Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/openvpn@0?distro=trixie

Type deb

Namespace debian

Name openvpn

Version 0

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2.0.2-1

Latest_non_vulnerable_version 2.7.1-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-28zy-wt9q-5udk

vulnerability_id VCID-28zy-wt9q-5udk

summary The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-24974

reference_id

reference_type

scores

value	0.11092
scoring_system	epss
scoring_elements	0.9348
published_at	2026-04-18T12:55:00Z

value	0.11092
scoring_system	epss
scoring_elements	0.93428
published_at	2026-04-02T12:55:00Z

value	0.11092
scoring_system	epss
scoring_elements	0.93437
published_at	2026-04-07T12:55:00Z

value	0.11092
scoring_system	epss
scoring_elements	0.93445
published_at	2026-04-08T12:55:00Z

value	0.11092
scoring_system	epss
scoring_elements	0.93449
published_at	2026-04-09T12:55:00Z

value	0.11092
scoring_system	epss
scoring_elements	0.93454
published_at	2026-04-12T12:55:00Z

value	0.11092
scoring_system	epss
scoring_elements	0.93455
published_at	2026-04-13T12:55:00Z

value	0.11092
scoring_system	epss
scoring_elements	0.93475
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-24974

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://community.openvpn.net/openvpn/wiki/CVE-2024-24974

reference_id

CVE-2024-24974

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-30T18:38:55Z/

url

https://community.openvpn.net/openvpn/wiki/CVE-2024-24974

reference_url

https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html

reference_id

msg07534.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-30T18:38:55Z/

url

https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html

reference_url

https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/

reference_id

ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-30T18:38:55Z/

url

https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/

fixed_packages

url	pkg:deb/debian/openvpn@0?distro=trixie
purl	pkg:deb/debian/openvpn@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@0%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.5.1-3?distro=trixie
purl	pkg:deb/debian/openvpn@2.5.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.5.1-3%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u4?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.3-1%252Bdeb12u4%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.14-1%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.14-1%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.14-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.7.0-1?distro=trixie
purl	pkg:deb/debian/openvpn@2.7.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.7.0-1%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.7.1-1?distro=trixie
purl	pkg:deb/debian/openvpn@2.7.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.7.1-1%3Fdistro=trixie

aliases CVE-2024-24974

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-28zy-wt9q-5udk

url VCID-5wv8-4q5c-4fev

vulnerability_id VCID-5wv8-4q5c-4fev

summary OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (openvpn.exe).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3606

reference_id

reference_type

scores

value	0.00047
scoring_system	epss
scoring_elements	0.14488
published_at	2026-04-01T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14551
published_at	2026-04-02T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14622
published_at	2026-04-04T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14431
published_at	2026-04-07T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14519
published_at	2026-04-08T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14573
published_at	2026-04-09T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14521
published_at	2026-04-11T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14483
published_at	2026-04-12T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14425
published_at	2026-04-13T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14319
published_at	2026-04-16T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14317
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3606

fixed_packages

url	pkg:deb/debian/openvpn@0?distro=trixie
purl	pkg:deb/debian/openvpn@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@0%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.5.1-3?distro=trixie
purl	pkg:deb/debian/openvpn@2.5.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.5.1-3%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u4?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.3-1%252Bdeb12u4%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.14-1%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.14-1%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.14-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.7.0-1?distro=trixie
purl	pkg:deb/debian/openvpn@2.7.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.7.0-1%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.7.1-1?distro=trixie
purl	pkg:deb/debian/openvpn@2.7.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.7.1-1%3Fdistro=trixie

aliases CVE-2021-3606

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5wv8-4q5c-4fev

url VCID-6h6c-h3va-dbfk

vulnerability_id VCID-6h6c-h3va-dbfk

summary OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-10680

reference_id

reference_type

scores

value	0.00166
scoring_system	epss
scoring_elements	0.37783
published_at	2026-04-02T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41738
published_at	2026-04-18T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41732
published_at	2026-04-08T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41741
published_at	2026-04-09T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41763
published_at	2026-04-16T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.4173
published_at	2026-04-12T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41717
published_at	2026-04-13T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41755
published_at	2026-04-04T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41683
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-10680

