Homepage

certifi@14.05.14 vulnerabilities

Python package for providing Mozilla's CA Bundle.

  • latest version

    2025.1.31

  • latest non vulnerable version

    2025.1.31

  • first published

    13 years ago

  • latest version published

    2 months ago

  • licenses detected

    • ISC
      [0,2017.7.27.1)
  • View certifi package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the certifi package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Insufficient Verification of Data Authenticity

    Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity resulting in Certifi root certificate removal from TrustCor. The root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware.

    How to fix Insufficient Verification of Data Authenticity?

    Upgrade certifi to version 2022.12.7 or higher.

    [,2022.12.7)
    • M
    Improper Certificate Validation

    certifi is a Python package for providing Mozilla's CA Bundle.

    Affected versions of this package are vulnerable to Improper Certificate Validation due to not rejecting the deprecated 1024-bit certificates, and only giving a warning.

    [,2017.4.17)
    Go back to all versions of this package