Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

OpenSIPS — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting OpenSIPS. AI-powered Chinese analysis, POCs, and references for each vulnerability.

OpenSIPS serves as a robust open-source SIP server for VoIP, real-time communications, and telephony infrastructure. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from input validation flaws and improper access controls. The project maintains a security-focused development approach with regular updates and a CVE disclosure process. While no major security incidents have been widely documented, the 12 recorded CVEs highlight potential risks in deployment environments requiring strict hardening and monitoring. Its modular architecture allows for security enhancements through custom configurations, though administrators must remain vigilant against emerging threats in complex communication networks.

Top products by OpenSIPS: opensips
CVE IDTitleCVSSSeverityPublished
CVE-2026-25554 OpenSIPS 3.1 <= 3.6.4 auth_jwt SQL Injection Enables JWT Authentication Bypass — OpenSIPSCWE-89 6.5 Medium2026-02-25
CVE-2023-28099 OpenSIPS has vulnerability in the ds_is_in_list() function — opensipsCWE-20 5.9 Medium2023-03-15
CVE-2023-28098 OpenSIPS has vulnerability in the Digest Authentication Parser — opensipsCWE-20 5.9 Medium2023-03-15
CVE-2023-28097 OpenSIPS has vulnerability in the Content-Length Parser — opensipsCWE-190 7.5 High2023-03-15
CVE-2023-28096 OpenSIPS has memory leak in cJSON lib — opensipsCWE-401 4.5 Medium2023-03-15
CVE-2023-28095 OpenSIPS has vulnerability in the building the local negative replies — opensipsCWE-20 7.5 High2023-03-15
CVE-2023-27601 OpenSIPS has vulnerability in the codec_delete_XX() functions — opensipsCWE-20 7.5 High2023-03-15
CVE-2023-27600 OpenSIPS has vulnerability in the codec_delete_XX() functions — opensipsCWE-20 7.5 High2023-03-15
CVE-2023-27599 OpenSIPS has vulnerability in the parse_to_param() function — opensipsCWE-20 7.5 High2023-03-15
CVE-2023-27598 OpenSIPS has vulnerability in the parse_via() function — opensipsCWE-908 7.5 High2023-03-15
CVE-2023-27597 OpenSIPS has vulnerability in the parse_uri() function — opensipsCWE-20 7.5 High2023-03-15
CVE-2023-27596 OpenSIPS has vulnerability in the codec_delete_XX() functions — opensipsCWE-770 7.5 High2023-03-15

This page lists every published CVE security advisory associated with OpenSIPS. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.