Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Openssh Number Of NVD 124 CRITICAL 6 HIGH 46 MEDIUM 60 LOW 12
URL https://www.openssh.com/
Explanation It is an SSH implementation developed by the OpenBSD project and used on many Unix and Linux systems.
It can also be used on Windows, as the OpenSSH client can be easily installed.
Tag
  • BSD License
  • オープンソース

Add Information URL
No Type Name URL
1 https://anongit.mindrot.org/openssh

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
1 OpenSSH 9 9.9p2 Feb. 18, 2025 April 8, 2022 3 4 10 0
2 OpenSSH 8 8.9 Feb. 23, 2022 April 17, 2019 3 9 11 1
3 OpenSSH 7 OpenSSH 7.9 Oct. 19, 2018 Aug. 11, 2015 3 14 22 1
4 OpenSSH 6 OpenSSH 6.9 July 1, 2015 April 22, 2012 3 16 28 2
5 OpenSSH 5 OpenSSH 5.9 Sept. 6, 2011 April 3, 2008 3 14 27 6
6 OpenSSH 4 OpenSSH 4.9 March 31, 2008 March 9, 2005 3 20 35 9
7 OpenSSH 3 OpenSSH 3.9 Aug. 18, 2004 Nov. 6, 2001 5 30 35 7
8 OpenSSH 8.4 8.4 2 5 10 1
9 OpenSSH 8.3 8.3 2 6 10 1
10 OpenSSH 8.2 8.2 2 7 10 1
11 OpenSSH 8.1 8.1 2 5 10 1
12 OpenSSH 8.0 8.0 2 6 10 1
13 OpenSSH 7.9 7.9 2 6 14 1
14 OpenSSH 7.8 7.8 2 6 15 1
15 OpenSSH 7.7 7.7 2 6 16 1
16 OpenSSH 7.6 7.6 2 5 16 1
17 OpenSSH 7.5 7.5 2 5 17 1
18 OpenSSH 7.4 7.4 2 5 17 1
19 OpenSSH 7.3 7.3 2 10 18 1
20 OpenSSH 7.2 7.2p2 March 10, 2016 2 12 20 1
21 OpenSSH 7.1 7.1p2 Jan. 14, 2016 3 13 22 1
22 OpenSSH 7.0 7.0 3 13 22 1
23 OpenSSH 6.9 6.9 3 15 23 2
24 OpenSSH 6.8 6.8 3 15 24 2
25 OpenSSH 6.7 6.7 3 13 22 2
26 OpenSSH 6.6 6.6 3 13 23 2
27 OpenSSH 6.5 6.5 3 13 24 2
28 OpenSSH 6.4 6.4 3 14 24 2
29 OpenSSH 6.3 6.3 3 14 25 2
30 OpenSSH 6.2 6.2p2 May 16, 2013 3 14 25 2
31 OpenSSH 6.1 6.1 3 13 25 2
32 OpenSSH 6.0 6.0 3 13 25 2
33 OpenSSH 5.9 5.9 3 13 25 2
34 OpenSSH 5.8p2 5.8p2 3 12 24 2
35 OpenSSH 5.8 5.8p2 May 3, 2011 3 13 25 4
36 OpenSSH 5.7 5.7 3 13 26 4
37 OpenSSH 5.6 5.6 3 14 25 5
38 OpenSSH 5.5 5.5 3 14 24 5
39 OpenSSH 5.4 5.4 3 14 24 5
40 OpenSSH 5.3 5.3 3 13 24 5
41 OpenSSH 5.2 5.2 3 13 24 5
42 OpenSSH 5.1 5.1 3 13 24 5
43 OpenSSH 5.0 5.0 3 13 24 6
44 OpenSSH 4.9 4.9 3 13 24 6
45 OpenSSH 4.8 4.8 3 13 26 6
46 OpenSSH 4.7p1 4.7p1 3 13 23 7
47 OpenSSH 4.7 4.7 3 13 25 7
48 OpenSSH 4.6 4.6 3 14 26 6
49 OpenSSH 4.5 4.5 3 16 27 7
50 OpenSSH 4.4p1 4.4p1 3 14 26 6
51 OpenSSH 4.4 4.4 3 17 26 6
52 OpenSSH 4.3p2 4.3p2 3 14 27 6
53 OpenSSH 4.3p1 4.3p1 3 15 26 6
54 OpenSSH 4.3 4.3p2 Feb. 11, 2006 3 18 29 6
55 OpenSSH 4.2p1 4.2p1 3 15 27 6
56 OpenSSH 4.2 4.2 3 18 27 6
57 OpenSSH 4.1p1 4.1p1 3 15 28 6
58 OpenSSH 4.1 4.1 3 18 28 7
59 OpenSSH 4.0p1 4.0p1 3 15 28 6
60 OpenSSH 4.0 4.0 3 18 30 6
61 OpenSSH 3.9 3.9.1p1 3 18 29 7
62 OpenSSH 3.8 3.8.1p1 3 18 30 7
63 OpenSSH 3.7 3.7.1p2 3 23 30 7
64 OpenSSH 3.6 3.6.1p2 3 23 31 7
65 OpenSSH 3.5p1 3.5p1 3 19 29 7
66 OpenSSH 3.5 3.5 3 22 31 7
67 OpenSSH 3.4p1 3.4p1 3 19 29 7
68 OpenSSH 3.4 3.4 3 22 31 7
69 OpenSSH 3.3p1 3.3p1 3 20 29 7
70 OpenSSH 3.3 3.3 4 23 31 7
71 OpenSSH 3.2 3.2.3p1 4 25 31 7
72 OpenSSH 3.1p1 3.1p1 3 20 29 7
73 OpenSSH 3.1 3.1 4 24 31 7
74 OpenSSH 3.0p1 3.0p1 3 21 29 7
75 OpenSSH 3.0 3.0.2p1 5 26 32 7
76 OpenSSH 2.9p2 2.9p2 5 25 28 6
77 OpenSSH 2.9p1 2.9p1 5 25 28 6
78 OpenSSH 2.9 2.9p2 June 17, 2001 4 29 29 6
