openstack
295 tracked vulnerabilities.
CVE-2026-43001
HIGH
OpenStack Keystone 13-29 - Privilege Escalation
May 01, 2026
CVSS 7.9
EPSS 0.00
CVE-2026-42510
MEDIUM
OpenStack Ironic <=25.0.0 - Command Injection
Apr 28, 2026
CVSS 6.6
EPSS 0.01
CVE-2026-40683
HIGH
OpenStack Keystone <25.0.1 - Auth Bypass
Apr 14, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-40212
MEDIUM
OpenStack Skyline < 5.0.1, 6.0.0, 7.0.0 - DOM-based Cross-Site Scripting via Unsafe document.write
Apr 10, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-33551
LOW
OpenStack Keystone <26.1.1 - Privilege Escalation
Apr 10, 2026
CVSS 3.5
EPSS 0.00
CVE-2026-34881
MEDIUM
OpenStack Glance <29.1.1, 30.x<30.1.1, 31.0.0 SSRF via Image Import URL Redirect
Mar 31, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-28370
CRITICAL
OpenStack Vitrage <12.0.1,13.0.0,14.0.0,15.0.0 - Code Injection
Feb 27, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-24708
HIGH
OpenStack Nova <30.2.2 - Memory Corruption
Feb 18, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-22797
CRITICAL
OpenStack keystonemiddleware <10.7.2, 10.8, 10.9 before 10.9.1, 10....
Jan 19, 2026
CVSS 9.9
EPSS 0.01
CVE-2025-65073
HIGH
OpenStack Keystone < 26.0.1, 27.0.0, 28.0.0 - Incorrect Authorization via AWS Signature
Nov 17, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-44021
LOW
OpenStack Ironic < 24.1.3, 24-24.1.3, 25-26.1.1, 27-29.0.1 - Arbitrary File Write via Image Handling
May 08, 2025
CVSS 2.8
EPSS 0.00
CVE-2024-7319
MEDIUM
openstack-heat - Exposure of Sensitive Information via Stack Abandon Command
Aug 02, 2024
CVSS 5.0
EPSS 0.00
CVE-2024-40767
MEDIUM
OpenStack Nova <27.4.1,28.2.1,29.1.1 - Info Disclosure
Jul 24, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-32498
MEDIUM
OpenStack <24.0.0, <28.0.2, <29.0.3 - Info Disclosure
Jul 05, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-28718
CRITICAL
OpenStack Magnum - Remote Code Execution via cert_manager.py TOCTOU Race Condition
Apr 12, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-29156
MEDIUM
OpenStack Murano <16.0.0 - Info Disclosure
Mar 18, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-1141
MEDIUM
python-glance-store - Info Disclosure
Feb 01, 2024
CVSS 5.5
EPSS 0.00
CVE-2023-1636
MEDIUM
OpenStack Barbican - Privilege Escalation
Sep 24, 2023
CVSS 6.0
EPSS 0.00
CVE-2023-1633
MEDIUM
OpenStack Barbican - Info Disclosure
Sep 24, 2023
CVSS 6.6
EPSS 0.00
CVE-2023-1625
HIGH
OpenStack Heat - Authenticated Information Disclosure via Stack Show Command
Sep 24, 2023
CVSS 7.4
EPSS 0.01
CVE-2022-45582
MEDIUM
OpenStack Horizon 19.4.0-20.1.4 - Open Redirect via success_url Parameter
Aug 22, 2023
CVSS 6.1
EPSS 0.01
CVE-2022-3146
MEDIUM
tripleo-ansible - Unauthenticated Sensitive Information Exposure via Insecure File Permissions
Mar 23, 2023
CVSS 5.5
EPSS 0.00
CVE-2022-3101
MEDIUM
tripleo-ansible - Information Disclosure via Insecure File Permissions
Mar 23, 2023
CVSS 5.5
EPSS 0.00
CVE-2022-4134
LOW
openstack-glance - Privilege Escalation
Mar 06, 2023
CVSS 2.8
EPSS 0.00
CVE-2022-3277
MEDIUM
openstack-neutron < 18.6.0 and >=19.0.0.0rc1 <19.5.0 - Authenticated Denial of Service via Security Group Query
Mar 06, 2023
CVSS 6.5
EPSS 0.01
Products
keystone 44
nova 39
folsom 25
neutron 25
horizon 22
essex 15
image_registry_and_delivery_service_\(glance\) 15
grizzly 14
swift 14
Ironic 12
compute 12
glance 12
havana 11
cinder 9
ironic 9
Keystone 8
heat 7
python-keystoneclient 7
barbican 5
tripleo_heat_templates 5
icehouse 4
keystonemiddleware 4
trove 3
Cyborg 2
Horizon 2
Neutron 2
Nova 2
Swift 2
ceilometer 2
cloud_magnum_orchestration 2
Quick Filters