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://community.openvpn.net/Security%20Announcements/CVE-2025-10680

reference_id

CVE-2025-10680

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-25T03:56:05Z/

url

https://community.openvpn.net/Security%20Announcements/CVE-2025-10680

reference_url

https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00149.html

reference_id

msg00149.html

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-25T03:56:05Z/

url

https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00149.html

fixed_packages

url	pkg:deb/debian/openvpn@0?distro=trixie
purl	pkg:deb/debian/openvpn@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@0%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.5.1-3?distro=trixie
purl	pkg:deb/debian/openvpn@2.5.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.5.1-3%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u4?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.3-1%252Bdeb12u4%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.14-1%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.14-1%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.14-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.7.0-1?distro=trixie
purl	pkg:deb/debian/openvpn@2.7.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.7.0-1%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.7.1-1?distro=trixie
purl	pkg:deb/debian/openvpn@2.7.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.7.1-1%3Fdistro=trixie

aliases CVE-2025-10680

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6h6c-h3va-dbfk

url VCID-7k7e-z4tf-6uc4

vulnerability_id VCID-7k7e-z4tf-6uc4

summary Multiple vulnerabilities have been discovered in OpenVPN, the worst of which could lead to information disclosure.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-46850

reference_id

reference_type

scores

value	0.02037
scoring_system	epss
scoring_elements	0.83852
published_at	2026-04-18T12:55:00Z

value	0.02037
scoring_system	epss
scoring_elements	0.8383
published_at	2026-04-11T12:55:00Z

value	0.02037
scoring_system	epss
scoring_elements	0.83824
published_at	2026-04-12T12:55:00Z

value	0.02037
scoring_system	epss
scoring_elements	0.83819
published_at	2026-04-13T12:55:00Z

value	0.02037
scoring_system	epss
scoring_elements	0.83853
published_at	2026-04-16T12:55:00Z

value	0.02037
scoring_system	epss
scoring_elements	0.83767
published_at	2026-04-02T12:55:00Z

value	0.02037
scoring_system	epss
scoring_elements	0.83782
published_at	2026-04-04T12:55:00Z

value	0.02037
scoring_system	epss
scoring_elements	0.83784
published_at	2026-04-07T12:55:00Z

value	0.02037
scoring_system	epss
scoring_elements	0.83808
published_at	2026-04-08T12:55:00Z

value	0.02037
scoring_system	epss
scoring_elements	0.83814
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-46850

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055805
reference_id	1055805
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055805

reference_url

https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/

reference_id

access-server-security-update-cve-2023-46849-cve-2023-46850

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-15T14:59:47Z/

url

https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/

reference_url

https://community.openvpn.net/openvpn/wiki/CVE-2023-46850

reference_id

CVE-2023-46850

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-15T14:59:47Z/

url

https://community.openvpn.net/openvpn/wiki/CVE-2023-46850

reference_url

https://www.debian.org/security/2023/dsa-5555

reference_id

dsa-5555

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-15T14:59:47Z/

url

https://www.debian.org/security/2023/dsa-5555

reference_url	https://security.gentoo.org/glsa/202409-08
reference_id	GLSA-202409-08
reference_type
scores
url	https://security.gentoo.org/glsa/202409-08

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/

reference_id

L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-15T14:59:47Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/

reference_id

O54I7D753V6PU6XBU26FEROD2DSHEJQ4

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-15T14:59:47Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/

reference_url	https://usn.ubuntu.com/6484-1/
reference_id	USN-6484-1
reference_type
scores
url	https://usn.ubuntu.com/6484-1/

fixed_packages

url	pkg:deb/debian/openvpn@0?distro=trixie
purl	pkg:deb/debian/openvpn@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@0%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.5.1-3?distro=trixie
purl	pkg:deb/debian/openvpn@2.5.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.5.1-3%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u2?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.3-1%252Bdeb12u2%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u4?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.3-1%252Bdeb12u4%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.7-1?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.7-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.7-1%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.14-1%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.14-1%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.14-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.7.0-1?distro=trixie
purl	pkg:deb/debian/openvpn@2.7.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.7.0-1%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.7.1-1?distro=trixie
purl	pkg:deb/debian/openvpn@2.7.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.7.1-1%3Fdistro=trixie

