oss-security mailing list

Follow @Openwall on Twitter for new release announcements and other news

oss-security mailing list

	Jan	Feb	Mar	Apr	May	Jun	Jul	Aug	Sep	Oct	Nov	Dec
2026	141	103	71
2025	92	75	93	105	94	100	69	75	107	112	106	140
2024	80	100	178	197	72	47	128	107	58	52	87	44
2023	69	62	100	107	99	78	87	60	122	198	86	101
2022	116	50	47	79	83	58	77	86	76	70	95	108
2021	92	91	98	90	88	59	61	82	49	76	60	47
2020	52	47	38	82	70	67	76	64	71	85	90	66
2019	102	48	49	86	51	103	107	80	71	75	67	70
2018	122	81	84	81	71	104	71	135	78	120	75	84
2017	252	278	171	171	209	278	225	157	214	162	196	93
2016	258	207	271	183	267	193	214	184	287	294	257	241
2015	377	336	355	319	277	243	266	197	195	206	205	208
2014	214	252	249	211	183	317	273	201	413	485	382	318
2013	217	323	246	258	200	201	260	265	163	203	182	199
2012	333	189	294	216	234	128	150	207	234	192	191	161
2011	153	169	318	354	159	224	258	164	137	203	241	146
2010	72	96	123	118	115	142	119	144	203	84	187	139
2009	89	81	75	114	96	59	84	99	102	122	108	74
2008		104	103	143	136	112	150	125	127	123	128	107

Recent messages:

