Is paramiko safe to use?

paramiko has 1 known vulnerabilities on the latest version (4.0.0). DepScope rates its health at 74/100 (moderate risk).

What is the latest version of paramiko?

The latest version of paramiko is 4.0.0, released 2025-08-04.

Does paramiko have known vulnerabilities?

Yes. paramiko has 1 known vulnerabilities. See depscope.dev/pkg/pypi/paramiko for details.

Is paramiko deprecated?

No, paramiko is actively maintained. Latest release: 4.0.0 (2025-08-04).

What are alternatives to paramiko?

Popular alternatives to paramiko in PyPI include: boto3, boto3/, packaging, urllib3/, certifi.

What license does paramiko use?

paramiko is licensed under LGPL-2.1.

paramiko

pypiv4.0.0

SSH2 protocol library

License LGPL-2.1weak copyleft142 versions7 deps34,131,362 weekly dl

paramiko/paramiko

/ 100

Health

safe to use

[email protected] is safe to use (health: 74/100)

Update to >= 0.0.0-20231218163308-9d2ee975ef9f to fix known vulnerabilities

Health breakdown0 – 100

10/25

maintenance

20/20

popularity

23/25

security

15/15

maturity

6/15

community

Vulnerabilities

1 medium

Advisories (1)

Severity	ID	Summary	Fixed in
medium	CVE-2023-48795	Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin	0.0.0-20231218163308-9d2ee975ef9f

Threat intelligence

1 likely exploited (EPSS ≥ 0.5)

Threat tier per vulnerability derived from CISA KEV catalog + FIRST.org EPSS scores.

OSS Scorecard

OpenSSF security posture score

4.2/10

weak

Maintainer trust

Active maintainers (3m)

1

Contributors (12m)

1

Primary author dominance

100%

GitHub stars

9,730

single active maintainer 3msingle author dominance

Health History

Dependency Tree

License Audit

Dependencies (7)

bcrypt cryptography invoke pynacl pyasn1 gssapi pywin32

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/pypi/paramiko