aliases CVE-2023-46850

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7k7e-z4tf-6uc4

url VCID-9ymq-r7r1-4uh9

vulnerability_id VCID-9ymq-r7r1-4uh9

summary openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-9336

reference_id

reference_type

scores

value	0.00087
scoring_system	epss
scoring_elements	0.24888
published_at	2026-04-18T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.24881
published_at	2026-04-13T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.24894
published_at	2026-04-16T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.24955
published_at	2026-04-01T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25033
published_at	2026-04-02T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25072
published_at	2026-04-04T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.24847
published_at	2026-04-07T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.24915
published_at	2026-04-08T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.24962
published_at	2026-04-09T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.24977
published_at	2026-04-11T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.24937
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-9336

reference_url	https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24
reference_id
reference_type
scores
url	https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/OpenVPN/openvpn/commit/1394192b210cb3c6624a7419bcf3ff966742e79b
reference_id
reference_type
scores
url	https://github.com/OpenVPN/openvpn/commit/1394192b210cb3c6624a7419bcf3ff966742e79b

reference_url	https://github.com/OpenVPN/openvpn/releases/tag/v2.4.6
reference_id
reference_type
scores
url	https://github.com/OpenVPN/openvpn/releases/tag/v2.4.6

reference_url	https://www.tenable.com/security/research/tra-2018-09
reference_id
reference_type
scores
url	https://www.tenable.com/security/research/tra-2018-09

reference_url	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.568761
reference_id
reference_type
scores
url	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.568761

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openvpn:openvpn::::::::
reference_id	cpe:2.3:a:openvpn:openvpn::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openvpn:openvpn::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:slackware:slackware_linux:13.0:::::::*
reference_id	cpe:2.3:o:slackware:slackware_linux:13.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:slackware:slackware_linux:13.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:slackware:slackware_linux:13.1:::::::*
reference_id	cpe:2.3:o:slackware:slackware_linux:13.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:slackware:slackware_linux:13.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:slackware:slackware_linux:13.37:::::::*
reference_id	cpe:2.3:o:slackware:slackware_linux:13.37:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:slackware:slackware_linux:13.37:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:slackware:slackware_linux:14.0:::::::*
reference_id	cpe:2.3:o:slackware:slackware_linux:14.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:slackware:slackware_linux:14.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:slackware:slackware_linux:14.1:::::::*
reference_id	cpe:2.3:o:slackware:slackware_linux:14.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:slackware:slackware_linux:14.1:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-9336

reference_id

CVE-2018-9336

reference_type

scores

value	4.6
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:N/C:P/I:P/A:P

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-9336

fixed_packages

url	pkg:deb/debian/openvpn@0?distro=trixie
purl	pkg:deb/debian/openvpn@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@0%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.5.1-3?distro=trixie
purl	pkg:deb/debian/openvpn@2.5.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.5.1-3%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u4?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.3-1%252Bdeb12u4%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.14-1%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.14-1%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.14-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.7.0-1?distro=trixie
purl	pkg:deb/debian/openvpn@2.7.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.7.0-1%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.7.1-1?distro=trixie
purl	pkg:deb/debian/openvpn@2.7.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.7.1-1%3Fdistro=trixie

aliases CVE-2018-9336

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9ymq-r7r1-4uh9

url VCID-ayrd-g1eb-h3dt

vulnerability_id VCID-ayrd-g1eb-h3dt

summary OpenVPN: OpenVPN: Local denial of service vulnerability in interactive service agent

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13751.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13751.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-13751

reference_id

reference_type

scores

value	0.00016
scoring_system	epss
scoring_elements	0.0369
published_at	2026-04-02T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10768
published_at	2026-04-18T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10891
published_at	2026-04-08T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10944
published_at	2026-04-09T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10946
published_at	2026-04-11T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10913
published_at	2026-04-12T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.1089
published_at	2026-04-13T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10755
published_at	2026-04-16T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.1099
published_at	2026-04-04T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10815
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-13751

