346 CVEs

1 in CISA KEV

openbsd Vulnerabilities

CVE security advisories and vulnerability history for openbsd.

346

Total CVEs

Published

1

In CISA KEV

Exploited in the wild

90

Public exploits

With known exploit

6.5

Avg CVSS

1999–2026

Overview

openbsd has 346 published CVE records since 1999, of which 1 are in CISA's Known Exploited Vulnerabilities catalog and 90 have a known public exploit. The average CVSS base score across scored CVEs is 6.5.

This page aggregates every publicly disclosed vulnerability (CVE) affecting openbsd products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of openbsd's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical8

High26

Medium29

Low9

274 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

1

One of openbsd's CVEs is confirmed exploited in the wild.

Public exploits

90

90 of openbsd's CVEs have a known public exploit available.

Most affected products

The openbsd products with the most published CVEs.

openbsd206 CVEs
openssh125 CVEs
freebsd67 CVEs
netbsd50 CVEs
openssh-portable28 CVEs
debian linux23 CVEs
linux22 CVEs
mac os x18 CVEs

Common weakness types

The CWE weakness categories most often found in openbsd CVEs. Follow any weakness for its full explanation.

CNAs that assign these CVEs

The CVE Numbering Authorities that publish openbsd CVE records.

Disclosure activity by year

How many openbsd CVEs were published each year.

2019

15

2020

10

2021

8

2022

3

2023

14

2024

13

2025

6

2026

6

Latest openbsd CVEs

The most recently disclosed vulnerabilities affecting openbsd.

Medium vulnerability · 2026-04-20
CWE-1284
Medium · CVSS 4.3
EPSS 0.0%2026-04-20
Medium vulnerability · 2026-04-02
CWE-670
Medium · CVSS 4.2
EPSS 0.0%2026-04-02
Low vulnerability · 2026-04-02
CWE-420
Low · CVSS 2.5
EPSS 0.0%2026-04-02
Low vulnerability · 2026-04-02
CWE-670
Low · CVSS 3.1
EPSS 0.1%2026-04-02
Low vulnerability · 2026-04-02
CWE-696
Low · CVSS 3.6
EPSS 0.0%2026-04-02
High vulnerability · 2026-04-02
CWE-281
High · CVSS 7.5
EPSS 0.1%2026-04-02
Low vulnerability · 2025-10-06
CWE-159
Low · CVSS 3.6
EPSS 0.0%2025-10-06
Low vulnerability · 2025-10-06
CWE-158
Low · CVSS 3.6
EPSS 0.1%2025-10-06
Medium vulnerability · 2025-04-10
CWE-440
Medium · CVSS 4.3
EPSS 0.2%2025-04-10
OpenBSD wg(4) kernel crash
CWE-131
High · CVSS 7.1
EPSS 0.2%2025-03-20
Openssh: denial-of-service in openssh
CWE-770
Medium · CVSS 5.9
EPSS 62.4%2025-02-28
Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled
CWE-390
Medium · CVSS 6.5
EPSS 64.5%2025-02-18

Track new openbsd CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor openbsd CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

rockwellautomation353 CVEs Synology347 CVEs Liferay341 CVEs sourceware339 CVEs zyxel334 CVEs asus334 CVEs HCL Software332 CVEs cybozu330 CVEs

Browse all vendors

Frequently asked questions

Common questions about openbsd vulnerabilities.

How many CVEs does openbsd have?

openbsd has 346 published CVE records since 1999, including 12 in the last two years.

How many openbsd CVEs are in CISA KEV?

Yes — 1 of openbsd's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.

Which openbsd products have the most CVEs?

The openbsd products with the most published CVEs are openbsd, openssh, freebsd, netbsd, openssh-portable.

What are the most common weakness types in openbsd CVEs?

openbsd's CVEs most often map to these CWE weakness types: CWE-476 (NULL Pointer Dereference), CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-400 (Uncontrolled Resource Consumption), CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor).

Are there public exploits for openbsd vulnerabilities?

Yes — 90 of openbsd's CVEs have a known public exploit.

How many critical openbsd vulnerabilities are there?

openbsd has 8 critical and 26 high-severity CVEs.

What is the average severity of openbsd CVEs?

The average CVSS base score across openbsd's scored CVEs is 6.5.

References

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track openbsd vulnerabilities

Monitor new openbsd vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing