CVE-2026-34065

CVE-2026-34065 affects nimiq-primitives in Nimiq’s Rust implementation. Before version 1.3.0, an untrusted p2p peer could cause a node to panic by announcing an election macro block whose validators set includes an invalid compressed BLS voting key. Hashing the election macro header hashes the va...

GHSA-PF4J-PF3W-95F9 nimiq-transaction: UpdateValidator transactions allows voting key change without proof-of-knowledge

Impact The staking contract accepts UpdateValidator transactions that set newvotingkey=Some... while omitting newproofofknowledge. this skips the proof-of-knowledge requirement that is needed to prevent BLS rogue-key attacks when public keys are aggregated. Because tendermint macro block...

GO-2025-4211 Babylon Nil BlockHash in BLS vote extensions triggers panics in consensus handlers in github.com/babylonlabs-io/babylon

Babylon Nil BlockHash in BLS vote extensions triggers panics in consensus handlers in github.com/babylonlabs-io/babylon...

GHSA-M6WQ-66P2-C8PC Babylon Nil BlockHash in BLS vote extensions triggers panics in consensus handlers

Summary A vulnerability exists in Babylon’s BLS vote extension processing where a malicious active validator can submit a VoteExtension with the blockhash field omitted from the protobuf serialization. Because protobuf fields are optional, unmarshalling succeeds but leaves BlockHash as nil. Babyl...

EUVD-2025-201819

Babylon Nil BlockHash in BLS vote extensions triggers panics in consensus handlers...

EUVD-2021-0938

Malware in sbrugna...

MAL-2025-15873 Malicious code in bls-slack-service (npm)

The package bls-slack-service was found to contain malicious code...

Malicious code in bls-slack-service (npm)

The package bls-slack-service was found to contain malicious code...

CVE-2023-36198

Buffer Overflow vulnerability in skalenetwork sgxwallet v.1.9.0 allows an attacker to cause a denial of service via the trustedBlsSignMessage function...

CVE-2021-21405

Lotus is an Implementation of the Filecoin protocol written in Go. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms: "serialized", and "compressed", meaning that BLS signatures can be provided as either of 2 unique byte arrays...

GO-2022-0905 BLS Signature "Malleability" in github.com/filecoin-project/lotus

BLS Signature "Malleability" in github.com/filecoin-project/lotus...

Fedora: Security Advisory for rust-blsctl (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: rust-blsctl-0.2.3-14.fc39

Manages BLS entries and kernel cmdline options...

Fedora: Security Advisory for rust-blsctl (FEDORA-2024-ce2936b568)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: rust-blsctl-0.2.3-14.fc40

Manages BLS entries and kernel cmdline options...

gnark-crypto Code Issue Vulnerability

gnark-crypto is an open source library from Consensys. Provides elliptic curve and pairing-based cryptography on BN, BLS12, BLS24 and BW6 curves. A code issue vulnerability exists in Consensys gnark-crypto 0.11.2 and earlier versions, which stems from the presence of a deserialization vulnerabili...

CVE-2023-36198

Buffer Overflow vulnerability in skalenetwork sgxwallet v.1.9.0 allows an attacker to cause a denial of service via the trustedBlsSignMessage function...

Staking Funds vault's LP holder cannot claim EIP1559 rewards after derivatives are minted for a new BLS public key that is not the first BLS public key registered for syndicate

Lines of code Vulnerability details Impact After the derivatives are minted for the first BLS public key registered for the syndicate, the Staking Funds vault's LP holder can claim the corresponding EIP1559 rewards received by the syndicate. However, after the derivatives are minted for a new BLS...

bls-drone.fr Cross Site Scripting vulnerability OBB-2917707

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Malicious Package

Overview bls-signer is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...