lialon

### Description: In the "certgrinder/server/certgrinderd/certgrinderd.py", I have identified a security vulnerability about insecure cryptographic algorithm. PKCS1v1.5 is vulnerable to the chosen-ciphertext attack. ### Location: https://github.com/tykling/certgrinder/blob/main/server/certgrinderd/certgrinderd.py#L985 ```python padding=primitives.asymmetric.padding.PKCS1v15(), ``` ### Reference...

### Description: In the "bilingual_book_maker/book_maker/obok.py", I have identified a security vulnerability about insecure block cipher mode. Using ECB mode in symmetric cryptographic may cause security vulnerability due to its predictability...

### Description: In the "Text-steganography/AES.py", I have identified a security vulnerability about hardcode salt. And do not use hardcode/static salt in the PBKDF, which would make output easy to predict....

### Description: In the "django-virtual-pos/djangovirtualpos/models.py", I have identified a security vulnerability about insecure cryptographic algorithm usage and static IV. CBC with fixed or hardcode IV is vulnerable to the chosen-ciphertext...

### Description: In the "python-cwt/samples/eudcc/swedish_verifier.py" and "python-cwt/cwt/algs/rsa.py", I have identified security vulnerabilities about insecure cryptographic algorithm and insecure verification. PKCS1v1.5 is vulnerable to the chosen-ciphertext attack. And bypassing JWT verification...

### Description: In the "LaZagne/Mac/lazagne/softwares/browsers/chrome.py", I have identified a security vulnerability about hardcode salt. And do not use hardcode/static salt in the PBKDF, which would make output easy to predict....

### Description: In the "tflearn/examples/nlp/lstm_generator_cityname.py", I have identified a security vulnerability about insecure SSL/TLS Verification and configuration. Bypassing certificate verification or accepting all host names are considered insecure. "ssl._create_unverified_context()" shouldn't...

### Description: In the "Mailpile/packages/windows-wix/provide/cache.py", I have identified a security vulnerability about insecure SSL/TLS Verification and configuration. Bypassing certificate verification or accepting all host names are considered insecure. "ssl._create_unverified_context()" shouldn't...

### Description: In the "haipproxy/examples/zhihu/crawler.py", I have identified a security vulnerability about insecure Verification. Bypassing certificate verification or accepting all host names are considered insecure. ### Location: https://github.com/SpiderClub/haipproxy/blob/master/examples/zhihu/crawler.py#L64 ```python resp...

### Description: In the "python-binance/binance/client.py", I have identified a security vulnerability about insecure cryptographic algorithm. PKCS1v1.5 is vulnerable to the chosen-ciphertext attack. ### Location: https://github.com/sammchardy/python-binance/blob/master/binance/client.py#L255 ```python signature = pkcs1_15.new(self.PRIVATE_KEY).sign(h) ```...