Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
openssl Number Of NVD 271 CRITICAL 16 HIGH 87 MEDIUM 152 LOW 16
URL https://www.openssl.org/
Explanation OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。

Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」 のダブルライセンスです。
サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。

LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。
古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag
  • Original SSLeay License
  • オープンソース
  • 商用ライセンス有り
  • Apache License v2.0
  • OpenSSL License

Add Information URL
No Type Name URL
1 リリースに関する説明とサポート終了バージョンについて https://www.openssl.org/policies/releasestrat.html
2 opensslのGit https://github.com/openssl/openssl
3 脆弱性情報のページ https://www.openssl.org/news/vulnerabilities.html
4 サポート契約 https://www.openssl.org/support/contracts.html

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
1 openssl 1.1.1(LTS) 1.1.1w Sept. 11, 2023 Sept. 11, 2018 Sept. 11, 2023 3 20 25 2
2 openssl 1.1.0 1.1.0j Nov. 20, 2018 Aug. 26, 2016 Aug. 31, 2018 1 12 14 2
3 openssl 1.0.2(LTS) 1.0.2u Dec. 20, 2019 Jan. 23, 2015 Dec. 31, 2019 9 35 64 10
4 openssl 1.0.1 1.0.1t May 3, 2016 March 14, 2012 Dec. 31, 2016 7 25 58 5
5 openssl 1.0.0 1.0.0t Dec. 3, 2015 March 29, 2010 Dec. 31, 2015 1 14 57 5
6 openssl 0.9.8 0.9.8zh Dec. 4, 2015 July 6, 2005 Dec. 31, 2015 1 5 9 3
7 openssl a.00(LTS) a.00.09.07l 0 0 0 0
8 openssl 3 3.6.3 June 9, 2026 4 26 19 1
9 openssl 1.0(LTS) 1.0.2zf 7 29 80 7
10 openssl 0.9(LTS) 0.9.8zh 2 30 76 7
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
1 7.5
-
HIGH
Network
Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap) processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in… CWE-125
Out-of-bounds Read
CVE-2026-9076 cpe:2.3:a:openssl:openssl:4.0.0:-
cpe:2.3:a:openssl:openssl:*:*
1.0.2
1.1.1
3.0.0
3.4.0
3.5.0
3.6.0










1.0.2zq
1.1.1zh
3.0.21
3.4.6
3.5.7
3.6.3
2026-06-16 11:45
2026-06-10
Show GitHub Exploit DB Packet Storm
2 8.1
-
HIGH
Network
Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap buffer overflow. Impact summary: A heap buffer overflow may… CWE-787
 Out-of-bounds Write
CVE-2026-7383 cpe:2.3:a:openssl:openssl:4.0.0:-
cpe:2.3:a:openssl:openssl:*:*
1.0.2
1.1.1
3.0.0
3.4.0
3.5.0
3.6.0










1.0.2zq
1.1.1zh
3.0.21
3.4.6
3.5.7
3.6.3
2026-06-16 11:46
2026-06-10
Show GitHub Exploit DB Packet Storm
3 8.8
-
HIGH
Network
Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification. Impact summary: A use-after-free may result in process crashes… CWE-416
 Use After Free
CVE-2026-45447 cpe:2.3:a:openssl:openssl:4.0.0:-
cpe:2.3:a:openssl:openssl:*:*
1.0.2
1.1.1
3.0.0
3.4.0
3.5.0
3.6.0










1.0.2zq
1.1.1zh
3.0.21
3.4.6
3.5.7
3.6.3
2026-06-16 11:56
2026-06-10
Show GitHub Exploit DB Packet Storm
4 4.8
-
MEDIUM
Network
Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) mishandle the authentication of AAD (Additional Authenticated Data) with an empty ciphertext allowing a forgery of … CWE-325
 Missing Required Cryptographic Step
CVE-2026-45446 cpe:2.3:a:openssl:openssl:4.0.0:-
cpe:2.3:a:openssl:openssl:*:*
3.0.0
3.4.0
3.5.0
3.6.0






3.0.21
3.4.6
3.5.7
3.6.3
2026-06-16 11:57
2026-06-10
Show GitHub Exploit DB Packet Storm
5 7.5
-
HIGH
Network
Issue summary: When an application drives an AES-OCB context through the public EVP_Cipher() one-shot interface, the application-supplied initialisation vector (IV) is silently discarded. Impact sum… CWE-325
 Missing Required Cryptographic Step
CVE-2026-45445 cpe:2.3:a:openssl:openssl:4.0.0:-
cpe:2.3:a:openssl:openssl:*:*
3.0.0
3.4.0
3.5.0
3.6.0






3.0.21
3.4.6
3.5.7
3.6.3
2026-06-16 11:57
2026-06-10
Show GitHub Exploit DB Packet Storm
6 6.2
-
MEDIUM
Local
Issue summary: When the X509_VERIFY_PARAM_set1_email is called by an application to validate a crafted e-mail address, such as during S/MIME message validation, an out of bounds read can happen. Imp… CWE-125
Out-of-bounds Read
CVE-2026-42771 cpe:2.3:a:openssl:openssl:4.0.0:- 2026-06-16 11:57
2026-06-10
Show GitHub Exploit DB Packet Storm
7 3.7
-
LOW
Network
Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which present… CWE-325
 Missing Required Cryptographic Step
CVE-2026-42770 cpe:2.3:a:openssl:openssl:4.0.0:-
cpe:2.3:a:openssl:openssl:*:*
3.0.0
3.4.0
3.5.0
3.6.0






3.0.21
3.4.6
3.5.7
3.6.3
2026-06-16 11:58
2026-06-10
Show GitHub Exploit DB Packet Storm
8 5.3
-
MEDIUM
Network
Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol (CMP) message response rendered the certificate validation inef… CWE-295
Improper Certificate Validation 
CVE-2026-42769 cpe:2.3:a:openssl:openssl:4.0.0:-
cpe:2.3:a:openssl:openssl:*:*
3.4.0
3.5.0
3.6.0




3.4.6
3.5.7
3.6.3
2026-06-16 03:26
2026-06-10
Show GitHub Exploit DB Packet Storm
9 3.7
-
LOW
Network
Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME messages and observe the error code and/… CWE-514
 Covert Channel
CVE-2026-42768 cpe:2.3:a:openssl:openssl:4.0.0:-
cpe:2.3:a:openssl:openssl:*:*
3.4.0
3.5.0
3.6.0




3.4.6
3.5.7
3.6.3
2026-06-16 11:58
2026-06-10
Show GitHub Exploit DB Packet Storm
10 5.9
-
MEDIUM
Network
Issue summary: An attacker-controlled CMP (Certificate Management Protocol) server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference ca… CWE-476
 NULL Pointer Dereference
CVE-2026-42767 cpe:2.3:a:openssl:openssl:4.0.0:-
cpe:2.3:a:openssl:openssl:*:*
3.0.0
3.4.0
3.5.0
3.6.0






3.0.21
3.4.6
3.5.7
3.6.3
2026-06-16 11:58
2026-06-10
Show GitHub Exploit DB Packet Storm