Crypto

This hub aggregates every CVE we track for Crypto, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Crypto.

• CVE-2026-46595Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh10.0May 22, 2026
• CVE-2026-46598Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent5.3May 22, 2026
• CVE-2026-42508Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts9.1May 22, 2026
• CVE-2026-39827Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh6.5May 22, 2026
• CVE-2026-39834Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh9.1May 22, 2026
• CVE-2026-39830Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh9.1May 22, 2026
• CVE-2026-39831Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh9.1May 22, 2026
• CVE-2026-39829Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh7.5May 22, 2026
• CVE-2026-46597Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh7.5May 22, 2026
• CVE-2026-39828Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh6.3May 22, 2026
• CVE-2026-39835Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh5.3May 22, 2026
• CVE-2026-39833Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent9.1May 22, 2026
• CVE-2026-39832Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent9.1May 22, 2026
• CVE-2026-22863Deno node:crypto doesn't finalize cipher7.5Jan 15, 2026
• CVE-2025-47914Malformed constraint may cause denial of service in golang.org/x/crypto/ssh/agent5.3Nov 19, 2025