CVE Number Date Vulnerability Information Vulnerable Files
CVE-2020-1763 May 11, 2020 IKEv1 Informational Exchange messages causes restart 3.27 - 3.31 Patches
CVE-2019-10155 Jun 10, 2019 IKEv1 Informational exchange integrity check failure 3.0 - 3.28 Patches
CVE-2019-12312 Jun 4, 2019 IKEv2 bogus Informational Exchange request can cause NULL pointer dereference 3.27 Patches
CVE-2016-5391 Jul 25, 2016 IKEv2 bogus proposal lacking DH transform causes restart 3.17 Patches
CVE-2016-5361 Jun 14, 2016 MITRE mistakenly issues CVE-2016-5361 none -
CVE-2016-3071 Apr 4, 2016 IKEv2 aes_xcbc transform causes restart of IKE daemon 3.16 Patches
CVE-2015-3240 Aug 24, 2015 bad DH g^x by remote peer causes IKE daemon restart 3.0 - 3.15 Patches
CVE-2015-3204 Jun 1, 2015 malicious payload causes IKE daemon restart 3.9 - 3.12 Patches
CVE-2013-6467 Jan 15, 2014 dereferencing missing IKEv2 payloads causes restart 3.0 - 3.7 Patches
CVE-2013-4564 Dec 10, 2013 Denial of Service with bogus IKE packet 3.6 -
CVE-2013-6467 May 13, 2013 remote buffer overflow in atodn() 3.0 - 3.1 Patches
The Libreswan Project also assisted with some openswan CVE's and strongswan CVE's.

Security issues can be reported to security at libreswan.org. Our OpenPGP encryption key can be found on our website, and also on the PGP key servers.