Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Openssh Number Of NVD 113 CRITICAL 5 HIGH 44 MEDIUM 53 LOW 11
URL https://www.openssh.com/
Explanation It is an SSH implementation developed by the OpenBSD project and used on many Unix and Linux systems.
It can also be used on Windows, as the OpenSSH client can be easily installed.
Tag
  • BSD License
  • オープンソース
Add Information URL
No Type Name URL
1 https://anongit.mindrot.org/openssh
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
1 OpenSSH 9 9.9p2 Feb. 18, 2025 April 8, 2022 2 2 5 0
2 OpenSSH 8 8.9 Feb. 23, 2022 April 17, 2019 2 7 6 1
3 OpenSSH 7 OpenSSH 7.9 Oct. 19, 2018 Aug. 11, 2015 2 12 17 1
4 OpenSSH 6 OpenSSH 6.9 July 1, 2015 April 22, 2012 2 14 23 2
5 OpenSSH 5 OpenSSH 5.9 Sept. 6, 2011 April 3, 2008 2 12 22 6
6 OpenSSH 4 OpenSSH 4.9 March 31, 2008 March 9, 2005 2 18 30 9
7 OpenSSH 3 OpenSSH 3.9 Aug. 18, 2004 Nov. 6, 2001 4 28 30 7
8 OpenSSH 8.4 8.4 1 3 5 1
9 OpenSSH 8.3 8.3 1 4 5 1
10 OpenSSH 8.2 8.2 1 5 5 1
11 OpenSSH 8.1 8.1 1 3 5 1
12 OpenSSH 8.0 8.0 1 4 5 1
13 OpenSSH 7.9 7.9 1 4 9 1
14 OpenSSH 7.8 7.8 1 4 10 1
15 OpenSSH 7.7 7.7 1 4 11 1
16 OpenSSH 7.6 7.6 1 3 11 1
17 OpenSSH 7.5 7.5 1 3 12 1
18 OpenSSH 7.4 7.4 1 3 12 1
19 OpenSSH 7.3 7.3 1 8 13 1
20 OpenSSH 7.2 7.2p2 March 10, 2016 1 10 15 1
21 OpenSSH 7.1 7.1p2 Jan. 14, 2016 2 11 17 1
22 OpenSSH 7.0 7.0 2 11 17 1
23 OpenSSH 6.9 6.9 2 13 18 2
24 OpenSSH 6.8 6.8 2 13 19 2
25 OpenSSH 6.7 6.7 2 11 17 2
26 OpenSSH 6.6 6.6 2 11 18 2
27 OpenSSH 6.5 6.5 2 11 19 2
28 OpenSSH 6.4 6.4 2 12 19 2
29 OpenSSH 6.3 6.3 2 12 20 2
30 OpenSSH 6.2 6.2p2 May 16, 2013 2 12 20 2
31 OpenSSH 6.1 6.1 2 11 20 2
32 OpenSSH 6.0 6.0 2 11 20 2
33 OpenSSH 5.9 5.9 2 11 20 2
34 OpenSSH 5.8p2 5.8p2 2 10 19 2
35 OpenSSH 5.8 5.8p2 May 3, 2011 2 11 20 4
36 OpenSSH 5.7 5.7 2 11 21 4
37 OpenSSH 5.6 5.6 2 12 20 5
38 OpenSSH 5.5 5.5 2 12 19 5
39 OpenSSH 5.4 5.4 2 12 19 5
40 OpenSSH 5.3 5.3 2 11 19 5
41 OpenSSH 5.2 5.2 2 11 19 5
42 OpenSSH 5.1 5.1 2 11 19 5
43 OpenSSH 5.0 5.0 2 11 19 6
44 OpenSSH 4.9 4.9 2 11 19 6
45 OpenSSH 4.8 4.8 2 11 21 6
46 OpenSSH 4.7p1 4.7p1 2 11 18 7
47 OpenSSH 4.7 4.7 2 11 20 7
48 OpenSSH 4.6 4.6 2 12 21 6
49 OpenSSH 4.5 4.5 2 14 22 7
50 OpenSSH 4.4p1 4.4p1 2 12 21 6
51 OpenSSH 4.4 4.4 2 15 21 6
52 OpenSSH 4.3p2 4.3p2 2 12 22 6
53 OpenSSH 4.3p1 4.3p1 2 13 21 6
54 OpenSSH 4.3 4.3p2 Feb. 11, 2006 2 16 24 6
55 OpenSSH 4.2p1 4.2p1 2 13 22 6
56 OpenSSH 4.2 4.2 2 16 22 6
57 OpenSSH 4.1p1 4.1p1 2 13 23 6
58 OpenSSH 4.1 4.1 2 16 23 7
59 OpenSSH 4.0p1 4.0p1 2 13 23 6
60 OpenSSH 4.0 4.0 2 16 25 6
61 OpenSSH 3.9 3.9.1p1 2 16 24 7
62 OpenSSH 3.8 3.8.1p1 2 16 25 7
63 OpenSSH 3.7 3.7.1p2 2 21 25 7
64 OpenSSH 3.6 3.6.1p2 2 21 26 7
65 OpenSSH 3.5p1 3.5p1 2 17 24 7
66 OpenSSH 3.5 3.5 2 20 26 7
67 OpenSSH 3.4p1 3.4p1 2 17 24 7
68 OpenSSH 3.4 3.4 2 20 26 7
69 OpenSSH 3.3p1 3.3p1 2 18 24 7
70 OpenSSH 3.3 3.3 3 21 26 7
71 OpenSSH 3.2 3.2.3p1 3 23 26 7
72 OpenSSH 3.1p1 3.1p1 2 18 24 7
73 OpenSSH 3.1 3.1 3 22 26 7
74 OpenSSH 3.0p1 3.0p1 2 19 24 7
75 OpenSSH 3.0 3.0.2p1 4 24 27 7
76 OpenSSH 2.9p2 2.9p2 4 23 23 6
77 OpenSSH 2.9p1 2.9p1 4 23 23 6
