Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Openssh Number Of NVD 116 CRITICAL 5 HIGH 44 MEDIUM 55 LOW 12
URL https://www.openssh.com/
Explanation It is an SSH implementation developed by the OpenBSD project and used on many Unix and Linux systems.
It can also be used on Windows, as the OpenSSH client can be easily installed.
Tag
  • BSD License
  • オープンソース
Add Information URL
No Type Name URL
1 https://anongit.mindrot.org/openssh
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
1 OpenSSH 9 9.9p2 Feb. 18, 2025 April 8, 2022 2 2 5 0
2 OpenSSH 8 8.9 Feb. 23, 2022 April 17, 2019 2 7 6 1
3 OpenSSH 7 OpenSSH 7.9 Oct. 19, 2018 Aug. 11, 2015 2 12 17 1
4 OpenSSH 6 OpenSSH 6.9 July 1, 2015 April 22, 2012 2 14 23 2
5 OpenSSH 5 OpenSSH 5.9 Sept. 6, 2011 April 3, 2008 2 12 22 6
6 OpenSSH 4 OpenSSH 4.9 March 31, 2008 March 9, 2005 2 18 30 9
7 OpenSSH 3 OpenSSH 3.9 Aug. 18, 2004 Nov. 6, 2001 4 28 30 7
8 OpenSSH 8.4 8.4 1 3 5 1
9 OpenSSH 8.3 8.3 1 4 5 1
10 OpenSSH 8.2 8.2 1 5 5 1
11 OpenSSH 8.1 8.1 1 3 5 1
12 OpenSSH 8.0 8.0 1 4 5 1
13 OpenSSH 7.9 7.9 1 4 9 1
14 OpenSSH 7.8 7.8 1 4 10 1
15 OpenSSH 7.7 7.7 1 4 11 1
16 OpenSSH 7.6 7.6 1 3 11 1
17 OpenSSH 7.5 7.5 1 3 12 1
18 OpenSSH 7.4 7.4 1 3 12 1
19 OpenSSH 7.3 7.3 1 8 13 1
20 OpenSSH 7.2 7.2p2 March 10, 2016 1 10 15 1
21 OpenSSH 7.1 7.1p2 Jan. 14, 2016 2 11 17 1
22 OpenSSH 7.0 7.0 2 11 17 1
23 OpenSSH 6.9 6.9 2 13 18 2
24 OpenSSH 6.8 6.8 2 13 19 2
25 OpenSSH 6.7 6.7 2 11 17 2
26 OpenSSH 6.6 6.6 2 11 18 2
27 OpenSSH 6.5 6.5 2 11 19 2
28 OpenSSH 6.4 6.4 2 12 19 2
29 OpenSSH 6.3 6.3 2 12 20 2
30 OpenSSH 6.2 6.2p2 May 16, 2013 2 12 20 2
31 OpenSSH 6.1 6.1 2 11 20 2
32 OpenSSH 6.0 6.0 2 11 20 2
33 OpenSSH 5.9 5.9 2 11 20 2
34 OpenSSH 5.8p2 5.8p2 2 10 19 2
35 OpenSSH 5.8 5.8p2 May 3, 2011 2 11 20 4
36 OpenSSH 5.7 5.7 2 11 21 4
37 OpenSSH 5.6 5.6 2 12 20 5
38 OpenSSH 5.5 5.5 2 12 19 5
39 OpenSSH 5.4 5.4 2 12 19 5
40 OpenSSH 5.3 5.3 2 11 19 5
41 OpenSSH 5.2 5.2 2 11 19 5
42 OpenSSH 5.1 5.1 2 11 19 5
43 OpenSSH 5.0 5.0 2 11 19 6
44 OpenSSH 4.9 4.9 2 11 19 6
45 OpenSSH 4.8 4.8 2 11 21 6
46 OpenSSH 4.7p1 4.7p1 2 11 18 7
47 OpenSSH 4.7 4.7 2 11 20 7
48 OpenSSH 4.6 4.6 2 12 21 6
49 OpenSSH 4.5 4.5 2 14 22 7
50 OpenSSH 4.4p1 4.4p1 2 12 21 6
51 OpenSSH 4.4 4.4 2 15 21 6
52 OpenSSH 4.3p2 4.3p2 2 12 22 6
53 OpenSSH 4.3p1 4.3p1 2 13 21 6
54 OpenSSH 4.3 4.3p2 Feb. 11, 2006 2 16 24 6
55 OpenSSH 4.2p1 4.2p1 2 13 22 6
56 OpenSSH 4.2 4.2 2 16 22 6
57 OpenSSH 4.1p1 4.1p1 2 13 23 6
58 OpenSSH 4.1 4.1 2 16 23 7
59 OpenSSH 4.0p1 4.0p1 2 13 23 6
60 OpenSSH 4.0 4.0 2 16 25 6
61 OpenSSH 3.9 3.9.1p1 2 16 24 7
62 OpenSSH 3.8 3.8.1p1 2 16 25 7
63 OpenSSH 3.7 3.7.1p2 2 21 25 7
64 OpenSSH 3.6 3.6.1p2 2 21 26 7
65 OpenSSH 3.5p1 3.5p1 2 17 24 7
66 OpenSSH 3.5 3.5 2 20 26 7
67 OpenSSH 3.4p1 3.4p1 2 17 24 7
68 OpenSSH 3.4 3.4 2 20 26 7
69 OpenSSH 3.3p1 3.3p1 2 18 24 7
70 OpenSSH 3.3 3.3 3 21 26 7
71 OpenSSH 3.2 3.2.3p1 3 23 26 7
72 OpenSSH 3.1p1 3.1p1 2 18 24 7
73 OpenSSH 3.1 3.1 3 22 26 7
74 OpenSSH 3.0p1 3.0p1 2 19 24 7
75 OpenSSH 3.0 3.0.2p1 4 24 27 7
76 OpenSSH 2.9p2 2.9p2 4 23 23 6
77 OpenSSH 2.9p1 2.9p1 4 23 23 6
78 OpenSSH 2.9 2.9p2 June 17, 2001 3 27 24 6
79 OpenSSH 2.5 2.5.2p2 March 22, 2001 3 27 24 6
