Babylon's malformed vote extensions are not rejected

Summary Adversarial validators can send large vote extensions by using non-existing protobuf tags. This will result in the rejection of the subsequent block proposal. Eventually, all block proposals will be rejected by all validators. Impact A small group of adversarial validators can cause a cha...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to unknown fields that aren't checked. An attacker can disrupt consensus and cause all block proposals to be rejected by submitting specially crafted vote extensions with...

GHSA-2FCV-QWW3-9V6H Babylon's malformed vote extensions are not rejected

Summary Adversarial validators can send large vote extensions by using non-existing protobuf tags. This will result in the rejection of the subsequent block proposal. Eventually, all block proposals will be rejected by all validators. Impact A small group of adversarial validators can cause a cha...

EUVD-2025-29498

Malicious code in bioql PyPI...

EUVD-2025-29389

Malicious code in bioql PyPI...

EUVD-2025-29377

Malicious code in bioql PyPI...

EUVD-2025-29445

Malicious code in bioql PyPI...

EUVD-2025-4587

Malicious code in bioql PyPI...

EUVD-2025-29512

Malicious code in bioql PyPI...

GO-2025-3801 Babylon vulnerable to chain halt when a message modifies the validator set at the epoch boundary in github.com/babylonlabs-io/babylon

Babylon vulnerable to chain halt when a message modifies the validator set at the epoch boundary in github.com/babylonlabs-io/babylon...

GO-2025-3803 Integer Overflow vulnerability in its Validator Rewards pool can cause a chain halt in github.com/cosmos/cosmos-sdk

Integer Overflow vulnerability in its Validator Rewards pool can cause a chain halt in github.com/cosmos/cosmos-sdk...

GHSA-P22H-3M2V-CMGH Cosmos SDK's Integer Overflow vulnerability in its Validator Rewards pool can cause a chain halt

Description Name: ISA-2025-005: Integer Overflow in Cosmos SDK Component: CosmosSDK Criticality: High Considerable Impact; Likely Likelihood per ACMv1.2 Affected versions: = v0.50.13, = 0.53.2 Affected users: Validators, Full nodes, Users on chains that utilize the distribution module Cosmos SDK...

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions via the validator set modification process at the epoch boundary. An attacker can cause the chain to halt by sending a message that alters the validator set during this critical...

Babylon vulnerable to chain halt when a message modifies the validator set at the epoch boundary

Summary Sending a message that modifies the validator set at the epoch boundary halts the chain. Impact Denial of Service - Comos-sdk prevents modifying the validator set from two different modules - https://github.com/cosmos/cosmos-sdk/blob/release/v0.50.x/types/module/module.goL811. Such an...

GHSA-RJ53-J6JW-7F7G Babylon vulnerable to chain halt when a message modifies the validator set at the epoch boundary

Summary Sending a message that modifies the validator set at the epoch boundary halts the chain. Impact Denial of Service - Comos-sdk prevents modifying the validator set from two different modules - https://github.com/cosmos/cosmos-sdk/blob/release/v0.50.x/types/module/module.goL811. Such an...

PT-2025-30107 · Go · Github.Com/Babylonlabs-Io/Babylon/V2

Summary Sending a message that modifies the validator set at the epoch boundary halts the chain. Impact Denial of Service - Comos-sdk prevents modifying the validator set from two different modules - https://github.com/cosmos/cosmos-sdk/blob/release/v0.50.x/types/module/module.goL811. Such an...

PT-2025-30106 · Go · Github.Com/Cosmos/Cosmos-Sdk

Description Name: ISA-2025-005: Integer Overflow in Cosmos SDK Component: CosmosSDK Criticality: High Considerable Impact; Likely Likelihood per ACMv1.2 Affected versions: = v0.50.13, = 0.53.2 Affected users: Validators, Full nodes, Users on chains that utilize the distribution module Cosmos SDK...

GHSA-56J4-446M-QRF6 Babylon vulnerable to chain half when transaction has fees different than `ubbn`

Summary Sending transactions with fees different than native Babylon genesis denom ubbn leads to chain halt. Impact Denial of Service - Due to panic in the x/distribution module BeginBlocker triggered by a error when sending fees from feeCollector to x/distribution module -...

Babylon vulnerable to chain half when transaction has fees different than `ubbn`

Summary Sending transactions with fees different than native Babylon genesis denom ubbn leads to chain halt. Impact Denial of Service - Due to panic in the x/distribution module BeginBlocker triggered by a error when sending fees from feeCollector to x/distribution module -...

PT-2025-29193 · Go · Github.Com/Babylonlabs-Io/Babylon +1

Summary Sending transactions with fees different than native Babylon genesis denom ubbn leads to chain halt. Impact Denial of Service - Due to panic in the x/distribution module BeginBlocker triggered by a error when sending fees from feeCollector to x/distribution module -...