2026/03/14 #1: Re: Remote Pre-Auth Buffer Overflow in GNU Inetutils telnetd (LINEMODE SLC) (Collin Funk <collin.funk1@...il.com>)
2026/03/13 #4: CVE-2025-54920: Apache Spark: Spark History Server Code Execution Vulnerability (Holden Karau <holden@...che.org>)
2026/03/13 #3: OpenSSL Security Advisory (Tomas Mraz <tomas@...nssl.foundation>)
2026/03/13 #2: Re: Some telnet clients leak environment variables (Stuart Henderson <stu@...cehopper.org>)
2026/03/13 #1: Some telnet clients leak environment variables (Justin Swartz <justin.swartz@...ingedge.co.za>)
2026/03/12 #10: Re: Remote Pre-Auth Buffer Overflow in GNU Inetutils telnetd (LINEMODE SLC) (Solar Designer <solar@...nwall.com>)
2026/03/12 #9: Re: Remote Pre-Auth Buffer Overflow in GNU Inetutils telnetd (LINEMODE SLC) (Paul Eggert <eggert@...ucla.edu>)
2026/03/12 #8: Re: Remote Pre-Auth Buffer Overflow in GNU Inetutils telnetd (LINEMODE SLC) (Collin Funk <collin.funk1@...il.com>)
2026/03/12 #7: Re: Multiple vulnerabilities in AppArmor (Qualys Security Advisory <qsa@...lys.com>)
2026/03/12 #6: Multiple vulnerabilities in AppArmor (Qualys Security Advisory <qsa@...lys.com>)
2026/03/12 #5: Re: Remote Pre-Auth Buffer Overflow in GNU Inetutils telnetd (LINEMODE SLC) (Solar Designer <solar@...nwall.com>)
2026/03/12 #4: Remote Pre-Auth Buffer Overflow in GNU Inetutils telnetd (LINEMODE SLC) (Justin Swartz <justin.swartz@...ingedge.co.za>)
2026/03/12 #3: OpenSSH GSSAPI keyex patch issue (Marc Deslauriers <marc.deslauriers@...onical.com>)
2026/03/12 #2: CVE-2025-66249: Apache Livy: Unauthorized directory access (György Gál <ggal@...che.org>)
2026/03/12 #1: CVE-2025-60012: Apache Livy: Restrict file access (György Gál <ggal@...che.org>)
2026/03/11 #6: [vim-security] NFA regex engine NULL pointer dereference affects Vim < 9.2.0137 (Christian Brabandt <cb@...bit.org>)
2026/03/11 #5: The GNU C Library security advisory update for 2026-03-11 (Siddhesh Poyarekar <siddhesh.poyarekar@...il.com>)
2026/03/11 #4: [ADVISORY] curl: CVE-2026-3805: use after free in SMB connection reuse (Daniel Stenberg <daniel@...x.se>)
2026/03/11 #3: [ADVISORY] curl: CVE-2026-3784: wrong proxy connection reuse with credentials (Daniel Stenberg <daniel@...x.se>)
2026/03/11 #2: [ADVISORY] curl: CVE-2026-3783: token leak with redirect and netrc (Daniel Stenberg <daniel@...x.se>)
2026/03/11 #1: [ADVISORY] curl: CVE-2026-1965: bad reuse of HTTP Negotiate connection (Daniel Stenberg <daniel@...x.se>)
2026/03/10 #1: CVE-2026-23907: Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code (Tilman Hausherr <tilman@...che.org>)
2026/03/09 #8: [kubernetes] CVE-2026-3288: ingress-nginx rewrite-target nginx configuration injection (Tabitha Sable <tabitha.c.sable@...il.com>)
2026/03/09 #7: CVE-2026-28431+more: Misskey/Sharkey "extremely severe" vulnerabilities (Valtteri Vuorikoski <vuori@...com.org>)
2026/03/09 #6: CVE-2026-25604: Apache Airflow AWS Auth Manager - Host Header Injection Leading to SAML Authentication Bypass (Jarek Potiuk <potiuk@...che.org>)
2026/03/09 #5: CVE-2026-24015: Apache IoTDB: Insecure Default Configuration Vulnerability (Haonan Hou <haonan@...che.org>)
2026/03/09 #4: CVE-2026-24713: Apache IoTDB: JEXL Expression Injection Vulnerability (Haonan Hou <haonan@...che.org>)
2026/03/09 #3: CVE-2025-64152: Apache IoTDB: Path Traversal Vulnerability (Haonan Hou <haonan@...che.org>)
2026/03/09 #2: CVE-2025-55017: Apache IoTDB: Path Traversal Vulnerability (Haonan Hou <haonan@...che.org>)
2026/03/09 #1: CVE-2025-69219: Apache Airflow Providers Http: Unsafe Pickle Deserialization in apache-airflow-providers-http leading to RCE v… (Jarek Potiuk <potiuk@...che.org>)
2026/03/08 #11: Re: Telnetd Vulnerability Report (Solar Designer <solar@...nwall.com>)
2026/03/08 #10: Re: Telnetd Vulnerability Report (Justin Swartz <justin.swartz@...ingedge.co.za>)
2026/03/08 #9: Re: AWStats awdownloadcsv.pl command injection and path traversal vulnerabilities (Hanno Böck <hanno@...eck.de>)
