A problem in OpenSSL is pretty serious.
"When cybersecurity breaches break, the usual protocol is to change your password and update security software as soon as possible. However, Heartbleed is a bit different. Since the hack is untraceable, it may be impossible to know if your data has been breached. If a website you use hasn’t updated its security to fix the problem yet, hackers could grab your password as you change it (without you realizing). Though a new version of OpenSSL that patches the bug has been released, not all websites have updated their systems."
More in the link