79 OpenSSH 2.5 2.5.2p2 March 22, 2001 4 29 29 6
80 OpenSSH 2.3 2.3.0p1 Nov. 6, 2000 4 29 30 6
81 OpenSSH 2.2 2.2.0p1 Sept. 1, 2000 4 31 29 6
82 OpenSSH 2.1 2.1.1p4 July 16, 2000 4 31 30 6
83 OpenSSH 2 OpenSSH 2.9.9 Sept. 25, 2001 5 32 31 6
84 OpenSSH 1.5 1.5.8 3 25 27 6
85 OpenSSH 1.3 1.3 3 25 27 6
86 OpenSSH 1.2 1.2.3p1 March 24, 2000 3 29 33 7
87 OpenSSH 1 OpenSSH 1.2.3p1 March 24, 2000 3 29 33 7
88 OpenSSH - - 3 24 31 7
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
1 9.4
-
CRITICAL
Network
ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. (This outcome occurs only on the client side.) CWE-416
 Use After Free
CVE-2026-60002 cpe:2.3:a:openbsd:openssh:*:* 10.4 2026-07-10 01:36
2026-07-8
Show GitHub Exploit DB Packet Storm
2 6.5
-
MEDIUM
Network
sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay. CWE-770
 Allocation of Resources Without Limits or Throttling
CVE-2026-60001 cpe:2.3:a:openbsd:openssh:*:* 10.4 2026-07-10 01:37
2026-07-8
Show GitHub Exploit DB Packet Storm
3 7.5
-
HIGH
Network
sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service (resource consumption from excessive authentication attempts) because MaxAuthTries was mishandled for GSSAPIAuthentica… CWE-770
 Allocation of Resources Without Limits or Throttling
CVE-2026-60000 cpe:2.3:a:openbsd:openssh:*:* 10.4 2026-07-10 01:51
2026-07-8
Show GitHub Exploit DB Packet Storm
4 7.5
-
HIGH
Network
In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not. CWE-348
 Use of Less Trusted Source
CVE-2026-59999 cpe:2.3:a:openbsd:openssh:*:* 10.4 2026-07-10 01:52
2026-07-8
Show GitHub Exploit DB Packet Storm
5 6.5
-
MEDIUM
Network
sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory. CWE-573
 Improper Following of Specification by Caller
CVE-2026-59998 cpe:2.3:a:openbsd:openssh:*:* 10.4 2026-07-10 01:55
2026-07-8
Show GitHub Exploit DB Packet Storm
6 5.4
-
MEDIUM
Network
internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended secur… CWE-1284
 Improper Validation of Specified Quantity in Input
CVE-2026-59997 cpe:2.3:a:openbsd:openssh:*:* 10.4 2026-07-10 02:11
2026-07-8
Show GitHub Exploit DB Packet Storm
7 5.4
-
MEDIUM
Network
scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations. CWE-23
 Relative Path Traversal
CVE-2026-59996 cpe:2.3:a:openbsd:openssh:*:* 10.4 2026-07-10 02:14
2026-07-8
Show GitHub Exploit DB Packet Storm
8 5.4
-
MEDIUM
Network
sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server. CWE-23
 Relative Path Traversal
CVE-2026-59995 cpe:2.3:a:openbsd:openssh:*:* 10.4 2026-07-10 02:14
2026-07-8
Show GitHub Exploit DB Packet Storm
9 6.1
-
MEDIUM
Local
A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket na… CWE-923
 Improper Restriction of Communication Channel to Intended Endpoints
CVE-2026-55655 cpe:2.3:a:openbsd:openssh:-:* 2026-06-26 03:16
2026-06-23
Show GitHub Exploit DB Packet Storm
10 3.7
-
LOW
Network
A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI (Generic Security Service Application Programming Interface) indicators when a trailing… CWE-125
Out-of-bounds Read
CVE-2026-55654 cpe:2.3:a:openbsd:openssh:-:* 2026-06-26 01:59
2026-06-23
Show GitHub Exploit DB Packet Storm