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2418624
reference_id	2418624
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2418624

reference_url

https://community.openvpn.net/Security%20Announcements/CVE-2025-13751

reference_id

CVE-2025-13751

reference_type

scores

value	1.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Clear

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T16:32:17Z/

url

https://community.openvpn.net/Security%20Announcements/CVE-2025-13751

reference_url

https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00153.html

reference_id

msg00153.html

reference_type

scores

value	1.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Clear

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T16:32:17Z/

url

https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00153.html

reference_url

https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00154.html

reference_id

msg00154.html

reference_type

scores

value	1.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Clear

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T16:32:17Z/

url

https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00154.html

fixed_packages

url	pkg:deb/debian/openvpn@0?distro=trixie
purl	pkg:deb/debian/openvpn@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@0%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.5.1-3?distro=trixie
purl	pkg:deb/debian/openvpn@2.5.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.5.1-3%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u4?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.3-1%252Bdeb12u4%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.14-1%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.14-1%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.14-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.7.0-1?distro=trixie
purl	pkg:deb/debian/openvpn@2.7.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.7.0-1%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.7.1-1?distro=trixie
purl	pkg:deb/debian/openvpn@2.7.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.7.1-1%3Fdistro=trixie

aliases CVE-2025-13751

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ayrd-g1eb-h3dt

url VCID-hr11-3ew1-4fgk

vulnerability_id VCID-hr11-3ew1-4fgk

summary OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-2704

reference_id

reference_type

scores

value	0.00572
scoring_system	epss
scoring_elements	0.68723
published_at	2026-04-18T12:55:00Z

value	0.00572
scoring_system	epss
scoring_elements	0.68625
published_at	2026-04-02T12:55:00Z

value	0.00572
scoring_system	epss
scoring_elements	0.68712
published_at	2026-04-16T12:55:00Z

value	0.00572
scoring_system	epss
scoring_elements	0.68699
published_at	2026-04-12T12:55:00Z

value	0.00572
scoring_system	epss
scoring_elements	0.6867
published_at	2026-04-13T12:55:00Z

value	0.00572
scoring_system	epss
scoring_elements	0.68643
published_at	2026-04-04T12:55:00Z

value	0.00572
scoring_system	epss
scoring_elements	0.6862
published_at	2026-04-07T12:55:00Z

value	0.00572
scoring_system	epss
scoring_elements	0.68671
published_at	2026-04-08T12:55:00Z

value	0.00572
scoring_system	epss
scoring_elements	0.68689
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-2704

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101935
reference_id	1101935
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101935

reference_url

https://community.openvpn.net/openvpn/wiki/CVE-2025-2704

reference_id

CVE-2025-2704

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T17:20:44Z/

url

https://community.openvpn.net/openvpn/wiki/CVE-2025-2704

reference_url	https://usn.ubuntu.com/7411-1/
reference_id	USN-7411-1
reference_type
scores
url	https://usn.ubuntu.com/7411-1/

fixed_packages

url	pkg:deb/debian/openvpn@0?distro=trixie
purl	pkg:deb/debian/openvpn@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@0%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.5.1-3?distro=trixie
purl	pkg:deb/debian/openvpn@2.5.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.5.1-3%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u3?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.3-1%252Bdeb12u3%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u4?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.3-1%252Bdeb12u4%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.14-1?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.14-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.14-1%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.14-1%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.14-1%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.14-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.7.0-1?distro=trixie
purl	pkg:deb/debian/openvpn@2.7.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.7.0-1%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.7.1-1?distro=trixie
purl	pkg:deb/debian/openvpn@2.7.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.7.1-1%3Fdistro=trixie

aliases CVE-2025-2704

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hr11-3ew1-4fgk

url VCID-junc-6y8j-cbe2

vulnerability_id VCID-junc-6y8j-cbe2

summary OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-28882

reference_id

reference_type

scores

value	0.00345
scoring_system	epss
scoring_elements	0.5714
published_at	2026-04-18T12:55:00Z

value	0.00345
scoring_system	epss
scoring_elements	0.57145
published_at	2026-04-09T12:55:00Z

value	0.00345
scoring_system	epss
scoring_elements	0.57157
published_at	2026-04-11T12:55:00Z

value	0.00345
scoring_system	epss
scoring_elements	0.57137
published_at	2026-04-12T12:55:00Z

value	0.00345
scoring_system	epss
scoring_elements	0.57117
published_at	2026-04-13T12:55:00Z

value	0.00345
scoring_system	epss
scoring_elements	0.57144
published_at	2026-04-16T12:55:00Z

value	0.00345
scoring_system	epss
scoring_elements	0.57093
published_at	2026-04-07T12:55:00Z

value	0.00345
scoring_system	epss
scoring_elements	0.57116
published_at	2026-04-04T12:55:00Z

value	0.00345
scoring_system	epss
scoring_elements	0.57143
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-28882

