Skip to content

Security data

Weaknesses (CWE)The MITRE CWE weakness catalog
Attack Patterns (CAPEC)MITRE CAPEC attack patterns
CNAsNumbering authorities + report cards
VendorsVulnerabilities by vendor

Tools

CVSS CalculatorScore CVSS 4.0, 3.1, 3.0 & 2.0

Resources

LearnPlain-English security guides
Data SourcesHow we source CVE data

About Us Blog Pricing Book a Demo

Log in

RadicalNotion.AI

We do not sell or share your personal information

© 2026 RadicalNotion.AI

Security Data

CWE Directory
CAPEC Directory
CNA Directory
CNA Report Cards
Data Sources

Calculators

CVSS Calculator
CVSS 4.0
CVSS 3.1
CVSS 3.0
CVSS 2.0

Platform

My Vulnerabilities
Insights
Notifications
Account
Pricing

Company

About us
Blog
Learn
Book a demo

Get Started

Sign up
Log in

Legal

Privacy
Terms

Home
Vendors
Opensc

opensc Vulnerabilities: CVEs, CISA KEV & Security Advisories

54 CVEs

opensc Vulnerabilities

CVE security advisories and vulnerability history for opensc.

54

Total CVEs

Published

0

In CISA KEV

Exploited in the wild

5

Public exploits

With known exploit

4.8

Avg CVSS

2018–2026

Overview

opensc has 54 published CVE records since 2018, of which 0 are in CISA's Known Exploited Vulnerabilities catalog and 5 have a known public exploit. The average CVSS base score across scored CVEs is 4.8.

This page aggregates every publicly disclosed vulnerability (CVE) affecting opensc products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of opensc's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical1

High1

Medium9

Low12

31 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

0

None of opensc's CVEs are currently listed in CISA's KEV catalog.

Public exploits

5

5 of opensc's CVEs have a known public exploit available.

Most affected products

The opensc products with the most published CVEs.

opensc51 CVEs
enterprise linux16 CVEs
fedora13 CVEs
Red Hat Enterprise Linux 712 CVEs
Red Hat Enterprise Linux 812 CVEs
Red Hat Enterprise Linux 912 CVEs
Red Hat Enterprise Linux 107 CVEs
libopensc6 CVEs

Common weakness types

The CWE weakness categories most often found in opensc CVEs. Follow any weakness for its full explanation.

CWE-457Use of Uninitialized Variable5 CVEs
CWE-121Stack-based Buffer Overflow4 CVEs
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 CVEs
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')3 CVEs
CWE-416Use After Free2 CVEs
CWE-287Improper Authentication2 CVEs
CWE-125Out-of-bounds Read2 CVEs
CWE-672Operation on a Resource after Expiration or Release1 CVE

CNAs that assign these CVEs

The CVE Numbering Authorities that publish opensc CVE records.

mitre26 CVEs
redhat19 CVEs
GitHub_M6 CVEs
VulnCheck2 CVEs
VulDB1 CVEs

Disclosure activity by year

How many opensc CVEs were published each year.

2018

13

2019

7

2020

5

2022

5

2023

5

2024

8

2025

2

2026

9

Latest opensc CVEs

The most recently disclosed vulnerabilities affecting opensc.

OpenSC pkcs11-tool Key Generation pkcs11-tool.c test_kpgen_certwrite buffer overflow
CWE-120
Medium · CVSS 5.0
EPSS 0.1%2026-06-01
OpenSC < 0.27.0 Buffer Overrun in do_key_value() via profile.c
CWE-121
Low · CVSS 3.8
EPSS 0.0%2026-05-29
OpenSC < 0.27.0-rc1 Stack Buffer Overflow via piv_process_history() in card-piv.c
CWE-121
Low · CVSS 3.8
EPSS 0.0%2026-05-29
Libopensc: opensc: multiple uses of uninitialized variable
CWE-457
Medium · CVSS 5.7
EPSS 0.0%2026-04-23
OpenSC: Stack-buffer-overflow WRITE in card-oberthur
CWE-121
Low · CVSS 3.8
EPSS 0.0%2026-03-30
OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers
CWE-126
Low · CVSS 3.9
EPSS 0.0%2026-03-30
OpenSC: Out of Bounds vulnerability
CWE-125
Low · CVSS 3.9
EPSS 0.0%2026-03-30
OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE
CWE-121
Low · CVSS 3.8
EPSS 0.0%2026-03-30
Medium vulnerability · 2026-01-16
CWE-393
Medium · CVSS 6.7
EPSS 0.0%2026-01-16
PAM-PKCS#11 vulnerable to authentication bypass with default value for `cert_policy` (`none`)
CWE-287
Critical · CVSS 9.2
EPSS 0.7%2025-02-10
PAM-PKCS#11 vulnerable to segmentation fault on ctrl-c/ctrl-d when asked for PIN
CWE-476
Medium · CVSS 5.1
EPSS 0.1%2025-02-10
Libopensc: incorrect handling of the length of buffers or files in pkcs15init
CWE-120
Low · CVSS 3.9
EPSS 0.1%2024-09-03

Track new opensc CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor opensc CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

microsoft24,097 CVEs Linux19,131 CVEs google14,281 CVEs apple14,019 CVEs oracle10,440 CVEs debian10,201 CVEs IBM8,265 CVEs Adobe7,222 CVEs

Browse all vendors

Frequently asked questions

Common questions about opensc vulnerabilities.

How many CVEs does opensc have?

opensc has 54 published CVE records since 2018, including 11 in the last two years.

How many opensc CVEs are in CISA KEV?

None of opensc's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.

Which opensc products have the most CVEs?

The opensc products with the most published CVEs are opensc, enterprise linux, fedora, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8.

What are the most common weakness types in opensc CVEs?

opensc's CVEs most often map to these CWE weakness types: CWE-457 (Use of Uninitialized Variable), CWE-121 (Stack-based Buffer Overflow), CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-120 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')).

Are there public exploits for opensc vulnerabilities?

Yes — 5 of opensc's CVEs have a known public exploit.

How many critical opensc vulnerabilities are there?

opensc has 1 critical and 1 high-severity CVEs.

What is the average severity of opensc CVEs?

The average CVSS base score across opensc's scored CVEs is 4.8.

References

The MITRE CVE Program (opens in a new tab)
Learn: What is a CVE?
CWE directory: the weakness types these CVEs map to
CNA directory: the CNAs that assign these CVEs

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track opensc vulnerabilities

Monitor new opensc vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing

On this page

Overview
Severity and exploitation
Most affected products
Common weakness types
Assigning CNAs
Disclosure activity
Latest CVEs
Other vendors
FAQ
References