88 matches found
CVE-2021-41135
The Cosmos-SDK is a framework for building blockchain applications in Golang. Affected versions of the SDK were vulnerable to a consensus halt due to non-deterministic behaviour in a ValidateBasic method in the x/authz module. The MsgGrant of the x/authz module contains a Grant field which includ...
EUVD-2021-2140
Malware in sbrugna...
EUVD-2025-6276
Malicious code in bioql PyPI...
EUVD-2024-1080
Malicious code in bioql PyPI...
EUVD-2025-29375
Malicious code in bioql PyPI...
EUVD-2025-4587
Malicious code in bioql PyPI...
GO-2025-3803 Integer Overflow vulnerability in its Validator Rewards pool can cause a chain halt in github.com/cosmos/cosmos-sdk
Integer Overflow vulnerability in its Validator Rewards pool can cause a chain halt in github.com/cosmos/cosmos-sdk...
Integer Overflow
github.com/cosmos/cosmos-sdk is vulnerable to Integer Overflow. The vulnerability is due to a malicious validator being able to deposit values that trigger an overflow in the Validator Rewards pool, potentially halting the blockchain...
GHSA-P22H-3M2V-CMGH Cosmos SDK's Integer Overflow vulnerability in its Validator Rewards pool can cause a chain halt
Description Name: ISA-2025-005: Integer Overflow in Cosmos SDK Component: CosmosSDK Criticality: High Considerable Impact; Likely Likelihood per ACMv1.2 Affected versions: = v0.50.13, = 0.53.2 Affected users: Validators, Full nodes, Users on chains that utilize the distribution module Cosmos SDK...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via DepositValidatorRewardsPool. An attacker can cause a chain halt by introducing an overflow condition through a crafted malicious deposit into the Validator Rewards pool when full. Details Denial of...
Cosmos SDK's Integer Overflow vulnerability in its Validator Rewards pool can cause a chain halt
Description Name: ISA-2025-005: Integer Overflow in Cosmos SDK Component: CosmosSDK Criticality: High Considerable Impact; Likely Likelihood per ACMv1.2 Affected versions: = v0.50.13, = 0.53.2 Affected users: Validators, Full nodes, Users on chains that utilize the distribution module Cosmos SDK...
Babylon vulnerable to chain halt when a message modifies the validator set at the epoch boundary
Summary Sending a message that modifies the validator set at the epoch boundary halts the chain. Impact Denial of Service - Comos-sdk prevents modifying the validator set from two different modules - https://github.com/cosmos/cosmos-sdk/blob/release/v0.50.x/types/module/module.goL811. Such an...
GHSA-RJ53-J6JW-7F7G Babylon vulnerable to chain halt when a message modifies the validator set at the epoch boundary
Summary Sending a message that modifies the validator set at the epoch boundary halts the chain. Impact Denial of Service - Comos-sdk prevents modifying the validator set from two different modules - https://github.com/cosmos/cosmos-sdk/blob/release/v0.50.x/types/module/module.goL811. Such an...
PT-2025-30107 · Go · Github.Com/Babylonlabs-Io/Babylon/V2
Summary Sending a message that modifies the validator set at the epoch boundary halts the chain. Impact Denial of Service - Comos-sdk prevents modifying the validator set from two different modules - https://github.com/cosmos/cosmos-sdk/blob/release/v0.50.x/types/module/module.goL811. Such an...
PT-2025-30106 · Go · Github.Com/Cosmos/Cosmos-Sdk
Description Name: ISA-2025-005: Integer Overflow in Cosmos SDK Component: CosmosSDK Criticality: High Considerable Impact; Likely Likelihood per ACMv1.2 Affected versions: = v0.50.13, = 0.53.2 Affected users: Validators, Full nodes, Users on chains that utilize the distribution module Cosmos SDK...
CVE-2021-43839
Cronos is a commercial implementation of a blockchain. In Cronos nodes running versions before v0.6.5, it is possible to take transaction fees from Cosmos SDK's FeeCollector for the current block by sending a custom crafted MsgEthereumTx. This problem has been patched in Cronos v0.6.5. There are ...
GO-2025-3520 cheqd-node Security patch for upstream vulnerabilities in IBC-Go (ISA-2025-001) and Cosmos SDK (ISA-2025-002) in github.com/cheqd/cheqd-node
cheqd-node Security patch for upstream vulnerabilities in IBC-Go ISA-2025-001 and Cosmos SDK ISA-2025-002 in github.com/cheqd/cheqd-node. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causin...
Denial Of Service (DoS)
github.com/cosmos/cosmos-sdk is vulnerable to Denial of Service. The vulnerability is due to improper proposal handling due to malicious proposals triggering errors in the module's end blocker, potentially resulting in a chain halt...
GO-2025-3516 Cosmos SDK can halt when erroring in EndBlocker in github.com/cosmos/cosmos-sdk/
Cosmos SDK can halt when erroring in EndBlocker in github.com/cosmos/cosmos-sdk/...
cheqd-node Security patch for upstream vulnerabilities in IBC-Go (ISA-2025-001) and Cosmos SDK (ISA-2025-002)
Description There have been two upstream security advisories and associated patches published under ISA-2025-001 and ISA-2025-002. ISA-2025-001 affects the IBC-Go package., where non-deterministic JSON unmarshalling of IBC Acknowledgements can result in a chain halt. ISA-2025-002 affects the Cosm...