PyPI: pynitrokey

CVE-2023-23931

Safety vulnerability ID: SFTY-20230207-26454

Safety legacy ID: pyup.io-64461

Pynitrokey 0.4.39 upgrades its cryptography dependency, moving from version range >=3.4.4,<37 to a new range of >=39.0.1,<39.1. This update addresses the security vulnerability identified in CVE-2023-23931.

PythonPyPINVDNVD
Created at: May 21, 2026Updated at: May 21, 2026

Overview

Pynitrokey 0.4.39 upgrades its cryptography dependency, moving from version range >=3.4.4,<37 to a new range of >=39.0.1,<39.1. This update addresses the security vulnerability identified in CVE-2023-23931.

Advisory

Pynitrokey 0.4.39 upgrades its cryptography dependency, moving from version range >=3.4.4,<37 to a new range of >=39.0.1,<39.1. This update addresses the security vulnerability identified in CVE-2023-23931.

Affected Package

Affecting pynitrokey package, versions
<0.4.39

Also affects

---

How to Fix

Upgrade
pynitrokey
to
0.4.39
or higher.

Mitigation and Workarounds

---

Vulnerable Functions

Functions linked to known vulnerabilities.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.

References

Safety

Verified by Safety

Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.

Learn more