VYPR

Js Libp2p

by Libp2p

Source repositories

CVEs (3)

  • CVE-2022-23487HigDec 7, 2022
    risk 0.49cvss 7.5epss 0.01

    js-libp2p is the official javascript Implementation of libp2p networking stack. Versions older than `v0.38.0` of js-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can…

  • CVE-2026-46679HigJun 10, 2026
    risk 0.42cvss 7.5epss 0.00

    libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 15.0.23, three cooperating omissions in @libp2p/gossipsub allow an unauthenticated single peer to exhaust the Node.js heap of any gossipsub node with default options. This issue has been patched…

  • CVE-2026-45783HigJun 10, 2026
    risk 0.42cvss 7.5epss 0.00

    libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 16.2.6, an unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mode by sending an unbounded stream of PUT_VALUE messages whose keys bypass all…

VYPR — Vulnerability Intelligence