Shadowsocks Shadowsocks

  1. Vendors
  2. Shadowsocks

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Shadowsocks product.

RSS Feeds for Shadowsocks security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Shadowsocks products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Shadowsocks Sorted by Most Security Vulnerabilities since 2018

Shadowsocks Libev3 vulnerabilities

Shadowsocksx Ng1 vulnerability

By the Year

In 2025 there have been 0 vulnerabilities in Shadowsocks. Shadowsocks did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2025 0 0.00
2024 0 0.00
2023 1 9.80
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 3 7.57

It may take a day or so for new Shadowsocks vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Shadowsocks Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2023-27574 Mar 03, 2023
ShadowsocksX-NG 1.10.0 Signed with get-task-allow via CODE_SIGNING_INJECT_BASE ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow entitlements because of CODE_SIGNING_INJECT_BASE_ENTITLEMENTS.
Shadowsocksx Ng
CVE-2019-5152 Dec 18, 2019
An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2 An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An attacker can send arbitrary packets to trigger this vulnerability.
Shadowsocks Libev
CVE-2019-5163 Dec 03, 2019
An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2 An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability.
Shadowsocks Libev
CVE-2019-5164 Dec 03, 2019
An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2 An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability.
Shadowsocks Libev
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.