Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

go

github.com/cometBft/cometbft

go

Security Advisories for github.com/cometBft/cometbft in go

High
3 months ago

CometBFT has inconsistencies between how commit signatures are verified and how block time is derived GSA_kwCzR0hTQS1jMzJwLXdjcWotajY3N84ABRhW

go github.com/cometbft/cometbft
High
7 months ago

CometBFT's invalid BitArray handling can lead to network halt GSA_kwCzR0hTQS1ocmhmLTJ2Y3ItZ2hjaM4ABNaH

go github.com/cometbft/cometbft
High
about 1 year ago

CometBFT allows a malicious peer to stall the network by disseminating seemingly valid block parts GSA_kwCzR0hTQS1yM3I0LWc3aHEtcHE0Zs4ABEGD

go github.com/cometbft/cometbft
Moderate
about 1 year ago

CometBFT allows a malicious peer to make node stuck in blocksync GSA_kwCzR0hTQS0yMnFxLTN4d20tcjV4NM4ABEGB

go github.com/cometbft/cometbft
High
over 1 year ago

CometBFT Vote Extensions: Panic when receiving a Pre-commit with an invalid data GSA_kwCzR0hTQS1wN212LTUzZjItNGN3as4ABBBp

go github.com/cometbft/cometbft
Potential
Low
over 1 year ago

CometBFT's state syncing validator from malicious node may lead to a chain split GSA_kwCzR0hTQS1nNXh4LWM0aHYtOWNjY84AA_QE

go github.com/cometbft/cometbft/light
Moderate
almost 2 years ago

CometBFT is unstability during blocksync when syncing from malicious peer GSA_kwCzR0hTQS1oZzU4LXJmMmgtNnJyN84AA9aS

go github.com/cometbft/cometbft
Low
about 2 years ago

ASA-2024-004: Default configuration param for Evidence may limit window of validity GSA_kwCzR0hTQS01NTVwLW00djYtY3F4ds4AA5lr

go github.com/cometbft/cometbft
High
over 2 years ago

Validation of `VoteExtensionsEnableHeight` can cause chain halt in Go package github.com/cometbft/cometbft GSA_kwCzR0hTQS1xcjhyLW00OTUtN2hjNM4AA4kV

go github.com/cometbft/cometbft
Low
over 2 years ago

CometBFT's default for `BlockParams.MaxBytes` consensus parameter may increase block times and affect consensus participation GSA_kwCzR0hTQS1ocTU4LXA5bXYtMzM4Y84AA2Jf

go github.com/cometbft/cometbft
High
almost 3 years ago

CometBFT may duplicate transactions in the mempool's data structures GSA_kwCzR0hTQS13MjR3LXdwNzctcWZmbc4AA0OO

go github.com/cometbft/cometbft
Moderate
almost 3 years ago

CometBFT PeerState JSON serialization deadlock GSA_kwCzR0hTQS1tdmozLXFycWgtY2p2cs4AA0ON

go github.com/cometbft/cometbft

Filter by Severity

High 6 Moderate 3 Low 3