OpenVAS Online Scan
Online network vulnerability scanner for >50,000 security vulnerabilities
The easiest way to run OpenVAS vulnerability scans
HostedScan makes it easy to run OpenVAS and other industry-standard vulnerability scanners through an online dashboard. More than just the scanners, our platform also includes all the reporting and management features required to set up a compliant vulnerability management program for SOC 2, ISO 27001, and more.
Read on to learn more about the features and operation of OpenVAS.
Ready to run an OpenVAS scan now?
Run a free online OpenVAS vulnerability scan to see the power of HostedScan
A powerful network vulnerability scanner
OpenVAS is one of the most widely used vulnerability scanners in the world. It is an open-source project and also goes by the names GVM and Greenbone Community Edition (Greenbone are the lead project maintainers).
OpenVAS tests servers and any other network connected devices for tens of thousands of vulnerabilities and CVEs. This can be done over the internet for publicly exposed systems or over private networks. The scanner first conducts a port scan to discover what ports and services are open. It then performs additional fingerprinting and testing to check for CVEs, insecure configurations, and vulnerable outdated software versions.
How to get the best scan results with OpenVAS
- Update the vulnerability feed: OpenVAS uses the Greenbone Community Feed as its source of vulnerability data. Ensure the feed is updated in your installation before starting a scan, so that all of the latest vulnerabilities are tested. Or use a managed services, such as HostedScan which is updated daily.
- Choose the right Quality of Detection (QoD): QoD is a measure of the reliability of vulnerability tests. The default OpenVAS QoD is 70%. However, that may not be right for all systems. Learn more about setting the right QoD.
- Use "Consider Alive": To optimize speed, OpenVAS will first send a ping request to each target and skip targets which do not respond. While this can save considerable time for very large address spaces, when scanning smaller sets of targets it is better to be thorough, as not all targets may respond to ping. Using HostedScan, targets are always considered alive and scanned fully.
What CVEs can OpenVAS detect?
Here are some examples of the most common CVEs that OpenVAS detects for widely-used web technologies, in 2024.
Apache CVEs
| Vulnerability | CVEs | |
|---|---|---|
| 1 | Apache HTTP Server < 2.4.60 Multiple Vulnerabilities - Windows | CVE-2024-36387, CVE-2024-38472, CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477, CVE-2024-39573 |
| 2 | Apache HTTP Server < 2.4.59 Multiple Vulnerabilities - Windows | CVE-2023-38709, CVE-2024-24795, CVE-2024-27316 |
| 3 | Apache HTTP Server 2.4.0 - 2.4.61 SSRF Vulnerability - Windows | CVE-2024-40898 |
| 4 | Apache HTTP Server < 2.4.58 'mod_macro' Out-of-bounds Read Vulnerability - Windows | CVE-2023-31122 |
| 5 | Apache HTTP Server < 2.4.55 Multiple Vulnerabilities - Windows | CVE-2006-20001, CVE-2022-36760, CVE-2022-37436 |
| 6 | Apache HTTP Server /server-status Accessible (HTTP) | CVE-2020-25073 |
| 7 | Apache HTTP Server 2.4.17 - 2.4.57 DoS Vulnerability - Windows | CVE-2023-45802 |
| 8 | Apache HTTP Server 2.4.0 - 2.4.55 HTTP Request Smuggling Vulnerability - Windows | CVE-2023-25690 |
| 9 | Apache HTTP Server < 2.4.54 Multiple Vulnerabilities - Windows | CVE-2022-26377, CVE-2022-28330, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-30556, CVE-2022-31813 |
| 10 | Apache HTTP Server <= 2.4.52 Multiple Vulnerabilities - Windows | CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23943 |
Nginx CVEs
| Vulnerability | CVEs | |
|---|---|---|
| 1 | Nginx 1.5.13 - 1.27.0 Buffer Overread Vulnerability | CVE-2024-7347 |
| 2 | Nginx Multiple Vulnerabilities (Oct 2022) | CVE-2022-41741, CVE-2022-41742 |
| 3 | Nginx End of Life (EOL) Detection | |
| 4 | nginx <= 1.21.1 Information Disclosure Vulnerability | CVE-2013-0337 |
| 5 | nginx 0.6.18 - 1.20.0 1-byte Memory Overwrite Vulnerability | CVE-2021-23017 |
| 6 | nginx 0.7.12 < 1.17.7 HTTP Request Smuggling Vulnerability | CVE-2019-20372 |
| 7 | nginx 1.9.5 - 1.17.2 HTTP/2 Multiple DoS Vulnerabilities | CVE-2019-9511, CVE-2019-9513, CVE-2019-9516 |
| 8 | nginx 1.1.3 - 1.15.5 Denial of Service and Memory Disclosure via mp4 module | CVE-2018-16845 |
| 9 | nginx 1.9.5 < 1.14.1, 1.15.x < 1.15.6 Multiple Vulnerabilities | CVE-2018-16843, CVE-2018-16844 |
| 10 | Nginx 1.25.0 - 1.26.0 Multiple HTTP/3 Vulnerabilities | CVE-2024-31079, CVE-2024-32760, CVE-2024-34161, CVE-2024-35200 |
OpenSSL CVEs
| Vulnerability | CVEs | |
|---|---|---|
| 1 | OpenSSL OOB Memory Access Vulnerability (20241016) - Windows | CVE-2024-9143 |
| 2 | OpenSSL Buffer Overread Vulnerability (20240627) - Windows | CVE-2024-5535 |
| 3 | OpenSSL DoS Vulnerability (20231106) - Windows | CVE-2023-5678 |
| 4 | OpenSSL DoS Vulnerability (20240125) - Windows | CVE-2024-0727 |
| 5 | OpenSSL End of Life (EOL) Detection - Windows | |
| 6 | OpenSSL DoS Vulnerability (20240408) - Windows | CVE-2024-2511 |
| 7 | OpenSSL UAF Vulnerability (20240528) - Windows | CVE-2024-4741 |
| 8 | OpenSSL DoS Vulnerability (20230719) - Windows | CVE-2023-3446 |
| 9 | OpenSSL DoS Vulnerability (20230731) - Windows | CVE-2023-3817 |
| 10 | OpenSSL Multiple Vulnerabilities (20230322, 20230328, 20230530) - Windows | CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650 |
Product Information
Network Scanning
OpenVAS Scanner Highlights
Industry trusted network vulnerability scanner.
Discover out-of-date, misconfigured, and vulnerable applications.
Wordpress & Wordpress plugin vulnerabilities.
Scan servers, virtual machines, and devices.
hostedscan benefits
Platform Advantages
Always up-to-date OpenVAS installation.
Risk management platform to track vulnerabilities and reduce noise.
Continuous monitoring with scheduled scans.
Automatic alerts for new vulnerabilities.
