Lucene search
K

180 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.3 views

Malicious code in metadata-ipfs-pack (npm)

The package metadata-ipfs-pack was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.3 views

MAL-2025-23339 Malicious code in ipfs-pack (npm)

The package ipfs-pack was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
Chainguard
Chainguard
added 2025/08/09 1:17 p.m.9 views

GHSA-J5PM-7495-QMR3 vulnerabilities

Vulnerabilities for packages: nri-postgresql, gitlab-runner, helm-push, datadog-agent, flux-image-automation-controller, bento, velero, net-kourier-fips, kubernetes, dgraph, pguser, rancher-helm, hugo-fips, sigstore-scaffolding-fips, kbld-fips, fluent-bit-plugin-loki, trivy-operator, openfga-fips...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2025/06/10 1:20 p.m.7 views

GHSA-F26W-GH5M-QQ77 vulnerabilities

Vulnerabilities for packages: k3s, ipfs-cluster-fips...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2025/06/10 1:20 p.m.23 views

CVE-2025-49140 vulnerabilities

Vulnerabilities for packages: k3s, ipfs-cluster-fips...

7.5CVSS5.8AI score0.00415EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 12:27 a.m.7 views

CVE-2022-47933

Brave Browser before 1.42.51 allowed a remote attacker to cause a denial of service via a crafted HTML file that references the IPFS scheme. This vulnerability is caused by an uncaught exception in the function ipfs::OnBeforeURLRequestIPFSRedirectWork in ipfsredirectnetworkdelegatehelper.cc...

6.5CVSS6.4AI score0.00817EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 9:53 p.m.8 views

CVE-2022-47932

Brave Browser before 1.43.34 allowed a remote attacker to cause a denial of service via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This vulnerability is caused by an incomplete fix for CVE-2022-47933...

6.5CVSS6.3AI score0.01047EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:38 p.m.7 views

CVE-2020-10937

An issue was discovered in IPFS aka go-ipfs 0.4.23. An attacker can generate ephemeral identities Sybils and leverage the IPFS connection management reputation system to poison other nodes' routing tables, eclipsing the nodes that are the target of the attack from the rest of the network. Later...

7.5CVSS6.7AI score0.01147EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:21 p.m.6 views

CVE-2020-26283

go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0, control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown,...

8.8CVSS6.7AI score0.01501EPSS
Exploits0
Wolfi
Wolfi
added 2025/02/24 11:15 p.m.15 views

CVE-2025-27144 vulnerabilities

Vulnerabilities for packages: tkn, apko, k3s, argocd-image-updater, goreleaser, cilium, falcoctl, flux-source-controller, fulcio, dagdotdev, step-issuer, pulumi, tflint, cert-manager-istio-csr, rabbitmq-messaging-topology-operator, kiali, kube-rbac-proxy, trivy, boring-registry, caddy, dex,...

8.7CVSS6.7AI score0.00369EPSS
Exploits0
Wolfi
Wolfi
added 2025/02/24 10:49 p.m.19 views

GHSA-C6GW-W398-HV78 vulnerabilities

Vulnerabilities for packages: tkn, apko, k3s, argocd-image-updater, goreleaser, cilium, falcoctl, flux-source-controller, fulcio, dagdotdev, step-issuer, pulumi, tflint, cert-manager-istio-csr, rabbitmq-messaging-topology-operator, kiali, kube-rbac-proxy, trivy, boring-registry, caddy, dex,...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 1:35 p.m.9 views

CVE-2020-26279

go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0-rc1, it is possible for path traversal to occur with DAGs containing relative paths during retrieval. This can cause files to be overwritten, or written t...

8.1CVSS6.5AI score0.01699EPSS
Exploits0
Chainguard
Chainguard
added 2024/12/02 5:15 p.m.10 views

CVE-2024-53259 vulnerabilities

Vulnerabilities for packages: coredns-fips, eks-distro, buf, frp, spegel, traefik, q, traefik-fips, caddy, eks-distro-fips, caddy-fips, coredns, k3s, kubernetes-dns-node-cache-fips, kubernetes-dns-node-cache, cloudflared...

6.5CVSS6.6AI score0.00608EPSS
Exploits0
OSV
OSV
added 2024/10/25 6:30 p.m.10 views

GHSA-MQR9-HJR8-2M9W Content Censorship in the InterPlanetary File System (IPFS) via Kademlia DHT abuse

The Kademlia DHT go-libp2p-kad-dht 0.20.0 and earlier used in IPFS 0.18.1 and earlier assigns routing information for content i.e., information about who holds the content to be stored by peers whose peer IDs have a small DHT distance from the content ID. This allows an attacker to censor content...

5.3CVSS5AI score0.00201EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/10/25 6:30 p.m.9 views

Content Censorship in the InterPlanetary File System (IPFS) via Kademlia DHT abuse

The Kademlia DHT go-libp2p-kad-dht 0.20.0 and earlier used in IPFS 0.18.1 and earlier assigns routing information for content i.e., information about who holds the content to be stored by peers whose peer IDs have a small DHT distance from the content ID. This allows an attacker to censor content...

5.3CVSS6.2AI score0.00201EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/10/25 4:15 p.m.3 views

CVE-2023-26248

The Kademlia DHT go-libp2p-kad-dht 0.20.0 and earlier used in IPFS 0.18.1 and earlier assigns routing information for content i.e., information about who holds the content to be stored by peers whose peer IDs have a small DHT distance from the content ID. This allows an attacker to censor content...

5.3CVSS5.8AI score0.00201EPSS
Exploits0References2
NVD
NVD
added 2024/10/25 4:15 p.m.14 views

CVE-2023-26248

The Kademlia DHT go-libp2p-kad-dht 0.20.0 and earlier used in IPFS 0.18.1 and earlier assigns routing information for content i.e., information about who holds the content to be stored by peers whose peer IDs have a small DHT distance from the content ID. This allows an attacker to censor content...

5.3CVSS0.00201EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/25 12:0 a.m.7 views

PT-2024-12089 · Ipfs +1 · Ipfs +1

Name of the Vulnerable Software and Affected Versions: go-libp2p-kad-dht versions 0.20.0 and earlier IPFS versions 0.18.1 and earlier Description: The issue allows an attacker to censor content in the InterPlanetary File System IPFS by exploiting the Kademlia DHT. This is done by generating many...

9.8CVSS5.9AI score0.89633EPSS
Exploits15References31
CVE
CVE
added 2024/10/25 12:0 a.m.62 views

CVE-2023-26248

CVE-2023-26248 describes a content-censorship vulnerability in the Kademlia DHT used by IPFS (go-libp2p-kad-dht 0.20.0 and earlier; IPFS 0.18.1 and earlier). The issue arises because routing information for content can be stored by peers whose DHT distance to the content ID is small, enabling an ...

5.3CVSS6AI score0.00201EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/25 12:0 a.m.12 views

CVE-2023-26248

The Kademlia DHT go-libp2p-kad-dht 0.20.0 and earlier used in IPFS 0.18.1 and earlier assigns routing information for content i.e., information about who holds the content to be stored by peers whose peer IDs have a small DHT distance from the content ID. This allows an attacker to censor content...

6.5AI score0.00201EPSS
Exploits0References2
Rows per page
Query Builder