6.0, 5.6.1
cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR bin…
CVE-2025-68131HIGHCVSS 7.5EG 7.5✓ Fixed in 5.8.0
2025-12-31
vulnerable: 3.0.0 ... 5.7.1 (36 versions)
cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, …

Check whether cbor2 is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for cbor2 CVEs against the assets you own.

Start Free Scan →