It advised the public to change passwords for sites affected by the flaw once they had confirmed they were secure.
However, an official added that there had not been any reported attacks or malicious incidents.
The alert comes as several makers of net hardware and software revealed some of their products had been compromised.
Affected equipment includes network routers and switches, video conferencing kit, phone call software, firewalls and apps that let workers remotely access company data.
The encryption flaw can potentially be exploited to steal passwords and secret keys used to protect computer users.
Experts say home kit is less at risk.
There had been reports that domestic home networking equipment – such as Wi-Fi routers – might also make use of unpatched versions of the OpenSSL cryptographic library used to digitally scramble sensitive data.
However, a security researcher at the University of Cambridge’s Computer Laboratory said he thought this would be a relatively rare occurrence.
News of the Heartbleed bug emerged on Monday when Google Security and Codenomicon – a Finnish security company – revealed that a flaw had existed in OpenSSL for more than two years.
This had made it possible to impersonate services and users, and potentially eavesdrop on data communications.
The flaw only exposed 64K of data at a time, but a malicious party could theoretically make repeated grabs until they had the information they wanted.
The website set up to publicize the danger noted that it was possible to carry out such an attack “without leaving a trace”, making it impossible to know for sure if criminals or cyberspies had taken advantage of it.
Media reports initially focused on the risk of logging into compromised online services such as webmail, cloud storage and banking, with some – but not all – companies suggesting users should reset their passwords.
Warnings from companies including Cisco, Juniper, Fortinet, Red Hat and Watchguard Technologies that some of their internet products are compromised may now place the spotlight on the corporate sector.
The US government has said that it was working with third-party organizations “to determine the potential vulnerabilities to computer systems that control essential systems – like critical infrastructure, user-facing and financial systems”.
Meanwhile, officials suggested members of the public should “closely monitor your email accounts, bank accounts, social media accounts and other online assets for irregular or suspicious activity, such as abnormal purchases or messages”.
The US House Ethics Committee has voted to release its report on former Republican Representative…
ABC News has agreed to pay $15 million to President-elect Donald Trump to settle a…
South Korea’s parliament has voted to impeach President Yoon Suk Yeol over his failed attempt…
Israeli war planes have carried out more than 100 air strikes in Syria on December…
President-elect Donald Trump has threatened to impose 100% tariffs on the BRICS countries if they…
Syrian troops have withdrawn from the city of Aleppo following an offensive by rebels opposed…