Skip to content

[automatic] Publish 40 advisories for OpenSSL_jll, Openresty_jll and libnode_jll #206

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[automatic] Publish 40 advisories for OpenSSL_jll, Openresty_jll and libnode_jll #206

wants to merge 1 commit into from

Conversation

@jlsec-bot
Copy link
Contributor

@jlsec-bot jlsec-bot commented Oct 22, 2025
edited
Loading

This action searched --project=openssl, checking 256 (+8) advisories from NVD and 70 (+7) from EUVD for advisories that pertain here. It identified 40 advisories as being related to the Julia package(s): OpenSSL_jll, Openresty_jll, and libnode_jll.

40 advisories found concrete vulnerable ranges

  • CVE-2019-1547 for packages: OpenSSL_jll
    • OpenSSL_jll computed ["< 1.1.1+2"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll has no vulnerable versions; some versions contain vulnerable openssl:openssl. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2019-1549 for packages: OpenSSL_jll
    • OpenSSL_jll computed ["< 1.1.1+2"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll has no vulnerable versions; some versions contain vulnerable openssl:openssl. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2019-1551 for packages: OpenSSL_jll, and Openresty_jll
    • OpenSSL_jll computed ["< 1.1.1+2"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll computed ["< 1.19.9+0"]. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2019-1552 for packages: OpenSSL_jll
    • OpenSSL_jll computed ["< 1.1.1+2"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll has no vulnerable versions; some versions contain vulnerable openssl:openssl. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2019-1563 for packages: OpenSSL_jll
    • OpenSSL_jll computed ["< 1.1.1+2"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll has no vulnerable versions; some versions contain vulnerable openssl:openssl. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2020-1967 for packages: OpenSSL_jll
    • OpenSSL_jll computed [">= 1.1.1+2, < 1.1.10+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll has no vulnerable versions; some versions contain vulnerable openssl:openssl. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2020-1968 for packages: Openresty_jll
    • OpenSSL_jll has no vulnerable versions; some versions contain vulnerable openssl:openssl. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll computed ["< 1.19.9+0"]. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2020-1971 for packages: OpenSSL_jll, and Openresty_jll
    • libnode_jll has no vulnerable versions; some versions contain vulnerable nodejs:node.js. Its latest version (18.12.1+0) has components: {node-v = "18.12.1", nodejs = "18.12.1"}
    • OpenSSL_jll computed ["< 1.1.10+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll computed ["< 1.19.9+0"]. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2021-23839 for packages: Openresty_jll
    • OpenSSL_jll has no vulnerable versions; some versions contain vulnerable openssl:openssl. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll computed ["< 1.19.9+0"]. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2021-23840 for packages: OpenSSL_jll, and Openresty_jll
    • libnode_jll has no vulnerable versions; some versions contain vulnerable nodejs:node.js. Its latest version (18.12.1+0) has components: {node-v = "18.12.1", nodejs = "18.12.1"}
    • OpenSSL_jll computed ["< 1.1.10+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll computed ["< 1.19.9+0"]. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2021-23841 for packages: OpenSSL_jll, and Openresty_jll
    • OpenSSL_jll computed ["< 1.1.10+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll computed ["< 1.19.9+0"]. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2021-3449 for packages: OpenSSL_jll
    • libnode_jll has no vulnerable versions; some versions contain vulnerable nodejs:node.js. Its latest version (18.12.1+0) has components: {node-v = "18.12.1", nodejs = "18.12.1"}
    • OpenSSL_jll computed ["< 1.1.10+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll has no vulnerable versions; some versions contain vulnerable openssl:openssl. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2021-3711 for packages: OpenSSL_jll
    • OpenSSL_jll computed ["< 1.1.13+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll has no vulnerable versions; some versions contain vulnerable openssl:openssl. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2021-3712 for packages: OpenSSL_jll, and Openresty_jll
    • OpenSSL_jll computed ["< 1.1.13+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll computed ["< 1.19.9+0"]. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2021-4160 for packages: OpenSSL_jll, and Openresty_jll
    • OpenSSL_jll computed ["< 1.1.13+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll computed ["< 1.21.4+0"]. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2022-0778 for packages: libnode_jll, OpenSSL_jll, and Openresty_jll
    • libnode_jll computed ["< 16.17.0+0"]. Its latest version (18.12.1+0) has components: {node-v = "18.12.1", nodejs = "18.12.1"}
    • OpenSSL_jll computed ["< 1.1.14+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • MariaDB_Connector_C_jll has no vulnerable versions; some versions contain vulnerable mariadb:mariadb. Its latest version (3.3.9+0) has components: {mariadb-connector-c = "3.3.9"}
    • Openresty_jll computed ["< 1.21.4+0"]. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2022-1292 for packages: OpenSSL_jll, and Openresty_jll
    • OpenSSL_jll computed ["< 1.1.16+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll computed ["< 1.21.4+0"]. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2022-2068 for packages: OpenSSL_jll, and Openresty_jll