2026/03/08 #8: AWStats awdownloadcsv.pl command injection and path traversal vulnerabilities ("christopher.downs" <christopher.downs@...ersecurity.com>)
2026/03/08 #7: Re: Telnetd Vulnerability Report (Solar Designer <solar@...nwall.com>)
2026/03/08 #6: Re: Telnetd Vulnerability Report (Justin Swartz <justin.swartz@...ingedge.co.za>)
2026/03/08 #5: Re: Re: Telnetd Vulnerability Report (Pat Gunn <pgunn01@...il.com>)
2026/03/08 #4: Re: Telnetd Vulnerability Report (Justin Swartz <justin.swartz@...ingedge.co.za>)
2026/03/08 #3: Re: Telnetd Vulnerability Report (Solar Designer <solar@...nwall.com>)
2026/03/08 #2: CVE-2026-30910: Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows (Timothy Legge <timlegge@...nsec.org>)
2026/03/08 #1: CVE-2026-30909: Crypt::NaCl::Sodium versions through 2.002 for Perl has potential integer overflows (Timothy Legge <timlegge@...nsec.org>)
2026/03/07 #5: CVE-2026-24308: Apache ZooKeeper: Sensitive information disclosure in client configuration handling (Andor Molnar <andor@...che.org>)
2026/03/07 #4: CVE-2026-24281: Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager (Andor Molnar <andor@...che.org>)
2026/03/07 #3: Re: Telnetd Vulnerability Report (Justin Swartz <justin.swartz@...ingedge.co.za>)
2026/03/07 #2: Re: CVE-2026-28372: Telnetd Vulnerability Report (Guillem Jover <guillem@...ian.org>)
2026/03/07 #1: Re: CVE-2026-28372: Telnetd Vulnerability Report (Salvatore Bonaccorso <carnil@...ian.org>)
2026/03/06 #4: CVE-2025-69534 in Python-Markdown (Alan Coopersmith <alan.coopersmith@...cle.com>)
2026/03/06 #3: Re: CVE-2026-28372: Telnetd Vulnerability Report (Guillem Jover <guillem@...ian.org>)
2026/03/06 #2: Re: CVE-2026-28372: Telnetd Vulnerability Report (Solar Designer <solar@...nwall.com>)
2026/03/06 #1: Go 1.26.1 and Go 1.25.8 are released with 5 CVE fixes (Alan Coopersmith <alan.coopersmith@...cle.com>)
2026/03/05 #7: CVE-2025-13350 for Ubuntu Linux kernel (Seth Arnold <seth.arnold@...onical.com>)
2026/03/05 #6: Fwd: [CVE-2026-2297] SourcelessFileLoader does not use io.open_code() (Alan Coopersmith <alan.coopersmith@...cle.com>)
2026/03/05 #5: CVE-2026-3381: Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib (Robert Rothenberg <rrwo@...n.org>)
2026/03/05 #4: CVE-2026-3257: UnQLite versions through 0.06 for Perl uses a potentially insecure version of the UnQLite library (Robert Rothenberg <rrwo@...n.org>)
2026/03/05 #3: CVE-2025-40931: Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id (Robert Rothenberg <rrwo@...n.org>)
2026/03/05 #2: CVE-2025-40926: Plack::Middleware::Session::Simple versions through 0.04 for Perl generates session ids insecurely (Robert Rothenberg <rrwo@...n.org>)
2026/03/05 #1: CVE-2024-57854: Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator (Robert Rothenberg <rrwo@...n.org>)
2026/03/04 #1: Re: CVE-2026-27446: Apache Artemis, Apache ActiveMQ Artemis: Auth bypass for Core downstream federation (Yogesh Mittal <ymittal@...hat.com>)
2026/03/03 #8: Announcing FreeType 2.14.2, fixes CVE-2026-23865 (Alan Coopersmith <alan.coopersmith@...cle.com>)
2026/03/03 #7: Issue with AWS-LC: an open-source, general-purpose cryptographic library (CVE-2026-3336, CVE-2026-3337, CVE-2026-3338) (Jan Schaumann <jschauma@...meister.org>)
2026/03/03 #6: [OSSA-2026-003] OpenStack Vitrage: Remote code execution through Vitrage query parser (CVE-2026-28370) (Jeremy Stanley <fungi@...goth.org>)
2026/03/03 #5: CVE-2025-66168: Apache ActiveMQ, Apache ActiveMQ All Module, Apache ActiveMQ MQTT Module: MQTT control packet remaining… ("Christopher L. Shannon" <cshannon@...c…)
2026/03/03 #4: CVE-2026-27446: Apache Artemis, Apache ActiveMQ Artemis: Auth bypass for Core downstream federation (Justin Bertram <jbertram@...che.org>)
2026/03/03 #3: Django CVE-2026-25673 and CVE-2026-25674 (Natalia Bidart <nataliabidart@...ngoproject.com>)
2026/03/03 #2: Re: OSEC-2026-01 in the OCaml runtime: Buffer Over-Read in OCaml Marshal Deserialization (Demi Marie Obenour <demiobenour@...il.com>)
2026/03/03 #1: Fwd: [siren] [Security Advisory] Active Exploitation of Weak GitHub Actions Configurations (Solar Designer <solar@...nwall.com>)