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074488
reference_id	1074488
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074488

reference_url

https://community.openvpn.net/openvpn/wiki/CVE-2024-28882

reference_id

CVE-2024-28882

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-09T14:48:10Z/

url

https://community.openvpn.net/openvpn/wiki/CVE-2024-28882

reference_url

https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07634.html

reference_id

msg07634.html

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-09T14:48:10Z/

url

https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07634.html

reference_url	https://usn.ubuntu.com/6860-1/
reference_id	USN-6860-1
reference_type
scores
url	https://usn.ubuntu.com/6860-1/

fixed_packages

url	pkg:deb/debian/openvpn@0?distro=trixie
purl	pkg:deb/debian/openvpn@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@0%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.5.1-3?distro=trixie
purl	pkg:deb/debian/openvpn@2.5.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.5.1-3%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u3?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.3-1%252Bdeb12u3%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u4?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.3-1%252Bdeb12u4%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.11-1?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.11-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.11-1%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.14-1%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.14-1%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.14-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.7.0-1?distro=trixie
purl	pkg:deb/debian/openvpn@2.7.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.7.0-1%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.7.1-1?distro=trixie
purl	pkg:deb/debian/openvpn@2.7.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.7.1-1%3Fdistro=trixie

aliases CVE-2024-28882

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-junc-6y8j-cbe2

url VCID-pspa-n4yc-j7hr

vulnerability_id VCID-pspa-n4yc-j7hr

summary The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-27459

reference_id

reference_type

scores

value	0.05418
scoring_system	epss
scoring_elements	0.90164
published_at	2026-04-18T12:55:00Z

value	0.05418
scoring_system	epss
scoring_elements	0.90119
published_at	2026-04-04T12:55:00Z

value	0.05418
scoring_system	epss
scoring_elements	0.90123
published_at	2026-04-07T12:55:00Z

value	0.05418
scoring_system	epss
scoring_elements	0.90139
published_at	2026-04-08T12:55:00Z

value	0.05418
scoring_system	epss
scoring_elements	0.90145
published_at	2026-04-09T12:55:00Z

value	0.05418
scoring_system	epss
scoring_elements	0.90153
published_at	2026-04-11T12:55:00Z

value	0.05418
scoring_system	epss
scoring_elements	0.90152
published_at	2026-04-12T12:55:00Z

value	0.05418
scoring_system	epss
scoring_elements	0.90147
published_at	2026-04-13T12:55:00Z

value	0.05418
scoring_system	epss
scoring_elements	0.90107
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-27459

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://community.openvpn.net/openvpn/wiki/CVE-2024-27459

reference_id

CVE-2024-27459

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-23T15:31:20Z/

url

https://community.openvpn.net/openvpn/wiki/CVE-2024-27459

reference_url

https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html

reference_id

msg07534.html

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-23T15:31:20Z/

url

https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html

reference_url

https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/

reference_id

ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-23T15:31:20Z/

url

https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/

fixed_packages

url	pkg:deb/debian/openvpn@0?distro=trixie
purl	pkg:deb/debian/openvpn@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@0%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.5.1-3?distro=trixie
purl	pkg:deb/debian/openvpn@2.5.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.5.1-3%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u4?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.3-1%252Bdeb12u4%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.14-1%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.14-1%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.14-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.7.0-1?distro=trixie
purl	pkg:deb/debian/openvpn@2.7.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.7.0-1%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.7.1-1?distro=trixie
purl	pkg:deb/debian/openvpn@2.7.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.7.1-1%3Fdistro=trixie

aliases CVE-2024-27459

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pspa-n4yc-j7hr

url VCID-qw3z-yr6x-2uhd

vulnerability_id VCID-qw3z-yr6x-2uhd

summary OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-27903

reference_id

reference_type

scores

value	0.06993
scoring_system	epss
scoring_elements	0.91483
published_at	2026-04-18T12:55:00Z

value	0.06993
scoring_system	epss
scoring_elements	0.91437
published_at	2026-04-07T12:55:00Z

value	0.06993
scoring_system	epss
scoring_elements	0.91449
published_at	2026-04-08T12:55:00Z

