GHSA-54GX-3CGR-7MFM Cosmos EVM: incorrect state handling during nested EVM execution paths

Advisory ID: ASA-2026-002 Component: ICS20 Precompile Status: Resolved Published: March 2026 Contact: [email protected] --- Security Advisory ASA-2026-002 Status: Resolved. A patch is available and all known affected chains have either applied mitigations or upgraded. | Field | Value | | ---...

Cosmos EVM: incorrect state handling during nested EVM execution paths

Advisory ID: ASA-2026-002 Component: ICS20 Precompile Status: Resolved Published: March 2026 Contact: [email protected] --- Security Advisory ASA-2026-002 Status: Resolved. A patch is available and all known affected chains have either applied mitigations or upgraded. | Field | Value | | ---...

GO-2025-4041 Cosmos EVM Vulnerability in github.com/cosmos/evm

Cosmos EVM Vulnerability in github.com/cosmos/evm...

GHSA-8PFH-J44R-F654 Cosmos EVM Vulnerability

Patches Patched in versions v0.3.1, v0.4.2, and in the v0.5.0 release. More information will be disclosed at a later point to ensure chains have time to safely upgrade. Workarounds No workarounds for chains that make use of static or dynamic precompiles. Upgrading is strongly recommended. Testing...

Use of a Cryptographic Primitive with a Risky Implementation

Overview Affected versions of this package are vulnerable to Use of a Cryptographic Primitive with a Risky Implementation in the handling of precompiles in the BalanceHandler that can cause prevEventsLen to be overwritten. An attacker can compromise the integrity or confidentiality of the system ...

Use of a Cryptographic Primitive with a Risky Implementation

Overview Affected versions of this package are vulnerable to Use of a Cryptographic Primitive with a Risky Implementation in the handling of precompiles in the BalanceHandler that can cause prevEventsLen to be overwritten. An attacker can compromise the integrity or confidentiality of the system ...

Use of a Cryptographic Primitive with a Risky Implementation

Overview Affected versions of this package are vulnerable to Use of a Cryptographic Primitive with a Risky Implementation in the handling of precompiles in the BalanceHandler that can cause prevEventsLen to be overwritten. An attacker can compromise the integrity or confidentiality of the system ...

Use of a Cryptographic Primitive with a Risky Implementation

Overview Affected versions of this package are vulnerable to Use of a Cryptographic Primitive with a Risky Implementation in the handling of precompiles in the BalanceHandler that can cause prevEventsLen to be overwritten. An attacker can compromise the integrity or confidentiality of the system ...

Use of a Cryptographic Primitive with a Risky Implementation

Overview Affected versions of this package are vulnerable to Use of a Cryptographic Primitive with a Risky Implementation in the handling of precompiles in the BalanceHandler that can cause prevEventsLen to be overwritten. An attacker can compromise the integrity or confidentiality of the system ...

EUVD-2025-14942

Malicious code in bioql PyPI...

Code Injection

github.com/cosmos/evm are vulnerable to Code Injection. The vulnerability is due to setting lower EVM call gas limits, which allows the precompile code to partially execute and then fail without reverting the already made state changes...

GO-2025-3684 Cosmos EVM Allows Partial Precompile State Writes in github.com/cosmos/evm

Cosmos EVM Allows Partial Precompile State Writes in github.com/cosmos/evm...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the improper handling of gas limits in precompile executions. An attacker can manipulate the state of the blockchain by causing certain functions to execute with insufficient gas, leading to incomplete...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the improper handling of gas limits in precompile executions. An attacker can manipulate the state of the blockchain by causing certain functions to execute with insufficient gas, leading to incomplete...