CVE-2026-32605

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal message where signer == validators.numvalidators...

CVE-2026-32605

The CVE concerns the Rust implementation of Nimiq PoS (nimiq/core-rs-albatross). Before version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal where signer == validators.num_validators(); the code uses ProposalSender::send with a > bound check inste...

CVE-2026-32605

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal message where signer == validators.numvalidators...

PT-2026-32505

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal message where signer == validators.num validators...

EUVD-2021-1191

Malware in sbrugna...

EUVD-2021-2459

Malware in sbrugna...

EUVD-2025-29384

Malicious code in bioql PyPI...

EUVD-2022-7141

Malicious code in bioql PyPI...

EUVD-2022-7774

Malicious code in bioql PyPI...

CVE-2022-23507

Tendermint is a high-performance blockchain consensus engine for Byzantine fault tolerant applications. Versions prior to 0.28.0 contain a potential attack via Improper Verification of Cryptographic Signature, affecting anyone using the tendermint-light-client and related packages to perform ligh...

CVE-2021-21271

Tendermint Core is an open source Byzantine Fault Tolerant BFT middleware that takes a state transition machine - written in any programming language - and securely replicates it on many machines. Tendermint Core v0.34.0 introduced a new way of handling evidence of misbehavior. As part of this, w...

CVE-2020-5303

Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-of-service vulnerability. Tendermint does not limit the number of P2P connection requests. For each p2p connection, it allocates XXX bytes. Even though this memory is garbage collected once the connection is terminated due to...

ibc (>=0.11.0 <=0.19.0), ibc-client-tendermint (>=0.48.0 <=0.55.1) +11 more potentially affected by unknown CVE via tendermint-light-client-verifier (>=0.23.5 <=0.38.1)

tendermint-light-client-verifier CARGO version =0.23.5, =0.11.0, =0.48.0, =0.48.0, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =0.15.0, =0.1.0, =0.23.5, =0.32.0, =0.23.0, =0.1.0, =0.1.0-pre.1 Source cves: unknown CVE Source advisory: OSV:GHSA-6JRF-4JV4-R9MW...

GHSA-6JRF-4JV4-R9MW tendermint-rs's Light Client Verifier allows malicious validators to spoof votes from other validators

Name: ISA-2025-003: Malicious validator can spoof votes from other validators Component: tendermint-rs Criticality: High Catastrophic Impact; Rare Likelihood per ACMv1.2 Affected versions: = v0.40.2 Affected users: Everyone Description tendermint-rs contains a critical vulnerability in its light...

tendermint-rs's Light Client Verifier allows malicious validators to spoof votes from other validators

Name: ISA-2025-003: Malicious validator can spoof votes from other validators Component: tendermint-rs Criticality: High Catastrophic Impact; Rare Likelihood per ACMv1.2 Affected versions: = v0.40.2 Affected users: Everyone Description tendermint-rs contains a critical vulnerability in its light...

PT-2025-15899 · Crates.Io · Tendermint-Light-Client-Verifier

Name: ISA-2025-003: Malicious validator can spoof votes from other validators Component: tendermint-rs Criticality: High Catastrophic Impact; Rare Likelihood per ACMv1.2 Affected versions: = v0.40.2 Affected users: Everyone Description tendermint-rs contains a critical vulnerability in its light...

Denial Of Service (DoS)

github.com/tendermint/tendermint is vulnerable to Denial Of Service DoS. The vulnerability is due to the makeHTTPClient function within httpclient.go automatically decompressing Gzip-compressed responses, without limitations on the size or content of the response body. This allows an attacker to...

Tendermint Client package vulnerable to Uncontrolled Resource Consumption

Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector...

GHSA-3FM3-M23V-5R46 Tendermint Client package vulnerable to Uncontrolled Resource Consumption

Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector...

CVE-2019-25072 Uncontrolled resource consumption in github.com/tendermint/tendermint

Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector...