- How many CVEs does OpenSSL have?
- OpenSSL has 308 published CVE records since 2000, including 45 in the last two years.
- How many OpenSSL CVEs are in CISA KEV?
- Yes — 1 of OpenSSL's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.
- Which OpenSSL products have the most CVEs?
- The OpenSSL products with the most published CVEs are openssl, OpenSSL 3.0.0-3.0.7, OpenSSL 1.1.1-1.1.1s, OpenSSL 3.4, OpenSSL 3.5.
- What are the most common weakness types in OpenSSL CVEs?
- OpenSSL's CVEs most often map to these CWE weakness types: CWE-476 (NULL Pointer Dereference), CWE-125 (Out-of-bounds Read), CWE-787 (Out-of-bounds Write), CWE-295 (Improper Certificate Validation).
- Are there public exploits for OpenSSL vulnerabilities?
- Yes — 45 of OpenSSL's CVEs have a known public exploit.
- How many critical OpenSSL vulnerabilities are there?
- OpenSSL has 24 critical and 91 high-severity CVEs.
- What is the average severity of OpenSSL CVEs?
- The average CVSS base score across OpenSSL's scored CVEs is 6.2.