78 OpenSSH 2.9 2.9p2 June 17, 2001 3 27 24 6
79 OpenSSH 2.5 2.5.2p2 March 22, 2001 3 27 24 6
80 OpenSSH 2.3 2.3.0p1 Nov. 6, 2000 3 27 25 6
81 OpenSSH 2.2 2.2.0p1 Sept. 1, 2000 3 29 24 6
82 OpenSSH 2.1 2.1.1p4 July 16, 2000 3 29 25 6
83 OpenSSH 2 OpenSSH 2.9.9 Sept. 25, 2001 4 30 26 6
84 OpenSSH 1.5 1.5.8 2 23 22 6
85 OpenSSH 1.3 1.3 2 23 22 6
86 OpenSSH 1.2 1.2.3p1 March 24, 2000 2 27 28 7
87 OpenSSH 1 OpenSSH 1.2.3p1 March 24, 2000 2 27 28 7
88 OpenSSH - - 2 22 24 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
1 8.1
- 		HIGH
Network 		OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma char… CWE-670
 Always-Incorrect Control Flow Implementation 		CVE-2026-35414 cpe:2.3:a:openbsd:openssh:*:* 10.3 2026-04-11 04:36
2026-04-3 		Show GitHub Exploit DB Packet Storm
2 6.8
- 		MEDIUM
Network 		A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occur… - CVE-2025-26465 cpe:2.3:a:openbsd:openssh:9.9:p1
cpe:2.3:a:openbsd:openssh:9.9:-
cpe:2.3:a:openbsd:openssh:6.8:p1
cpe:2.3:a:op… 		6.9 9.8 2025-03-6 03:54
2025-02-19 		Show GitHub Exploit DB Packet Storm
3 8.1
- 		HIGH
Network 		A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote a… CWE-362
Race Condition 		CVE-2024-6387 cpe:2.3:a:openbsd:openssh:8.5:p1
cpe:2.3:a:openbsd:openssh:4.4:-
cpe:2.3:a:openbsd:openssh:*:* 		8.6

9.8
4.4 		2024-11-21 18:49
2024-07-1 		Show GitHub Exploit DB Packet Storm
4 6.5
- 		MEDIUM
Network 		In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For examp… CWE-78
OS Command  		CVE-2023-51385 cpe:2.3:a:openbsd:openssh:*:* 9.6 2024-11-21 17:37
2023-12-19 		Show GitHub Exploit DB Packet Storm
5 5.5
- 		MEDIUM
Local 		In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these const… NVD-CWE-noinfo
CVE-2023-51384 cpe:2.3:a:openbsd:openssh:*:* 8.9 9.6 2024-11-21 17:37
2023-12-19 		Show GitHub Exploit DB Packet Storm
6 5.9
- 		MEDIUM
Network 		The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from… CWE-354
 Improper Validation of Integrity Check Value 		CVE-2023-48795 cpe:2.3:a:openbsd:openssh:*:* 9.6 2024-11-21 17:32
2023-12-19 		Show GitHub Exploit DB Packet Storm
7 9.8
- 		CRITICAL
Network 		The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Co… CWE-428
 Unquoted Search Path or Element 		CVE-2023-38408 cpe:2.3:a:openbsd:openssh:9.3:p1
cpe:2.3:a:openbsd:openssh:9.3:-
cpe:2.3:a:openbsd:openssh:*:* 		9.3 2024-11-21 17:13
2023-07-20 		Show GitHub Exploit DB Packet Storm
8 9.8
- 		CRITICAL
Network 		ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9. NVD-CWE-noinfo
CVE-2023-28531 cpe:2.3:a:openbsd:openssh:*:* 8.9 9.3 2024-11-21 16:55
2023-03-17 		Show GitHub Exploit DB Packet Storm
9 6.5
- 		MEDIUM
Network 		OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote a… CWE-415
 Double Free 		CVE-2023-25136 cpe:2.3:a:openbsd:openssh:9.1:* 2024-11-21 16:49
2023-02-3 		Show GitHub Exploit DB Packet Storm
10 3.7
2.6 		LOW
Network 		An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to… CWE-287
Improper Authentication 		CVE-2021-36368 cpe:2.3:a:openbsd:openssh:*:* 8.9 2024-11-21 15:13
2022-03-13 		Show GitHub Exploit DB Packet Storm