180 matches found
Malicious code in metadata-ipfs-pack (npm)
The package metadata-ipfs-pack was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...
MAL-2025-23339 Malicious code in ipfs-pack (npm)
The package ipfs-pack was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...
GHSA-J5PM-7495-QMR3 vulnerabilities
Vulnerabilities for packages: nri-postgresql, gitlab-runner, helm-push, datadog-agent, flux-image-automation-controller, bento, velero, net-kourier-fips, kubernetes, dgraph, pguser, rancher-helm, hugo-fips, sigstore-scaffolding-fips, kbld-fips, fluent-bit-plugin-loki, trivy-operator, openfga-fips...
GHSA-F26W-GH5M-QQ77 vulnerabilities
Vulnerabilities for packages: k3s, ipfs-cluster-fips...
CVE-2025-49140 vulnerabilities
Vulnerabilities for packages: k3s, ipfs-cluster-fips...
CVE-2022-47933
Brave Browser before 1.42.51 allowed a remote attacker to cause a denial of service via a crafted HTML file that references the IPFS scheme. This vulnerability is caused by an uncaught exception in the function ipfs::OnBeforeURLRequestIPFSRedirectWork in ipfsredirectnetworkdelegatehelper.cc...
CVE-2022-47932
Brave Browser before 1.43.34 allowed a remote attacker to cause a denial of service via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This vulnerability is caused by an incomplete fix for CVE-2022-47933...
CVE-2020-10937
An issue was discovered in IPFS aka go-ipfs 0.4.23. An attacker can generate ephemeral identities Sybils and leverage the IPFS connection management reputation system to poison other nodes' routing tables, eclipsing the nodes that are the target of the attack from the rest of the network. Later...
CVE-2020-26283
go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0, control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown,...
CVE-2025-27144 vulnerabilities
Vulnerabilities for packages: tkn, apko, k3s, argocd-image-updater, goreleaser, cilium, falcoctl, flux-source-controller, fulcio, dagdotdev, step-issuer, pulumi, tflint, cert-manager-istio-csr, rabbitmq-messaging-topology-operator, kiali, kube-rbac-proxy, trivy, boring-registry, caddy, dex,...
GHSA-C6GW-W398-HV78 vulnerabilities
Vulnerabilities for packages: tkn, apko, k3s, argocd-image-updater, goreleaser, cilium, falcoctl, flux-source-controller, fulcio, dagdotdev, step-issuer, pulumi, tflint, cert-manager-istio-csr, rabbitmq-messaging-topology-operator, kiali, kube-rbac-proxy, trivy, boring-registry, caddy, dex,...
CVE-2020-26279
go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0-rc1, it is possible for path traversal to occur with DAGs containing relative paths during retrieval. This can cause files to be overwritten, or written t...
CVE-2024-53259 vulnerabilities
Vulnerabilities for packages: coredns-fips, eks-distro, buf, frp, spegel, traefik, q, traefik-fips, caddy, eks-distro-fips, caddy-fips, coredns, k3s, kubernetes-dns-node-cache-fips, kubernetes-dns-node-cache, cloudflared...
GHSA-MQR9-HJR8-2M9W Content Censorship in the InterPlanetary File System (IPFS) via Kademlia DHT abuse
The Kademlia DHT go-libp2p-kad-dht 0.20.0 and earlier used in IPFS 0.18.1 and earlier assigns routing information for content i.e., information about who holds the content to be stored by peers whose peer IDs have a small DHT distance from the content ID. This allows an attacker to censor content...
Content Censorship in the InterPlanetary File System (IPFS) via Kademlia DHT abuse
The Kademlia DHT go-libp2p-kad-dht 0.20.0 and earlier used in IPFS 0.18.1 and earlier assigns routing information for content i.e., information about who holds the content to be stored by peers whose peer IDs have a small DHT distance from the content ID. This allows an attacker to censor content...
CVE-2023-26248
The Kademlia DHT go-libp2p-kad-dht 0.20.0 and earlier used in IPFS 0.18.1 and earlier assigns routing information for content i.e., information about who holds the content to be stored by peers whose peer IDs have a small DHT distance from the content ID. This allows an attacker to censor content...
CVE-2023-26248
The Kademlia DHT go-libp2p-kad-dht 0.20.0 and earlier used in IPFS 0.18.1 and earlier assigns routing information for content i.e., information about who holds the content to be stored by peers whose peer IDs have a small DHT distance from the content ID. This allows an attacker to censor content...
PT-2024-12089 · Ipfs +1 · Ipfs +1
Name of the Vulnerable Software and Affected Versions: go-libp2p-kad-dht versions 0.20.0 and earlier IPFS versions 0.18.1 and earlier Description: The issue allows an attacker to censor content in the InterPlanetary File System IPFS by exploiting the Kademlia DHT. This is done by generating many...
CVE-2023-26248
CVE-2023-26248 describes a content-censorship vulnerability in the Kademlia DHT used by IPFS (go-libp2p-kad-dht 0.20.0 and earlier; IPFS 0.18.1 and earlier). The issue arises because routing information for content can be stored by peers whose DHT distance to the content ID is small, enabling an ...
CVE-2023-26248
The Kademlia DHT go-libp2p-kad-dht 0.20.0 and earlier used in IPFS 0.18.1 and earlier assigns routing information for content i.e., information about who holds the content to be stored by peers whose peer IDs have a small DHT distance from the content ID. This allows an attacker to censor content...