80 OpenSSH 2.3 2.3.0p1 Nov. 6, 2000 3 27 25 6
81 OpenSSH 2.2 2.2.0p1 Sept. 1, 2000 3 29 24 6
82 OpenSSH 2.1 2.1.1p4 July 16, 2000 3 29 25 6
83 OpenSSH 2 OpenSSH 2.9.9 Sept. 25, 2001 4 30 26 6
84 OpenSSH 1.5 1.5.8 2 23 22 6
85 OpenSSH 1.3 1.3 2 23 22 6
86 OpenSSH 1.2 1.2.3p1 March 24, 2000 2 27 28 7
87 OpenSSH 1 OpenSSH 1.2.3p1 March 24, 2000 2 27 28 7
88 OpenSSH - - 2 22 26 7
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
1 6.1
- 		MEDIUM
Local 		A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket na… CWE-923
 Improper Restriction of Communication Channel to Intended Endpoints 		CVE-2026-55655 cpe:2.3:a:openbsd:openssh:-:* 2026-06-26 03:16
2026-06-23 		Show GitHub Exploit DB Packet Storm
2 3.7
- 		LOW
Network 		A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI (Generic Security Service Application Programming Interface) indicators when a trailing… CWE-125
Out-of-bounds Read 		CVE-2026-55654 cpe:2.3:a:openbsd:openssh:-:* 2026-06-26 01:59
2026-06-23 		Show GitHub Exploit DB Packet Storm
3 6.5
- 		MEDIUM
Network 		A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange (DH-GEX) client path. This occurs during FIPS (Federal Information Pro… CWE-415
 Double Free 		CVE-2026-55653 cpe:2.3:a:openbsd:openssh:-:* 2026-06-26 01:57
2026-06-23 		Show GitHub Exploit DB Packet Storm
4 8.1
- 		HIGH
Network 		OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma char… CWE-670
 Always-Incorrect Control Flow Implementation 		CVE-2026-35414 cpe:2.3:a:openbsd:openssh:*:* 10.3 2026-04-11 04:36
2026-04-3 		Show GitHub Exploit DB Packet Storm
5 6.8
- 		MEDIUM
Network 		A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occur… - CVE-2025-26465 cpe:2.3:a:openbsd:openssh:9.9:p1
cpe:2.3:a:openbsd:openssh:9.9:-
cpe:2.3:a:openbsd:openssh:6.8:p1
cpe:2.3:a:op… 		6.9 9.8 2025-03-6 03:54
2025-02-19 		Show GitHub Exploit DB Packet Storm
6 8.1
- 		HIGH
Network 		A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote a… CWE-362
Race Condition 		CVE-2024-6387 cpe:2.3:a:openbsd:openssh:8.5:p1
cpe:2.3:a:openbsd:openssh:4.4:-
cpe:2.3:a:openbsd:openssh:*:* 		8.6

9.8
4.4 		2024-11-21 18:49
2024-07-1 		Show GitHub Exploit DB Packet Storm
7 6.5
- 		MEDIUM
Network 		In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For examp… CWE-78
OS Command  		CVE-2023-51385 cpe:2.3:a:openbsd:openssh:*:* 9.6 2024-11-21 17:37
2023-12-19 		Show GitHub Exploit DB Packet Storm
8 5.5
- 		MEDIUM
Local 		In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these const… NVD-CWE-noinfo
CVE-2023-51384 cpe:2.3:a:openbsd:openssh:*:* 8.9 9.6 2024-11-21 17:37
2023-12-19 		Show GitHub Exploit DB Packet Storm
9 5.9
- 		MEDIUM
Network 		The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from… CWE-354
 Improper Validation of Integrity Check Value 		CVE-2023-48795 cpe:2.3:a:openbsd:openssh:*:* 9.6 2024-11-21 17:32
2023-12-19 		Show GitHub Exploit DB Packet Storm
10 9.8
- 		CRITICAL
Network 		The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Co… CWE-428
 Unquoted Search Path or Element 		CVE-2023-38408 cpe:2.3:a:openbsd:openssh:9.3:p1
cpe:2.3:a:openbsd:openssh:9.3:-
cpe:2.3:a:openbsd:openssh:*:* 		9.3 2024-11-21 17:13
2023-07-20 		Show GitHub Exploit DB Packet Storm