openssl | Snyk

Direct Vulnerabilities

Known vulnerabilities in the openssl package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L CVE-2026-45445	<3.5.7-r0
L CVE-2026-42766	<3.5.7-r0
L CVE-2026-42767	<3.5.7-r0
L CVE-2026-42768	<3.5.7-r0
L CVE-2026-42770	<3.5.7-r0
L CVE-2026-34182	<3.5.7-r0
L CVE-2026-34180	<3.5.7-r0
L CVE-2026-34183	<3.5.7-r0
L CVE-2026-34181	<3.5.7-r0
L CVE-2026-45446	<3.5.7-r0
L CVE-2026-9076	<3.5.7-r0
L CVE-2026-7383	<3.5.7-r0
L CVE-2026-42764	<3.5.7-r0
L CVE-2026-42769	<3.5.7-r0
L CVE-2026-45447	<3.5.7-r0
L CVE-2024-9143	<3.3.2-r3
H Access of Resource Using Incompatible Type ('Type Confusion')	<3.3.2-r0
H CVE-2026-28387	<3.5.6-r0
L CVE-2026-2673	<3.5.6-r0
H NULL Pointer Dereference	<3.0.8-r0
H NULL Pointer Dereference	<3.0.8-r0
M Out-of-bounds Write	<3.1.4-r3
H Improper Locking	<3.0.7-r2
H Buffer Overflow	<3.0.7-r0
M Improper Check for Unusual or Exceptional Conditions	<3.1.4-r1
L CVE-2026-31790	<3.5.6-r0
L CVE-2025-68160	<3.5.5-r0
L CVE-2025-9231	<3.5.4-r0
L CVE-2024-2511	<3.2.1-r2
M Improper Certificate Validation	<3.1.0-r2
H CVE-2026-28389	<3.5.6-r0
L CVE-2024-4603	<3.3.0-r2
M Information Exposure	<3.0.8-r0
C CVE-2026-31789	<3.5.6-r0
L CVE-2025-11187	<3.5.5-r0
L CVE-2025-9230	<3.5.4-r0
M Out-of-bounds Read	<3.0.8-r0
L CVE-2025-15467	<3.5.5-r0
L CVE-2026-22795	<3.5.5-r0
L CVE-2025-9232	<3.5.4-r0
H Use After Free	<3.0.8-r0
H NULL Pointer Dereference	<3.0.8-r0
H Buffer Overflow	<3.0.7-r0
H CVE-2026-28390	<3.5.6-r0
L CVE-2025-4575	<3.5.1-r0
H Improper Certificate Validation	<3.1.0-r1
H NULL Pointer Dereference	<3.0.6-r0
M CVE-2024-0727	<3.1.4-r5
M Excessive Iteration	<3.1.2-r0
L CVE-2025-69419	<3.5.5-r0
H CVE-2026-28388	<3.5.6-r0
H Improper Certificate Validation	<1.1.1k-r0
M Out-of-bounds Read	<3.1.0-r4
L CVE-2024-13176	<3.3.2-r5
L CVE-2023-6237	<3.1.4-r4
M Use of Insufficiently Random Values	<1.1.1d-r1
M Allocation of Resources Without Limits or Throttling	<3.1.1-r0
L CVE-2024-12797	<3.3.3-r0
H CVE-2023-5363	<3.1.4-r0
L CVE-2025-15469	<3.5.5-r0
M CVE-2019-1547	<1.1.1d-r1
M NULL Pointer Dereference	<1.1.1k-r0
M Improper Certificate Validation	<3.0.3-r0
L Use of a Broken or Risky Cryptographic Algorithm	<1.1.1d-r1
M Inefficient Regular Expression Complexity	<3.1.1-r3
M Use of a Broken or Risky Cryptographic Algorithm	<3.0.3-r0
H Use of a Broken or Risky Cryptographic Algorithm	<1.1.1b-r1
M Improper Authentication	<3.1.1-r2
L CVE-2025-69418	<3.5.5-r0
L CVE-2025-15468	<3.5.5-r0
M Use of a Broken or Risky Cryptographic Algorithm	<1.1.1a-r0
H Loop with Unreachable Exit Condition ('Infinite Loop')	<3.0.1-r0
H Loop with Unreachable Exit Condition ('Infinite Loop')	<3.0.2-r0
M Use of a Broken or Risky Cryptographic Algorithm	<3.0.5-r0
H NULL Pointer Dereference	<1.1.1g-r0
M Use of a Broken or Risky Cryptographic Algorithm	<1.1.1a-r0
H Incomplete Cleanup	<3.0.3-r0
M Information Exposure	<1.1.1d-r3
L CVE-2025-66199	<3.5.5-r0
L CVE-2026-22796	<3.5.5-r0
L CVE-2024-5535	<3.3.1-r1
L CVE-2024-4741	<3.3.0-r3
L CVE-2025-69420	<3.5.5-r0
H CVE-2025-69421	<3.5.5-r0
H Integer Overflow or Wraparound	<1.1.1j-r0
M Integer Overflow or Wraparound	<1.1.1j-r0
H Access of Resource Using Incompatible Type ('Type Confusion')	<3.0.8-r0
H Double Free	<3.0.8-r0
L Inadequate Encryption Strength	<1.1.1j-r0
M NULL Pointer Dereference	<1.1.1i-r0
C Buffer Overflow	<1.1.1l-r0
H Out-of-bounds Read	<1.1.1l-r0

Vulnerability

Vulnerable Version

CVE-2026-45445

<3.5.7-r0