    • OpenSSL_jll computed ["< 1.1.16+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll computed ["< 1.21.4+0"]. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2022-2097 for packages: OpenSSL_jll, and Openresty_jll
    • OpenSSL_jll computed ["< 1.1.17+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll computed [">= 1.19.9+0, < 1.27.1+0"]. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2022-4304 for packages: OpenSSL_jll, and Openresty_jll
    • OpenSSL_jll computed ["< 1.1.20+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll computed ["< 1.27.1+0"]. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2022-4450 for packages: OpenSSL_jll, and Openresty_jll
    • OpenSSL_jll computed ["< 1.1.20+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll computed [">= 1.19.9+0, < 1.27.1+0"]. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2023-0215 for packages: OpenSSL_jll, and Openresty_jll
    • OpenSSL_jll computed ["< 1.1.20+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll computed ["< 1.27.1+0"]. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2023-0286 for packages: OpenSSL_jll, and Openresty_jll
    • OpenSSL_jll computed ["< 1.1.20+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll computed ["< 1.27.1+0"]. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2023-0464 for packages: OpenSSL_jll, and Openresty_jll
    • OpenSSL_jll computed ["< 1.1.21+0", ">= 3.0.8+0, < 3.0.9+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll computed ["< 1.27.1+0"]. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2023-0465 for packages: OpenSSL_jll, and Openresty_jll
    • OpenSSL_jll computed ["< 1.1.21+0", ">= 3.0.8+0, < 3.0.9+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll computed ["< 1.27.1+0"]. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2023-0466 for packages: OpenSSL_jll, and Openresty_jll
    • OpenSSL_jll computed ["< 1.1.21+0", ">= 3.0.8+0, < 3.0.9+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll computed ["< 1.27.1+0"]. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2023-1255 for packages: OpenSSL_jll
    • OpenSSL_jll computed [">= 3.0.8+0, < 3.0.9+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll has no vulnerable versions; some versions contain vulnerable openssl:openssl. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2023-2650 for packages: OpenSSL_jll, and Openresty_jll
    • OpenSSL_jll computed ["< 1.1.21+0", ">= 3.0.8+0, < 3.0.9+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll computed ["< 1.27.1+0"]. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2023-2975 for packages: OpenSSL_jll
    • OpenSSL_jll computed [">= 3.0.8+0, < 3.0.10+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll has no vulnerable versions; some versions contain vulnerable openssl:openssl. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2023-3817 for packages: OpenSSL_jll, and Openresty_jll
    • OpenSSL_jll computed ["< 1.1.22+0", ">= 3.0.8+0, < 3.0.10+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll computed ["< 1.27.1+0"]. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2023-4807 for packages: OpenSSL_jll, and Openresty_jll
    • OpenSSL_jll computed ["< 1.1.23+0", ">= 3.0.8+0, < 3.0.11+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll computed [">= 1.19.9+0, < 1.27.1+0"]. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2023-5363 for packages: OpenSSL_jll
    • OpenSSL_jll computed [">= 3.0.8+0, < 3.0.12+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll has no vulnerable versions; some versions contain vulnerable openssl:openssl. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2023-5678 for packages: OpenSSL_jll, and Openresty_jll
    • OpenSSL_jll computed ["< 3.0.13+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll computed ["< 1.27.1+0"]. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2023-6129 for packages: OpenSSL_jll
    • OpenSSL_jll computed [">= 3.0.8+0, < 3.0.13+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll has no vulnerable versions; some versions contain vulnerable openssl:openssl. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2024-0727 for packages: OpenSSL_jll, and Openresty_jll
    • OpenSSL_jll computed ["< 3.0.13+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll computed ["< 1.27.1+0"]. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2024-5535 for packages: OpenSSL_jll, and Openresty_jll
    • OpenSSL_jll computed ["< 3.0.15+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll computed ["< 1.27.1+0"]. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2024-6119 for packages: OpenSSL_jll
    • OpenSSL_jll computed [">= 3.0.8+0, < 3.0.15+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll has no vulnerable versions; some versions contain vulnerable openssl:openssl. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2025-4575 for packages: OpenSSL_jll
    • OpenSSL_jll computed [">= 3.5.0+0, < 3.5.1+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll has no vulnerable versions; some versions contain vulnerable openssl:openssl. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2025-9231 for packages: OpenSSL_jll
    • OpenSSL_jll computed [">= 3.5.0+0, < 3.5.4+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll has no vulnerable versions; some versions contain vulnerable OpenSSL:OpenSSL. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
  • CVE-2025-9232 for packages: OpenSSL_jll
    • OpenSSL_jll computed [">= 3.0.16+0, < 3.5.4+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
    • Openresty_jll has no vulnerable versions; some versions contain vulnerable OpenSSL:OpenSSL. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}

@jlsec-bot jlsec-bot force-pushed the search-project_openssl branch from 103b051 to 7447196 Compare November 3, 2025 16:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jlsec-bot @mbauman