certifi
certifi has 2 known security vulnerabilities in PyPI (Python). Upgrade to version 2024.7.4 or later to resolve all known issues. Data sourced from OSV, enriched with EPSS exploit probability and CISA KEV.
Recommended safe version: 2024.7.4
Upgrading to 2024.7.4 or later resolves all 2 known vulnerabilities in certifi. Run: pip install "certifi>=2024.7.4"
Is certifi in your project?
Check if you're affected and upgrade to 2024.7.4 to stay secure.
Vulnerabilities
2 unique vulnerabilities — sorted by severity. Click a CVE/GHSA ID for full details.
| CVE / GHSA | Severity | Affected | Fixed In |
|---|---|---|---|
| GHSA-248v-346w-9cwc Certifi removes GLOBALTRUST root certificate | LOW | 2021.10.8, 2021.5.30, 2022.12.7, 2022.5.18 (+11 more) | 2024.7.4 |
| PYSEC-2024-230 | CVSS_V3 | 2021.10.8, 2021.5.30, 2022.12.7, 2022.5.18 (+11 more) | bd8153872e9c6fc98f4023df9c2deaffea2fa463, bd8153872e9c6fc98f4023df9c2deaffea2fa463, 2024.7.4 |
About This Data
Vulnerability data for certifi is sourced from the Open Source Vulnerability (OSV) database, aggregating reports from GitHub Advisory Database, NIST NVD, and ecosystem-specific sources.
CVSS (Common Vulnerability Scoring System) scores reflect exploitability and impact. EPSS (Exploit Prediction Scoring System) scores indicate the probability of exploitation within the next 30 days. Vulnerabilities marked with are listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
Check Your Dependencies
Scan your project to check if you're using a vulnerable version of certifi.