GnuTLS vulnerabilities: known CVEs & security history
GNU · Security / Crypto · 75 tracked CVEs · 0 actively exploited · updated June 2026 · what is a CVE? →
This is the full list of known vulnerabilities (CVEs) across all GnuTLS release lines — 75 in total. A CVE here doesn't mean your version is affected — check GnuTLS's current status and the safe version to run.
Known GnuTLS CVEs
Actively-exploited and most-severe first. Open any CVE for full details.
| CVE | Severity | CVSS | EPSS | Year |
|---|---|---|---|---|
| CVE-2021-20232 | critical | 9.8 | 3% | 2021 |
| CVE-2021-20231 | critical | 9.8 | 4% | 2021 |
| CVE-2017-5337 | critical | 9.8 | 6% | 2017 |
| CVE-2017-5336 | critical | 9.8 | 7% | 2017 |
| CVE-2017-5334 | critical | 9.8 | 33% | 2017 |
| CVE-2009-3555 | critical | 9.8 | 87% | 2009 |
| CVE-2008-1948 | high | 10 | 12% | 2008 |
| CVE-2008-1949 | high | 9.3 | 6% | 2008 |
| CVE-2004-2531 | high | 7.8 | 2% | 2004 |
| CVE-2008-2377 | high | 7.6 | 5% | 2008 |
| CVE-2026-42009 | high | 7.5 | 1% | 2026 |
| CVE-2026-33845 | high | 7.5 | 1% | 2026 |
| CVE-2026-1584 | high | 7.5 | 1% | 2026 |
| CVE-2024-0567 | high | 7.5 | 1% | 2024 |
| CVE-2024-0553 | high | 7.5 | 2% | 2024 |
| CVE-2022-2509 | high | 7.5 | 1% | 2022 |
| CVE-2020-24659 | high | 7.5 | 4% | 2020 |
| CVE-2015-0294 | high | 7.5 | 2% | 2020 |
| CVE-2016-4456 | high | 7.5 | 2% | 2017 |
| CVE-2017-7507 | high | 7.5 | 3% | 2017 |
| CVE-2017-7869 | high | 7.5 | 3% | 2017 |
| CVE-2017-5335 | high | 7.5 | 8% | 2017 |
| CVE-2016-7444 | high | 7.5 | 2% | 2016 |
| CVE-2015-3308 | high | 7.5 | 4% | 2015 |
| CVE-2014-3468 | high | 7.5 | 4% | 2014 |
| CVE-2012-1663 | high | 7.5 | 5% | 2012 |
| CVE-2010-0731 | high | 7.5 | 3% | 2010 |
| CVE-2009-2730 | high | 7.5 | 2% | 2009 |
| CVE-2009-1416 | high | 7.5 | 4% | 2009 |
| CVE-2023-0361 | high | 7.4 | 1% | 2023 |
| CVE-2020-13777 | high | 7.4 | 18% | 2020 |
| CVE-2020-11501 | high | 7.4 | 3% | 2020 |
| CVE-2026-42010 | high | 7.1 | 1% | 2026 |
| CVE-2014-3466 | medium | 6.8 | 11% | 2014 |
| CVE-2009-1390 | medium | 6.8 | 2% | 2009 |
| CVE-2026-3833 | medium | 6.5 | 1% | 2026 |
| CVE-2025-32990 | medium | 6.5 | 1% | 2025 |
| CVE-2025-32988 | medium | 6.5 | 1% | 2025 |
| CVE-2021-4209 | medium | 6.5 | 1% | 2022 |
| CVE-2023-5981 | medium | 5.9 | 1% | 2023 |
| CVE-2015-8313 | medium | 5.9 | 2% | 2019 |
| CVE-2019-3836 | medium | 5.9 | 3% | 2019 |
| CVE-2018-10845 | medium | 5.9 | 4% | 2018 |
| CVE-2018-10844 | medium | 5.9 | 4% | 2018 |
| CVE-2008-4989 | medium | 5.9 | 2% | 2008 |
| CVE-2014-1959 | medium | 5.8 | 3% | 2014 |
| CVE-2014-0092 | medium | 5.8 | 30% | 2014 |
| CVE-2009-5138 | medium | 5.8 | 2% | 2014 |
| CVE-2018-16868 | medium | 5.6 | 1% | 2018 |
| CVE-2018-10846 | medium | 5.6 | 0% | 2018 |
| CVE-2025-32989 | medium | 5.3 | 1% | 2025 |
| CVE-2019-3829 | medium | 5.3 | 59% | 2019 |
| CVE-2009-2409 | medium | 5.1 | 5% | 2009 |
| CVE-2015-6251 | medium | 5 | 19% | 2015 |
| CVE-2015-0282 | medium | 5 | 1% | 2015 |
| CVE-2014-8564 | medium | 5 | 3% | 2014 |
| CVE-2014-3465 | medium | 5 | 7% | 2014 |
| CVE-2014-3469 | medium | 5 | 4% | 2014 |
| CVE-2014-3467 | medium | 5 | 7% | 2014 |
| CVE-2013-4487 | medium | 5 | 2% | 2013 |
| CVE-2013-4466 | medium | 5 | 2% | 2013 |
| CVE-2013-2116 | medium | 5 | 4% | 2013 |
| CVE-2012-1573 | medium | 5 | 4% | 2012 |
| CVE-2012-1569 | medium | 5 | 4% | 2012 |
| CVE-2006-7239 | medium | 5 | 2% | 2010 |
| CVE-2009-1417 | medium | 5 | 1% | 2009 |
| CVE-2008-1950 | medium | 5 | 5% | 2008 |
| CVE-2006-4790 | medium | 5 | 2% | 2006 |
| CVE-2005-1431 | medium | 5 | 2% | 2005 |
| CVE-2014-8155 | medium | 4.3 | 1% | 2015 |
| CVE-2012-0390 | medium | 4.3 | 1% | 2012 |
| CVE-2011-4128 | medium | 4.3 | 2% | 2011 |
| CVE-2009-1415 | medium | 4.3 | 8% | 2009 |
| CVE-2013-1619 | medium | 4 | 6% | 2013 |
| CVE-2026-3832 | low | 3.7 | 1% | 2026 |
Is my GnuTLS version affected?
The list above spans every release. To know whether your version is affected — and the minimum safe version to upgrade to — check it directly.
Check your GnuTLS version → · Monitor GnuTLS for new CVEs →
GnuTLS vulnerabilities — frequently asked
How many known vulnerabilities does GnuTLS have?
IsItPatched tracks 75 CVEs for GnuTLS. 6 are critical-severity and 27 high-severity. These span every release line — what matters is whether the version you run is affected.
Does GnuTLS have any actively-exploited vulnerabilities?
None of GnuTLS's tracked CVEs are currently in CISA's KEV catalog — but new ones can be added at any time, so keep your version current.
What is the most severe GnuTLS vulnerability?
Among tracked issues, CVE-2021-20232 (CRITICAL, CVSS 9.8) ranks highest — a Use-after-free weakness.
Is GnuTLS safe to use?
It depends on the version. The latest supported GnuTLS release clears the known issues; older versions may still be affected. Check the exact version you run for a verdict.
CVE data aggregated from NVD, CISA KEV and EPSS (FIRST.org). Related: GnuTLS security status · GnuTLS end-of-life · actively-exploited CVEs. Always verify against GNU's advisories — see our disclaimer.