Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
openssl Number Of NVD 271 CRITICAL 16 HIGH 87 MEDIUM 152 LOW 16
URL https://www.openssl.org/
Explanation OpenSSLはSSLプロトコル・TLSプロトコルの、オープンソースで開発・提供されるソフトウェアです。

Version3からはApache2.0 Licenseでそれ以前のバージョンは「OpenSSL License」と「SSLeay license」 のダブルライセンスです。
サポート切れになった特定バージョン(1.0.2)は費用がかかりますが、Securityアップデートを受けるプランがあります。

LinuxなどUnix系OSでは標準でインストールされており、OSのアップデートなどで自動的に新しいバージョンに更新される事が殆どです。
古いバージョンのOSではサポートが終了したOpenSSLしか使用できないなど、セキュリティの問題が発生する場合があります。
Tag
  • Original SSLeay License
  • オープンソース
  • 商用ライセンス有り
  • Apache License v2.0
  • OpenSSL License

Add Information URL
No Type Name URL
1 リリースに関する説明とサポート終了バージョンについて https://www.openssl.org/policies/releasestrat.html
2 opensslのGit https://github.com/openssl/openssl
3 脆弱性情報のページ https://www.openssl.org/news/vulnerabilities.html
4 サポート契約 https://www.openssl.org/support/contracts.html

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
21 openssl 1.1.1(LTS) 1.1.1w Sept. 11, 2023 Sept. 11, 2018 Sept. 11, 2023 3 20 25 2
22 openssl 1.1.0 1.1.0j Nov. 20, 2018 Aug. 26, 2016 Aug. 31, 2018 1 12 14 2
23 openssl 1.0.2(LTS) 1.0.2u Dec. 20, 2019 Jan. 23, 2015 Dec. 31, 2019 9 35 64 10
24 openssl 1.0.1 1.0.1t May 3, 2016 March 14, 2012 Dec. 31, 2016 7 25 58 5
25 openssl 1.0.0 1.0.0t Dec. 3, 2015 March 29, 2010 Dec. 31, 2015 1 14 57 5
26 openssl 0.9.8 0.9.8zh Dec. 4, 2015 July 6, 2005 Dec. 31, 2015 1 5 9 3
27 openssl a.00(LTS) a.00.09.07l 0 0 0 0
28 openssl 3 3.6.3 June 9, 2026 4 26 19 1
29 openssl 1.0(LTS) 1.0.2zf 7 29 80 7
30 openssl 0.9(LTS) 0.9.8zh 2 30 76 7
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
21 7.5
-
HIGH
Network
Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-contr… CWE-476
 NULL Pointer Dereference
CVE-2026-28390 cpe:2.3:a:openssl:openssl:*:* 1.0.2
1.1.1
3.0.0
3.3.0
3.4.0
3.5.0
3.6.0












1.0.2zp
1.1.1zg
3.0.20
3.3.7
3.4.5
3.5.6
3.6.2
2026-04-24 00:39
2026-04-8
Show GitHub Exploit DB Packet Storm
22 7.5
-
HIGH
Network
Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlle… CWE-476
 NULL Pointer Dereference
CVE-2026-28389 cpe:2.3:a:openssl:openssl:*:* 1.0.2
1.1.1
3.0.0
3.3.0
3.4.0
3.5.0
3.6.0












1.0.2zp
1.1.1zg
3.0.20
3.3.7
3.4.5
3.5.6
3.6.2
2026-04-24 00:40
2026-04-8
Show GitHub Exploit DB Packet Storm
23 7.5
-
HIGH
Network
Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A … CWE-476
 NULL Pointer Dereference
CVE-2026-28388 cpe:2.3:a:openssl:openssl:*:* 1.0.2
1.1.1
3.0.0
3.3.0
3.4.0
3.5.0
3.6.0












1.0.2zp
1.1.1zg
3.0.20
3.3.7
3.4.5
3.5.6
3.6.2
2026-04-24 00:40
2026-04-8
Show GitHub Exploit DB Packet Storm
24 8.1
-
HIGH
Network
Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-… CWE-416
 Use After Free
CVE-2026-28387 cpe:2.3:a:openssl:openssl:*:* 1.1.1
3.0.0
3.3.0
3.4.0
3.5.0
3.6.0










1.1.1zg
3.0.20
3.3.7
3.4.5
3.5.6
3.6.2
2026-04-24 00:39
2026-04-8
Show GitHub Exploit DB Packet Storm
25 9.1
-
CRITICAL
Network
Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher block… CWE-125
Out-of-bounds Read
CVE-2026-28386 cpe:2.3:a:openssl:openssl:*:* 3.6.0 3.6.2 2026-04-25 03:28
2026-04-8
Show GitHub Exploit DB Packet Storm
26 5.5
-
MEDIUM
Local
Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 forma… NVD-CWE-noinfo
CVE-2024-0727 cpe:2.3:a:openssl:openssl:3.2.0:-
cpe:2.3:a:openssl:openssl:*:*
1.0.2
1.1.1
3.0.0
3.1.0






1.0.2zj
1.1.1x
3.0.13
3.1.5
2024-11-21 17:47
2024-01-26
Show GitHub Exploit DB Packet Storm
27 6.5
-
MEDIUM
Network
Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU pro… CWE-787
 Out-of-bounds Write
CVE-2023-6129 cpe:2.3:a:openssl:openssl:3.2.0:*
cpe:2.3:a:openssl:openssl:*:*
3.1.0
3.0.0
3.1.4
3.0.12


2024-11-21 17:43
2024-01-10
Show GitHub Exploit DB Packet Storm
28 5.3
-
MEDIUM
Network
Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_ke… CWE-754
 Improper Check for Unusual or Exceptional Conditions
CVE-2023-5678 cpe:2.3:a:openssl:openssl:*:* 1.0.2
1.1.1
3.0.0
3.1.0






1.0.2zj
1.1.1x
3.0.13
3.1.5
2024-11-21 17:42
2023-11-7
Show GitHub Exploit DB Packet Storm
29 7.5
-
HIGH
Network
Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetri… NVD-CWE-noinfo
CVE-2023-5363 cpe:2.3:a:openssl:openssl:*:* 3.0.0
3.1.0


3.0.12
3.1.4
2024-11-21 17:41
2023-10-26
Show GitHub Exploit DB Packet Storm
30 7.8
-
HIGH
Local
Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_… NVD-CWE-noinfo
CVE-2023-4807 cpe:2.3:a:openssl:openssl:*:* 3.1.0
3.0.0
1.1.1




3.1.3
3.0.11
1.1.1w
2024-11-21 17:36
2023-09-8
Show GitHub Exploit DB Packet Storm