Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

openssl — Vulnerabilities & Security Advisories 104

All 104 CVE vulnerabilities found in openssl, with AI-generated Chinese analysis, references, and POCs.

This page aggregates security weaknesses related to OpenSSL, a widely used open-source cryptographic software library developed by the OpenSSL Project. It collects documented vulnerabilities affecting the OpenSSL toolkit, encompassing issues such as memory corruption, logic errors, and protocol implementation flaws, with data covering releases from version 0.9.8 through the latest 3.x series up to the present date. Here, you can track vendor advisories issued by the OpenSSL Security Team, understand the common weakness enumeration classifications for cryptographic failures, and look up a specific product's vulnerability history to assess patch availability and exposure windows. The repository serves as a centralized reference for security researchers and system administrators to identify risk patterns across different OpenSSL versions. By consolidating these records, the page facilitates a comprehensive view of how specific code paths have been compromised over time. Users can analyze the progression of security patches and correlate findings with industry-wide threat intelligence. This resource does not replace official vendor guidance but provides a structured historical context for OpenSSL security incidents. It is designed to aid in risk management decisions by highlighting recurring vulnerability types and their remediation status. All information presented is derived from public security advisories and CVE assignments, ensuring an accurate and transparent overview of the project's security landscape without speculative analysis or third-party interpretations.

Vendor: OpenSSL

CVE IDTitleCVSSSeverityPublished
CVE-2026-31790 Incorrect Failure Handling in RSA KEM RSASVE Encapsulation CWE-754 7.5AIHighAI2026-04-07
CVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion CWE-787 9.8AICriticalAI2026-04-07
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo CWE-476 7.5AIHighAI2026-04-07
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo CWE-476 7.5AIHighAI2026-04-07
CVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL CWE-476 7.5AIHighAI2026-04-07
CVE-2026-28387 Potential Use-after-free in DANE Client Code CWE-416 9.8AICriticalAI2026-04-07
CVE-2026-28386 Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support CWE-125 7.5AIHighAI2026-04-07
CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group CWE-757 5.3 -2026-03-13
CVE-2026-22796 ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function CWE-754 7.5AIHighAI2026-01-27
CVE-2026-22795 Missing ASN1_TYPE validation in PKCS#12 parsing CWE-754 7.5AIHighAI2026-01-27
CVE-2025-69420 Missing ASN1_TYPE validation in TS_RESP_verify_response() function CWE-754 6.2AIMediumAI2026-01-27
CVE-2025-69421 NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function CWE-476 6.5AIMediumAI2026-01-27
CVE-2025-69419 Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion CWE-787 7.8AIHighAI2026-01-27
CVE-2025-69418 Unauthenticated/unencrypted trailing bytes with low-level OCB function calls CWE-325 9.1AICriticalAI2026-01-27
CVE-2025-68160 Heap out-of-bounds write in BIO_f_linebuffer on short writes CWE-787 7.5AIHighAI2026-01-27
CVE-2025-66199 TLS 1.3 CompressedCertificate excessive memory allocation CWE-789 7.5AIHighAI2026-01-27
CVE-2025-15469 'openssl dgst' one-shot codepath silently truncates inputs >16MB CWE-347 9.1AICriticalAI2026-01-27
CVE-2025-15468 NULL dereference in SSL_CIPHER_find() function on unknown cipher ID CWE-476 7.5AIHighAI2026-01-27
CVE-2025-15467 Stack buffer overflow in CMS (Auth)EnvelopedData parsing CWE-787 9.8 -2026-01-27
CVE-2025-11187 Improper validation of PBMAC1 parameters in PKCS#12 MAC verification CWE-787 8.8AIHighAI2026-01-27
CVE-2025-9232 Out-of-bounds read in HTTP client no_proxy handling CWE-125 7.5AIHighAI2025-09-30
CVE-2025-9231 Timing side-channel in SM2 algorithm on 64 bit ARM CWE-385 5.9AIMediumAI2025-09-30
CVE-2025-9230 Out-of-bounds read & write in RFC 3211 KEK Unwrap CWE-125 9.1AICriticalAI2025-09-30
CVE-2023-53159 rust-openssl 安全漏洞 CWE-126 4.5 Medium2025-07-28
CVE-2025-4575 The x509 application adds trusted use instead of rejected use CWE-295 7.5AIHighAI2025-05-22
CVE-2024-12797 RFC7250 handshakes with unauthenticated servers don't abort as expected CWE-392 7.4 -2025-02-11
CVE-2024-13176 Timing side-channel in ECDSA signature computation CWE-385 4.7 -2025-01-20
CVE-2024-4741 Use After Free with SSL_free_buffers CWE-416 9.8 -2024-11-13
CVE-2024-9143 Low-level invalid GF(2^m) parameters lead to OOB memory access CWE-125 9.8 -2024-10-16
CVE-2024-6119 Possible denial of service in X.509 name checks CWE-843 7.5AIHighAI2024-09-03

All 104 known CVE vulnerabilities affecting openssl with full Chinese analysis, references, and POCs where available.