2026/03/02 #5: CVE-2025-59059: Apache Ranger: Remote Code Execution Vulnerability in NashornScriptEngineCreator (Velmurugan Periasamy <vel@...che.org>)
2026/03/02 #4: CVE-2025-59060: Apache Ranger: Hostname verification bypass in NiFiRegistryClient and NifiClient (Velmurugan Periasamy <vel@...che.org>)
2026/03/02 #3: Exiv2 version 0.28.8 released with fixes for 3 low-severity CVEs (Kevin Backhouse <kevin.backhouse@...il.com>)
2026/03/02 #2: Re: OSEC-2026-01 in the OCaml runtime: Buffer Over-Read in OCaml Marshal Deserialization (Florian Weimer <fweimer@...hat.com>)
2026/03/02 #1: Re: OSEC-2026-01 in the OCaml runtime: Buffer Over-Read in OCaml Marshal Deserialization (Demi Marie Obenour <demiobenour@...il.com>)
2026/02/27 #13: Fwd: CVE-2018-25160: HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids,… (Robert Rothenberg <rrwo@...n.org>)
2026/02/27 #12: CVE-2026-3255: HTTP::Session2 versions before 1.12 for Perl may generate weak session ids using the rand() function (Robert Rothenberg <rob@...tmail.net>)
2026/02/27 #11: [vim-security] Stack-buffer-overflow in build_stl_str_hl() affects Vim < 9.2.0078 (Christian Brabandt <cb@...bit.org>)
2026/02/27 #10: [vim-security] Multiple Vulnerabilities in Swap File Recovery affect Vim < 9.2.0077 (Christian Brabandt <cb@...bit.org>)
2026/02/27 #9: [vim-security] Heap-based Buffer Overflow and OOB Read in :terminal affects Vim < 9.2.0076 (Christian Brabandt <cb@...bit.org>)
2026/02/27 #8: [vim-security] Heap-based Buffer Underflow in Emacs tags parsing affects Vim < 9.2.0075 (Christian Brabandt <cb@...bit.org>)
2026/02/27 #7: [vim-security] Heap-based Buffer Overflow in Emacs tags parsing affects Vim < 9.2.0074 (Christian Brabandt <cb@...bit.org>)
2026/02/27 #6: [vim-security] OS Command Injection in netrw affects Vim < 9.2.0073 (Christian Brabandt <cb@...bit.org>)
2026/02/27 #5: Re: OSEC-2026-01 in the OCaml runtime: Buffer Over-Read in OCaml Marshal Deserialization (Florian Weimer <fweimer@...hat.com>)
2026/02/27 #4: OSEC-2026-01 in the OCaml runtime: Buffer Over-Read in OCaml Marshal Deserialization (Alan Coopersmith <alan.coopersmith@...cle.com>)
2026/02/27 #3: CVE-2026-28372: Telnetd Vulnerability Report (Guillem Jover <guillem@...ian.org>)
2026/02/27 #2: Re: Re: Telnetd Vulnerability Report (Demi Marie Obenour <demiobenour@...il.com>)
2026/02/27 #1: Re: Telnetd Vulnerability Report ("Lyndon Nerenberg (VE7TFX/VE6BBM)" <lyndon@...hanc.ca>)
2026/02/26 #4: Re: Telnetd Vulnerability Report (Albert Veli <albert.veli@...il.com>)
2026/02/26 #3: Re: Re: Telnetd Vulnerability Report (Florian Weimer <fweimer@...hat.com>)
2026/02/26 #2: CVE-2026-27900 - Sensitive Information Exposure in Debug Logs of Terraform Provider for Linode ("Liang, Zhiwei" <zliang@...mai.com>)
2026/02/26 #1: Re: Telnetd Vulnerability Report (Steffen Nurpmeso <steffen@...oden.eu>)
2026/02/25 #9: Re: Telnetd Vulnerability Report ("Lyndon Nerenberg (VE7TFX/VE6BBM)" <lyndon@...hanc.ca>)
2026/02/25 #8: Re: Telnetd Vulnerability Report (Marco Moock <mm@...fdsl.de>)
2026/02/25 #7: Re: Telnetd Vulnerability Report (Steffen Nurpmeso <steffen@...oden.eu>)
2026/02/25 #6: Re: OpenSSL Security Advisory (updated text for CVE-2025-15467) (Tomas Mraz <tomas@...nssl.org>)
2026/02/25 #5: Re: Telnetd Vulnerability Report (Solar Designer <solar@...nwall.com>)
2026/02/25 #4: Re: Telnetd Vulnerability Report (kf503bla@...k.com)
2026/02/25 #3: Re: Re: Telnetd Vulnerability Report (Marco Moock <mm@...fdsl.de>)
2026/02/25 #2: Re: Telnetd Vulnerability Report (Eddie Chapman <eddie@...k.net>)
2026/02/25 #1: Re: Telnetd Vulnerability Report (Justin Swartz <justin.swartz@...ingedge.co.za>)
2026/02/24 #16: Re: Telnetd Vulnerability Report (Eddie Chapman <eddie@...k.net>)
2026/02/24 #15: Re: Telnetd Vulnerability Report (Vincent Lefevre <vincent@...c17.net>)
2026/02/24 #14: Re: Unsound Workshop at ECOOP 2026 (Solar Designer <solar@...nwall.com>)

32182 messages

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.