pkg:PyPI/keylime

All known vulnerabilities

• CRITICAL9.4CVE-2026-1709Keylime Missing Authentication for Critical Function and Improper Authentication
  >= 7.12.0, < 7.12.2
• CRITICAL9.4CVE-2026-1709Keylime Missing Authentication for Critical Function and Improper Authentication
  from 0, < 7.12.0
• CRITICAL9.1CVE-2022-1053Tenant and Verifier might not use the same registrar data
  from 0, < bd5de712acdd77860e7dc58969181e16c7a8dc5d | from 0, < 6.4.0
• CRITICAL9.1CVE-2022-1053Tenant and Verifier might not use the same registrar data
  from 0, < 6.4.0
• HIGH8.2CVE-2025-13609Keylime allows users to register new agents by recycling existing UUIDs when using different TPM devices
  from 0, < 7.13.0
• HIGH8.2CVE-2025-13609Keylime allows users to register new agents by recycling existing UUIDs when using different TPM devices
• HIGH7.5CVE-2023-38200Keylime's registrar vulnerable to Denial-of-service attack via a single open connection
  from 0, < 7.4.0
• MEDIUM6.5CVE-2023-38201Keylime registrar and (untrusted) Agent can be bypassed by an attacker
  from 0, < 7.5.0
• MEDIUM6.5CVE-2023-38201Keylime registrar and (untrusted) Agent can be bypassed by an attacker
  from 0, < 9e5ac9f25cd400b16d5969f531cee28290543f2a | from 0, < 7.5.0
• MEDIUM6.3CVE-2026-6420Keylime has a hardcoded attestation challenge nonce that allows replay attacks
  >= 7.14.0, < 7.14.2
• MEDIUM5.1CVE-2022-3500Keylime: unhandled exceptions could lead to invalid attestation states
  from 0, < 6.5.1
• MEDIUM5.1CVE-2022-3500Keylime: unhandled exceptions could lead to invalid attestation states
  from 0, < 6.5.1
• MEDIUM4.3CVE-2025-1057Keylime registrar is vulnerable to Denial-of-Service attack when updated to version 7.12.0
  >= 7.12.0, < 7.12.1
• LOW2.3CVE-2023-3674keylime fails to flag device as untrusted when signature does not validate
  from 0, < 95ce3d86bd2c53009108ffda2dcf553312d733db | from 0, < 7.2.5
• LOW2.3CVE-2023-3674keylime fails to flag device as untrusted when signature does not validate
  from 0, < 7.2.5