value	0.06993
scoring_system	epss
scoring_elements	0.91456
published_at	2026-04-09T12:55:00Z

value	0.06993
scoring_system	epss
scoring_elements	0.91462
published_at	2026-04-11T12:55:00Z

value	0.06993
scoring_system	epss
scoring_elements	0.91465
published_at	2026-04-12T12:55:00Z

value	0.06993
scoring_system	epss
scoring_elements	0.91463
published_at	2026-04-13T12:55:00Z

value	0.06993
scoring_system	epss
scoring_elements	0.91487
published_at	2026-04-16T12:55:00Z

value	0.06993
scoring_system	epss
scoring_elements	0.9142
published_at	2026-04-02T12:55:00Z

value	0.06993
scoring_system	epss
scoring_elements	0.91429
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-27903

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://community.openvpn.net/openvpn/wiki/CVE-2024-27903

reference_id

CVE-2024-27903

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-08T14:29:39Z/

url

https://community.openvpn.net/openvpn/wiki/CVE-2024-27903

reference_url

https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html

reference_id

msg07534.html

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-08T14:29:39Z/

url

https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html

reference_url

https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/

reference_id

ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-08T14:29:39Z/

url

https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/

fixed_packages

url	pkg:deb/debian/openvpn@0?distro=trixie
purl	pkg:deb/debian/openvpn@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@0%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.5.1-3?distro=trixie
purl	pkg:deb/debian/openvpn@2.5.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.5.1-3%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u4?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.3-1%252Bdeb12u4%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.14-1%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.14-1%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.14-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.7.0-1?distro=trixie
purl	pkg:deb/debian/openvpn@2.7.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.7.0-1%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.7.1-1?distro=trixie
purl	pkg:deb/debian/openvpn@2.7.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.7.1-1%3Fdistro=trixie

aliases CVE-2024-27903

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qw3z-yr6x-2uhd

url VCID-qwa7-cv2s-53hp

vulnerability_id VCID-qwa7-cv2s-53hp

summary Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-12106

reference_id

reference_type

scores

value	0.00073
scoring_system	epss
scoring_elements	0.22136
published_at	2026-04-18T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22142
published_at	2026-04-16T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29775
published_at	2026-04-07T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29916
published_at	2026-04-02T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29837
published_at	2026-04-08T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29872
published_at	2026-04-09T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29881
published_at	2026-04-11T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29836
published_at	2026-04-12T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29785
published_at	2026-04-13T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29963
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-12106

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://community.openvpn.net/Security%20Announcements/CVE-2025-12106

reference_id

CVE-2025-12106

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:49:24Z/

url

https://community.openvpn.net/Security%20Announcements/CVE-2025-12106

reference_url

https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00152.html

reference_id

msg00152.html

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:49:24Z/

url

https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00152.html

fixed_packages

url	pkg:deb/debian/openvpn@0?distro=trixie
purl	pkg:deb/debian/openvpn@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@0%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.5.1-3?distro=trixie
purl	pkg:deb/debian/openvpn@2.5.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.5.1-3%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u4?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.3-1%252Bdeb12u4%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.14-1%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.14-1%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.14-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.7.0-1?distro=trixie
purl	pkg:deb/debian/openvpn@2.7.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.7.0-1%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.7.1-1?distro=trixie
purl	pkg:deb/debian/openvpn@2.7.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.7.1-1%3Fdistro=trixie

aliases CVE-2025-12106

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qwa7-cv2s-53hp

url VCID-rprb-r52n-7ygu

vulnerability_id VCID-rprb-r52n-7ygu

summary OpenVPN: OpenVPN: Improper validation of source IP addresses leads to denial of service

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13086.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13086.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-13086

reference_id

reference_type

scores

value	0.00046
scoring_system	epss
scoring_elements	0.13879
published_at	2026-04-18T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.13888
published_at	2026-04-16T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19203
published_at	2026-04-02T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.27973
published_at	2026-04-07T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.28177
published_at	2026-04-04T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.28041
published_at	2026-04-08T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.28083
published_at	2026-04-09T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.2809
published_at	2026-04-11T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.28046
published_at	2026-04-12T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.27989
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-13086

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121086
reference_id	1121086
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121086

