Skip to content

Security data

Weaknesses (CWE)The MITRE CWE weakness catalog
Attack Patterns (CAPEC)MITRE CAPEC attack patterns
CNAsNumbering authorities + report cards
VendorsVulnerabilities by vendor

Tools

CVSS CalculatorScore CVSS 4.0, 3.1, 3.0 & 2.0

Resources

LearnPlain-English security guides
Data SourcesHow we source CVE data

About Us Blog Pricing Book a Demo

Log in

RadicalNotion.AI

We do not sell or share your personal information

© 2026 RadicalNotion.AI

Security Data

CWE Directory
CAPEC Directory
CNA Directory
CNA Report Cards
Data Sources

Calculators

CVSS Calculator
CVSS 4.0
CVSS 3.1
CVSS 3.0
CVSS 2.0

Platform

My Vulnerabilities
Insights
Notifications
Account
Pricing

Company

About us
Blog
Learn
Book a demo

Get Started

Sign up
Log in

Legal

Privacy
Terms

Home
Vendors
Opensc Project

opensc project Vulnerabilities: CVEs, CISA KEV & Security Advisories

49 CVEs

opensc project Vulnerabilities

CVE security advisories and vulnerability history for opensc project.

49

Total CVEs

Published

0

In CISA KEV

Exploited in the wild

2

Public exploits

With known exploit

4.5

Avg CVSS

2018–2026

Overview

opensc project has 49 published CVE records since 2018, of which 0 are in CISA's Known Exploited Vulnerabilities catalog and 2 have a known public exploit. The average CVSS base score across scored CVEs is 4.5.

This page aggregates every publicly disclosed vulnerability (CVE) affecting opensc project products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of opensc project's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical0

High1

Medium6

Low11

31 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

0

None of opensc project's CVEs are currently listed in CISA's KEV catalog.

Public exploits

2

2 of opensc project's CVEs have a known public exploit available.

Most affected products

The opensc project products with the most published CVEs.

opensc48 CVEs
enterprise linux17 CVEs
fedora13 CVEs
Red Hat Enterprise Linux 712 CVEs
Red Hat Enterprise Linux 912 CVEs
Red Hat Enterprise Linux 812 CVEs
libopensc7 CVEs
Red Hat Enterprise Linux 107 CVEs

Common weakness types

The CWE weakness categories most often found in opensc project CVEs. Follow any weakness for its full explanation.

CWE-457Use of Uninitialized Variable4 CVEs
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 CVEs
CWE-125Out-of-bounds Read2 CVEs
CWE-121Stack-based Buffer Overflow2 CVEs
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')2 CVEs
CWE-416Use After Free2 CVEs
CWE-393Return of Wrong Status Code1 CVE
CWE-672Operation on a Resource after Expiration or Release1 CVE

CNAs that assign these CVEs

The CVE Numbering Authorities that publish opensc project CVE records.

mitre26 CVEs
redhat19 CVEs
GitHub_M4 CVEs

Disclosure activity by year

How many opensc project CVEs were published each year.

2018

13

2019

7

2020

5

2022

5

2023

5

2024

9

2026

5

Latest opensc project CVEs

The most recently disclosed vulnerabilities affecting opensc project.

OpenSC: Stack-buffer-overflow WRITE in card-oberthur
CWE-121
Low · CVSS 3.8
EPSS 0.0%2026-03-30
OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers
CWE-126
Low · CVSS 3.9
EPSS 0.0%2026-03-30
OpenSC: Out of Bounds vulnerability
CWE-125
Low · CVSS 3.9
EPSS 0.0%2026-03-30
OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE
CWE-121
Low · CVSS 3.8
EPSS 0.0%2026-03-30
Medium vulnerability · 2026-01-16
CWE-393
Medium · CVSS 6.7
EPSS 0.0%2026-01-16
Libopensc: heap buffer overflow in openpgp driver when generating key
CWE-122
Low · CVSS 2.9
EPSS 0.2%2024-09-10
Libopensc: incorrect handling of the length of buffers or files in pkcs15init
CWE-120
Low · CVSS 3.9
EPSS 0.1%2024-09-03
Libopensc: incorrect handling length of buffers or files in libopensc
CWE-120
Medium · CVSS 4.3
EPSS 0.1%2024-09-03
Libopensc: uninitialized values after incorrect or missing checking return values of functions in pkcs15init
CWE-457
Low · CVSS 3.9
EPSS 0.1%2024-09-03
Libopensc: uninitialized values after incorrect or missing checking return values of functions in libopensc
CWE-457
Low · CVSS 3.9
EPSS 0.1%2024-09-03
Libopensc: uninitialized values after incorrect check or usage of apdu response values in libopensc
CWE-457
Low · CVSS 3.9
EPSS 0.1%2024-09-03
Libopensc: pkcs15init: usage of uninitialized values in libopensc and pkcs15init
CWE-457
Low · CVSS 3.9
EPSS 0.1%2024-09-03

Track new opensc project CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor opensc project CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

microsoft24,097 CVEs Linux19,131 CVEs google14,281 CVEs apple14,019 CVEs oracle10,440 CVEs debian10,201 CVEs IBM8,265 CVEs Adobe7,222 CVEs

Browse all vendors

Frequently asked questions

Common questions about opensc project vulnerabilities.

How many CVEs does opensc project have?

opensc project has 49 published CVE records since 2018, including 5 in the last two years.

How many opensc project CVEs are in CISA KEV?

None of opensc project's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.

Which opensc project products have the most CVEs?

The opensc project products with the most published CVEs are opensc, enterprise linux, fedora, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 9.

What are the most common weakness types in opensc project CVEs?

opensc project's CVEs most often map to these CWE weakness types: CWE-457 (Use of Uninitialized Variable), CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-125 (Out-of-bounds Read), CWE-121 (Stack-based Buffer Overflow).

Are there public exploits for opensc project vulnerabilities?

Yes — 2 of opensc project's CVEs have a known public exploit.

What is the average severity of opensc project CVEs?

The average CVSS base score across opensc project's scored CVEs is 4.5.

References

The MITRE CVE Program (opens in a new tab)
Learn: What is a CVE?
CWE directory: the weakness types these CVEs map to
CNA directory: the CNAs that assign these CVEs

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track opensc project vulnerabilities

Monitor new opensc project vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing

On this page

Overview
Severity and exploitation
Most affected products
Common weakness types
Assigning CNAs
Disclosure activity
Latest CVEs
Other vendors
FAQ
References