GHSA-vfgx-5q85-58q3: openssl-encrypt has non-cryptographic PRNG used for steganography pixel selection

March 31, 2026

The generate_pseudorandom_sequence() function in openssl_encrypt/plugins/steganography/core/utils.py at lines 89-91 uses Python’s random module (Mersenne Twister) for steganographic pixel/sample selection.

References

github.com/advisories/GHSA-vfgx-5q85-58q3
github.com/jahlives/openssl_encrypt
github.com/jahlives/openssl_encrypt/commit/09e96e090417d34d2f533f6810d3cd4f77810101
github.com/jahlives/openssl_encrypt/security/advisories/GHSA-vfgx-5q85-58q3

Code Behaviors & Features

Detect and mitigate GHSA-vfgx-5q85-58q3 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →