GHSA-h3m5-p59h-x88p: openssl-encrypt has visible password in process list via --password CLI argument

March 31, 2026

Passwords passed via the --password / -p CLI argument in openssl_encrypt/modules/crypt_cli_subparser.py at lines 150-154 are visible to any user on the system via ps aux or /proc/[pid]/cmdline.

References

github.com/advisories/GHSA-h3m5-p59h-x88p
github.com/jahlives/openssl_encrypt
github.com/jahlives/openssl_encrypt/commit/e78a3666e4592f3538adaaa6be8f5f04356174db
github.com/jahlives/openssl_encrypt/security/advisories/GHSA-h3m5-p59h-x88p

Code Behaviors & Features

Detect and mitigate GHSA-h3m5-p59h-x88p with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →