Ssh

This hub aggregates every CVE we track for Ssh, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Ssh.

• CVE-2025-47913Potential denial of service in golang.org/x/crypto/ssh/agent7.5Nov 13, 2025
• CVE-2025-22869Potential denial of service in golang.org/x/crypto7.5Feb 26, 2025
• CVE-2023-48795The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (fr...5.9Dec 18, 2023
• CVE-2021-43565The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.7.5Sep 6, 2022
• CVE-2022-30959A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials ...6.5May 17, 2022
• CVE-2022-30958A cross-site request forgery (CSRF) vulnerability in Jenkins SSH Plugin 2.6.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs ob...8.8May 17, 2022
• CVE-2022-30957A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.4.3May 17, 2022
• CVE-2022-27191The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.7.5Mar 18, 2022
• CVE-2020-29652A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.7.5Dec 17, 2020
• CVE-2017-1000245The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file.9.8Nov 1, 2017
• CVE-2011-0766The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, wh...7.8May 31, 2011
• CVE-2002-1715SSH 1 through 3, and possibly other versions, allows local users to bypass restricted shells such as rbash or rksh by uploading a script to a world-writeable directory, then executing that script t...7.2Jun 21, 2005
• CVE-2001-1473The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the t...7.5Apr 21, 2005
• CVE-2001-1470The IDEA cipher as implemented by SSH1 does not protect the final block of a message against modification, which allows remote attackers to modify the block without detection by changing its cyclic...5.0Apr 21, 2005
• CVE-2001-1476SSH before 2.0, with RC4 encryption and the "disallow NULL passwords" option enabled, makes it easier for remote attackers to guess portions of user passwords by replaying user sessions with certai...7.5Apr 21, 2005