Google BoringSSL BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Google BoringSSL.
By the Year
In 2025 there have been 0 vulnerabilities in Google BoringSSL. BoringSSL did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 4.70 |
It may take a day or so for new BoringSSL vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Google BoringSSL Security Vulnerabilities
BoringSSL through 2018-06-14
CVE-2018-12440
4.7 - Medium
- June 15, 2018
BoringSSL through 2018-06-14 allows a memory-cache side-channel attack on DSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a DSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
Information Disclosure
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Google BoringSSL or by Google? Click the Watch button to subscribe.