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2418671
reference_id	2418671
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2418671

reference_url

https://community.openvpn.net/Security%20Announcements/CVE-2025-13086

reference_id

CVE-2025-13086

reference_type

scores

value	4.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:48:54Z/

url

https://community.openvpn.net/Security%20Announcements/CVE-2025-13086

reference_url

https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00151.html

reference_id

msg00151.html

reference_type

scores

value	4.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:48:54Z/

url

https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00151.html

reference_url

https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00152.html

reference_id

msg00152.html

reference_type

scores

value	4.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:48:54Z/

url

https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00152.html

reference_url	https://usn.ubuntu.com/7898-1/
reference_id	USN-7898-1
reference_type
scores
url	https://usn.ubuntu.com/7898-1/

fixed_packages

url	pkg:deb/debian/openvpn@0?distro=trixie
purl	pkg:deb/debian/openvpn@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@0%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.5.1-3?distro=trixie
purl	pkg:deb/debian/openvpn@2.5.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.5.1-3%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u4?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.3-1%252Bdeb12u4%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.14-1%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.14-1%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.14-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.7.0~rc2-2?distro=trixie
purl	pkg:deb/debian/openvpn@2.7.0~rc2-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.7.0~rc2-2%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.7.0-1?distro=trixie
purl	pkg:deb/debian/openvpn@2.7.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.7.0-1%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.7.1-1?distro=trixie
purl	pkg:deb/debian/openvpn@2.7.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.7.1-1%3Fdistro=trixie

aliases CVE-2025-13086

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rprb-r52n-7ygu

url VCID-ttj5-upnp-3qfd

vulnerability_id VCID-ttj5-upnp-3qfd

summary Multiple vulnerabilities have been discovered in OpenVPN, the worst of which could lead to information disclosure.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-46849

reference_id

reference_type

scores

value	0.00478
scoring_system	epss
scoring_elements	0.64939
published_at	2026-04-07T12:55:00Z

value	0.00478
scoring_system	epss
scoring_elements	0.64949
published_at	2026-04-02T12:55:00Z

value	0.00478
scoring_system	epss
scoring_elements	0.64989
published_at	2026-04-08T12:55:00Z

value	0.00478
scoring_system	epss
scoring_elements	0.64976
published_at	2026-04-04T12:55:00Z

value	0.00478
scoring_system	epss
scoring_elements	0.65029
published_at	2026-04-18T12:55:00Z

value	0.00478
scoring_system	epss
scoring_elements	0.65019
published_at	2026-04-16T12:55:00Z

value	0.00478
scoring_system	epss
scoring_elements	0.64983
published_at	2026-04-13T12:55:00Z

value	0.00478
scoring_system	epss
scoring_elements	0.65011
published_at	2026-04-12T12:55:00Z

value	0.00478
scoring_system	epss
scoring_elements	0.65021
published_at	2026-04-11T12:55:00Z

value	0.00478
scoring_system	epss
scoring_elements	0.65004
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-46849

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055805
reference_id	1055805
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055805

reference_url

https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/

reference_id

access-server-security-update-cve-2023-46849-cve-2023-46850

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-11T14:28:40Z/

url

https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/

reference_url

https://community.openvpn.net/openvpn/wiki/CVE-2023-46849

reference_id

CVE-2023-46849

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-11T14:28:40Z/

url

https://community.openvpn.net/openvpn/wiki/CVE-2023-46849

reference_url

https://www.debian.org/security/2023/dsa-5555

reference_id

dsa-5555

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-11T14:28:40Z/

url

https://www.debian.org/security/2023/dsa-5555

reference_url	https://security.gentoo.org/glsa/202409-08
reference_id	GLSA-202409-08
reference_type
scores
url	https://security.gentoo.org/glsa/202409-08

