Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

OpenSSL — Vulnerabilities & Security Advisories 122

All 122 CVE vulnerabilities found in OpenSSL, with AI-generated Chinese analysis, references, and POCs.

This page aggregates known vulnerabilities and weaknesses associated with the OpenSSL cryptography toolkit, covering diverse weakness types and associated security tags. It collects data on critical flaws, ranging from buffer overflows and memory corruption issues to logic errors and protocol implementation defects, encompassing reports published over the last ten years. By reviewing this curated collection, users can systematically track a vendor's security advisories as they are released, gain a deeper understanding of a specific weakness class through its manifestation in this widely used software, and inspect a product's comprehensive vulnerability history to identify recurring patterns or legacy risks. The OpenSSL library is foundational to many internet services, making its security posture a high priority for developers, system administrators, and security researchers. This resource provides a centralized view of past incidents, helping stakeholders assess the impact of historical bugs and evaluate the current risk landscape. The entries include details on severity, affected versions, and mitigation strategies where available, offering a structured approach to analyzing the software's security track record. This information is essential for conducting risk assessments, planning patch management cycles, and ensuring compliance with security standards. Understanding the context of these vulnerabilities aids in making informed decisions about software usage and upgrade paths, ultimately contributing to a more secure digital infrastructure.

Vendor: OpenSSL

CVE IDTitleCVSSSeverityPublished
CVE-2026-45447 Heap Use-After-Free in the PKCS7_verify() Function CWE-416--2026-06-09
CVE-2026-45446 Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes CWE-325--2026-06-09
CVE-2026-45445 AES-OCB IV Ignored on EVP_Cipher() Path CWE-325--2026-06-09
CVE-2026-42771 Possible Out of Bounds Read in X509_VERIFY_PARAM_set1_email() CWE-125--2026-06-09
CVE-2026-42770 FFC-DH Peer Validation Uses Attacker-Supplied q CWE-325--2026-06-09
CVE-2026-42769 Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate CWE-295--2026-06-09
CVE-2026-42768 Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt() CWE-514--2026-06-09
CVE-2026-42767 NULL Pointer Dereference in CRMF EncryptedValue Decryption CWE-476--2026-06-09
CVE-2026-42766 Possible NULL Dereference in Password-Based CMS Decryption CWE-476--2026-06-09
CVE-2026-42765 NULL Dereference in Certificate Verification with OCSP Checking CWE-476--2026-06-09
CVE-2026-42764 NULL Pointer Dereference in QUIC Server Initial Packet Handling CWE-476--2026-06-09
CVE-2026-34183 Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler CWE-1325--2026-06-09
CVE-2026-35188 Double-free When Checking OCSP Stapled Response CWE-415--2026-06-09
CVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged Messages CWE-354--2026-06-09
CVE-2026-34181 PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys CWE-354--2026-06-09
CVE-2026-34180 Heap Buffer Over-read in ASN.1 Content Parsing CWE-125--2026-06-09
CVE-2026-9076 Out-of-Bounds Read in CMS Password-Based Decryption CWE-125--2026-06-09
CVE-2026-7383 Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion CWE-787--2026-06-09
CVE-2026-31790 Incorrect Failure Handling in RSA KEM RSASVE Encapsulation CWE-754 7.5AIHighAI2026-04-07
CVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion CWE-787 9.8AICriticalAI2026-04-07
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo CWE-476 7.5AIHighAI2026-04-07
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo CWE-476 7.5AIHighAI2026-04-07
CVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL CWE-476 7.5AIHighAI2026-04-07
CVE-2026-28387 Potential Use-after-free in DANE Client Code CWE-416 9.8AICriticalAI2026-04-07
CVE-2026-28386 Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support CWE-125 7.5AIHighAI2026-04-07
CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group CWE-757 5.3 -2026-03-13
CVE-2026-22796 ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function CWE-754 7.5AIHighAI2026-01-27
CVE-2026-22795 Missing ASN1_TYPE validation in PKCS#12 parsing CWE-754 7.5AIHighAI2026-01-27
CVE-2025-69421 NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function CWE-476 6.5AIMediumAI2026-01-27
CVE-2025-69420 Missing ASN1_TYPE validation in TS_RESP_verify_response() function CWE-754 6.2AIMediumAI2026-01-27

All 122 known CVE vulnerabilities affecting OpenSSL with full Chinese analysis, references, and POCs where available.