VYPR
Vendor

Bitcoin Foundation

The Bitcoin Foundation was an American organization formerly registered as a nonprofit corporation.

Founded 2012
Products
5
CVEs
63
Across products
112
Status
Private

Products

5

Recent CVEs

63
View all 63 CVEs →
  • CVE-2015-20111CriNov 18, 2024
    risk 0.57cvss 9.8epss 0.01

    miniupnp before 4c90b87, as used in Bitcoin Core before 0.12 and other products, lacks checks for snprintf return values, leading to a buffer overflow and significant data leak, a different vulnerability than CVE-2019-12107. In Bitcoin Core before 0.12, remote code execution was…

  • CVE-2017-9230HigMay 24, 2017
    risk 0.49cvss 7.5epss 0.03

    The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations…

  • CVE-2024-52911HigMay 5, 2026
    risk 0.42cvss 7.5epss 0.00

    Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14.

  • CVE-2025-46597HigMar 20, 2026
    risk 0.42cvss 7.5epss 0.00

    Bitcoin Core 0.13.0 through 29.x has an integer overflow.

  • CVE-2024-52918MedNov 18, 2024
    risk 0.42cvss 6.5epss 0.00

    Bitcoin-Qt in Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption and application crash) via a BIP21 r parameter for a URL that has a large file.

  • CVE-2016-10725HigJul 5, 2018
    risk 0.42cvss 7.5epss 0.03

    In Bitcoin Core before v0.13.0, a non-final alert is able to block the special "final alert" (which is supposed to override all other alerts) because operations occur in the wrong order. This behavior occurs in the remote network alert system (deprecated since Q1 2016). This…

  • CVE-2016-10724HigJul 5, 2018
    risk 0.42cvss 7.5epss 0.02

    Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain private key that had been known by unintended actors, because of an infinitely sized…

  • CVE-2016-8889MedOct 28, 2016
    risk 0.40cvss 6.2epss 0.00

    In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 (fixed in v0.13.1.knots20161027), the debug console stores sensitive information including private keys and the wallet passphrase in its persistent command history.

  • CVE-2024-34149MedApr 30, 2024
    risk 0.34cvss 6.3epss 0.00

    In Bitcoin Core through 27.0 and Bitcoin Knots before 25.1.knots20231115, tapscript lacks a policy size limit check, a different issue than CVE-2023-50428. NOTE: some parties oppose this new limit check (for example, because they agree with the objective but disagree with the…

  • CVE-2025-46598MedMar 20, 2026
    risk 0.27cvss 5.3epss 0.00

    Bitcoin Core through 29.0 allows a denial of service via a crafted transaction.

  • CVE-2021-3401Feb 4, 2021
    risk 0.01cvss epss 0.10

    Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser.…

  • CVE-2025-54605Oct 28, 2025
    risk 0.00cvss epss 0.00

    Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 2 of 2).

  • CVE-2024-55563Dec 9, 2024
    risk 0.00cvss epss 0.01

    Bitcoin Core through 27.2 allows transaction-relay jamming via an off-chain protocol attack, a related issue to CVE-2024-52913. For example, the outcome of an HTLC (Hashed Timelock Contract) can be changed because a flood of transaction traffic prevents propagation of certain…

  • CVE-2024-52922Nov 18, 2024
    risk 0.00cvss epss 0.00

    In Bitcoin Core before 25.1, an attacker can cause a node to not download the latest block, because there can be minutes of delay when an announcing peer stalls instead of complying with the peer-to-peer protocol specification.

  • CVE-2024-52920Nov 18, 2024
    risk 0.00cvss epss 0.01

    Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed GETDATA message.

  • CVE-2024-52919Nov 18, 2024
    risk 0.00cvss epss 0.00

    Bitcoin Core before 22.0 has a CAddrMan nIdCount integer overflow and resultant assertion failure (and daemon exit) via a flood of addr messages.

  • CVE-2024-52917Nov 18, 2024
    risk 0.00cvss epss 0.00

    Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device.

  • CVE-2024-52921Nov 18, 2024
    risk 0.00cvss epss 0.00

    In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block.

  • CVE-2024-52915Nov 18, 2024
    risk 0.00cvss epss 0.01

    Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption) via a crafted INV message.

  • CVE-2024-52914Nov 18, 2024
    risk 0.00cvss epss 0.01

    In Bitcoin Core before 0.18.0, a node could be stalled for hours when processing the orphans of a crafted unconfirmed transaction.