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/

reference_id

L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-11T14:28:40Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/

reference_id

O54I7D753V6PU6XBU26FEROD2DSHEJQ4

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-11T14:28:40Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/

reference_url	https://usn.ubuntu.com/6484-1/
reference_id	USN-6484-1
reference_type
scores
url	https://usn.ubuntu.com/6484-1/

fixed_packages

url	pkg:deb/debian/openvpn@0?distro=trixie
purl	pkg:deb/debian/openvpn@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@0%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.5.1-3?distro=trixie
purl	pkg:deb/debian/openvpn@2.5.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.5.1-3%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u2?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.3-1%252Bdeb12u2%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u4?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.3-1%252Bdeb12u4%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.7-1?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.7-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.7-1%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.14-1%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.14-1%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.14-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.7.0-1?distro=trixie
purl	pkg:deb/debian/openvpn@2.7.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.7.0-1%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.7.1-1?distro=trixie
purl	pkg:deb/debian/openvpn@2.7.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.7.1-1%3Fdistro=trixie

aliases CVE-2023-46849

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ttj5-upnp-3qfd

url VCID-w1eu-fbhk-pucv

vulnerability_id VCID-w1eu-fbhk-pucv

summary OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-4877

reference_id

reference_type

scores

value	0.00234
scoring_system	epss
scoring_elements	0.46304
published_at	2026-04-18T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.4627
published_at	2026-04-11T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46241
published_at	2026-04-12T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46251
published_at	2026-04-13T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46308
published_at	2026-04-16T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46221
published_at	2026-04-02T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.4624
published_at	2026-04-04T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46188
published_at	2026-04-07T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46244
published_at	2026-04-08T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46246
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-4877

reference_url

https://community.openvpn.net/openvpn/wiki/CVE-2024-4877

reference_id

CVE-2024-4877

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-04T13:23:24Z/

url

https://community.openvpn.net/openvpn/wiki/CVE-2024-4877

reference_url

https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07634.html

reference_id

msg07634.html

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-04T13:23:24Z/

url

https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07634.html

fixed_packages

url	pkg:deb/debian/openvpn@0?distro=trixie
purl	pkg:deb/debian/openvpn@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@0%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.5.1-3?distro=trixie
purl	pkg:deb/debian/openvpn@2.5.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.5.1-3%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u4?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.3-1%252Bdeb12u4%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.14-1%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.14-1%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.14-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.7.0-1?distro=trixie
purl	pkg:deb/debian/openvpn@2.7.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.7.0-1%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.7.1-1?distro=trixie
purl	pkg:deb/debian/openvpn@2.7.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.7.1-1%3Fdistro=trixie

aliases CVE-2024-4877

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w1eu-fbhk-pucv

url VCID-xwnt-nju3-yybg

vulnerability_id VCID-xwnt-nju3-yybg

summary Insufficient epoch key slot processing in OpenVPN 2.7_alpha1 through 2.7_rc5 allows remote authenticated users to trigger an assert resulting in a denial of service

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-15497

reference_id

reference_type

scores

value	0.00057
scoring_system	epss
scoring_elements	0.18177
published_at	2026-04-04T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.18124
published_at	2026-04-02T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17878
published_at	2026-04-07T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20579
published_at	2026-04-18T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20689
published_at	2026-04-11T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20646
published_at	2026-04-12T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20593
published_at	2026-04-13T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20581
published_at	2026-04-16T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.2061
published_at	2026-04-08T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20669
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-15497

reference_url

https://community.openvpn.net/Security%20Announcements/CVE-2025-15497

reference_id

CVE-2025-15497

reference_type

scores

value	3.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-30T19:29:17Z/

url

https://community.openvpn.net/Security%20Announcements/CVE-2025-15497

reference_url

https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00156.html

reference_id

msg00156.html

reference_type

scores

value	3.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-30T19:29:17Z/

url

https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00156.html

fixed_packages

url	pkg:deb/debian/openvpn@0?distro=trixie
purl	pkg:deb/debian/openvpn@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@0%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.5.1-3?distro=trixie
purl	pkg:deb/debian/openvpn@2.5.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.5.1-3%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u4?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.3-1%2Bdeb12u4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.3-1%252Bdeb12u4%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.6.14-1%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/openvpn@2.6.14-1%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.6.14-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.7.0~rc5-1?distro=trixie
purl	pkg:deb/debian/openvpn@2.7.0~rc5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.7.0~rc5-1%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.7.0-1?distro=trixie
purl	pkg:deb/debian/openvpn@2.7.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.7.0-1%3Fdistro=trixie

url	pkg:deb/debian/openvpn@2.7.1-1?distro=trixie
purl	pkg:deb/debian/openvpn@2.7.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@2.7.1-1%3Fdistro=trixie

aliases CVE-2025-15497

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xwnt-nju3-yybg

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openvpn@0%3Fdistro=trixie

Package Instance