All boto3 CVEs — Complete Vulnerability History
boto3 is the AWS SDK for Python. Its CVEs are rare — most AWS-related Python security issues come from misconfiguration rather than boto3 vulnerabilities.
PyPI
100M+ weekly downloads
1 CVE total
Full CVE history
| CVE | Year | Severity | Description | Fix |
|---|---|---|---|---|
| CVE-2023-34048 | 2023 | HIGH | Credential exposure via debug logging | Fixed 1.28.0 |
Current safe version: 1.34.69
# Before boto3==1.26.0
# After boto3==1.34.69
Then run: pip install -r requirements.txt
Paste your manifest — get a fixed version with all CVEs patched in seconds.
Open PackageFix →Free · No signup · No CLI · Runs in your browser
Common questions
Is boto3 safe for production AWS operations?
boto3 has a very clean CVE history. The main risk with AWS SDK usage is credential management — never hardcode credentials, use IAM roles and environment variables.