Rust-openssl Project Rust-openssl — known CVE vulnerabilities
Every CVE whose affected-product data names Rust-openssl Project Rust-openssl, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2026-41681 — CVSS 9.8 (critical): rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes…
CVE-2018-20997 — CVSS 9.8 (critical): An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing.
CVE-2026-41676 — CVSS 9.8 (critical): rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive (and…
CVE-2026-41898 — CVSS 9.8 (critical): rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind…
CVE-2026-41678 — CVSS 9.8 (critical): rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrap_key() contains an incorrect…
CVE-2026-41677 — CVSS 9.1 (critical): rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the *_from_pem_callback APIs did…
CVE-2016-10931 — CVSS 8.1 (high): An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate…