OpenSSL

OpenSSL’s security advisories page is the canonical known-issues surface for the library. Every CVE that has mattered in TLS stacks for two decades traces back here: Heartbleed in 2014 exposed arbitrary memory reads through a malformed heartbeat extension; subsequent advisories documented padding-oracle vulnerabilities, DROWN, and a long series of renegotiation-handling failures. The page is chronological and machine-readable enough to diff against a deployed version.

The advisory archive earns its weight during TLS-stack upgrades. OpenSSL ships across enough distributions, language runtimes, and embedded systems that a single version bump can close three advisories or inadvertently introduce a regression depending on which patch branch is being tracked. Checking the advisory page before an upgrade is the kind of step that reads as overhead until the one time it is not.