GHSA-425g-fjhq-5h92: openssl-encrypt silently skips schema validation when jsonschema library is not installed

March 31, 2026

In openssl_encrypt/modules/json_validator.py at lines 234-238, when the jsonschema library is not installed, all schema validation is silently skipped with only a print warning.

References

github.com/advisories/GHSA-425g-fjhq-5h92
github.com/jahlives/openssl_encrypt
github.com/jahlives/openssl_encrypt/commit/6e7f938dcb7928faf5fd12bb5559f6dae2944124
github.com/jahlives/openssl_encrypt/security/advisories/GHSA-425g-fjhq-5h92

Code Behaviors & Features

Detect and mitigate GHSA-425g-fjhq-5h92 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →