VYPR

Bitcoin Core

by Bitcoin Foundation

Source repositories

CVEs (54)

  • CVE-2015-20111CriNov 18, 2024
    risk 0.57cvss 9.8epss 0.01

    miniupnp before 4c90b87, as used in Bitcoin Core before 0.12 and other products, lacks checks for snprintf return values, leading to a buffer overflow and significant data leak, a different vulnerability than CVE-2019-12107. In Bitcoin Core before 0.12, remote code execution was…

  • CVE-2024-52911HigMay 5, 2026
    risk 0.42cvss 7.5epss 0.00

    Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14.

  • CVE-2025-46597HigMar 20, 2026
    risk 0.42cvss 7.5epss 0.00

    Bitcoin Core 0.13.0 through 29.x has an integer overflow.

  • CVE-2024-52918MedNov 18, 2024
    risk 0.42cvss 6.5epss 0.00

    Bitcoin-Qt in Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption and application crash) via a BIP21 r parameter for a URL that has a large file.

  • CVE-2016-10725HigJul 5, 2018
    risk 0.42cvss 7.5epss 0.03

    In Bitcoin Core before v0.13.0, a non-final alert is able to block the special "final alert" (which is supposed to override all other alerts) because operations occur in the wrong order. This behavior occurs in the remote network alert system (deprecated since Q1 2016). This…

  • CVE-2016-10724HigJul 5, 2018
    risk 0.42cvss 7.5epss 0.02

    Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain private key that had been known by unintended actors, because of an infinitely sized…

  • CVE-2024-34149MedApr 30, 2024
    risk 0.34cvss 6.3epss 0.00

    In Bitcoin Core through 27.0 and Bitcoin Knots before 25.1.knots20231115, tapscript lacks a policy size limit check, a different issue than CVE-2023-50428. NOTE: some parties oppose this new limit check (for example, because they agree with the objective but disagree with the…

  • CVE-2025-46598MedMar 20, 2026
    risk 0.27cvss 5.3epss 0.00

    Bitcoin Core through 29.0 allows a denial of service via a crafted transaction.

  • CVE-2021-3401Feb 4, 2021
    risk 0.01cvss epss 0.10

    Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser.…

  • CVE-2025-54605Oct 28, 2025
    risk 0.00cvss epss 0.00

    Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 2 of 2).

  • CVE-2024-55563Dec 9, 2024
    risk 0.00cvss epss 0.01

    Bitcoin Core through 27.2 allows transaction-relay jamming via an off-chain protocol attack, a related issue to CVE-2024-52913. For example, the outcome of an HTLC (Hashed Timelock Contract) can be changed because a flood of transaction traffic prevents propagation of certain…

  • CVE-2024-52922Nov 18, 2024
    risk 0.00cvss epss 0.00

    In Bitcoin Core before 25.1, an attacker can cause a node to not download the latest block, because there can be minutes of delay when an announcing peer stalls instead of complying with the peer-to-peer protocol specification.

  • CVE-2024-52914Nov 18, 2024
    risk 0.00cvss epss 0.01

    In Bitcoin Core before 0.18.0, a node could be stalled for hours when processing the orphans of a crafted unconfirmed transaction.

  • CVE-2024-52920Nov 18, 2024
    risk 0.00cvss epss 0.01

    Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed GETDATA message.

  • CVE-2024-52913Nov 18, 2024
    risk 0.00cvss epss 0.00

    In Bitcoin Core before 0.21.0, an attacker could prevent a node from seeing a specific unconfirmed transaction, because transaction re-requests are mishandled.

  • CVE-2024-52917Nov 18, 2024
    risk 0.00cvss epss 0.00

    Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device.

  • CVE-2024-52919Nov 18, 2024
    risk 0.00cvss epss 0.00

    Bitcoin Core before 22.0 has a CAddrMan nIdCount integer overflow and resultant assertion failure (and daemon exit) via a flood of addr messages.

  • CVE-2024-52921Nov 18, 2024
    risk 0.00cvss epss 0.00

    In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block.

  • CVE-2024-52915Nov 18, 2024
    risk 0.00cvss epss 0.01

    Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption) via a crafted INV message.

  • CVE-2024-52912Nov 18, 2024
    risk 0.00cvss epss 0.01

    Bitcoin Core before 0.21.0 allows a network split that is resultant from an integer overflow (calculating the time offset for newly connecting peers) and an abs64 logic bug.

Page 1 of 3