VYPR
Vendor

Hyperledger

Products
9
CVEs
20
Across products
22
Status
Private

Products

9

Recent CVEs

20
  • CVE-2026-41586CriMay 7, 2026
    risk 0.60cvss epss 0.00

    Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject() and exposes deSerializeChannel() which call ObjectInputStream.readObject() on…

  • CVE-2025-30147HigMay 7, 2025
    risk 0.50cvss epss 0.00

    Besu Native contains scripts and tooling that is used to build and package the native libraries used by the Ethereum client Hyperledger Besu. Besu 24.7.1 through 25.2.2, corresponding to besu-native versions 0.9.0 through 1.2.1, have a potential consensus bug for the precompiles…

  • CVE-2018-3756HigJun 1, 2018
    risk 0.49cvss 7.5epss 0.01

    Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable to transaction and block signature verification bypass in the transaction and block validator allowing a single node to sign a transaction and/or block multiple times, each with a random nonce, and have other…

  • CVE-2026-45581MedJun 8, 2026
    risk 0.29cvss 5.5epss 0.00

    fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs. From version 2.3.1 to before version 2.5.10, when chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS…

  • CVE-2015-20112LowJun 29, 2025
    risk 0.15cvss 3.4epss 0.00

    RLPx 5 has two CTR streams based on the same key, IV, and nonce. This can facilitate decryption on a private network.

  • CVE-2024-22192Jan 16, 2024
    risk 0.00cvss epss 0.00

    Ursa is a cryptographic library for use with blockchains. The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. Notably, a malicious verifier may be…

  • CVE-2024-21670Jan 16, 2024
    risk 0.00cvss epss 0.00

    Ursa is a cryptographic library for use with blockchains. The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a…

  • CVE-2022-31021Jan 16, 2024
    risk 0.00cvss epss 0.00

    Ursa is a cryptographic library for use with blockchains. A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key…

  • CVE-2024-21669Jan 11, 2024
    risk 0.00cvss epss 0.01

    Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs (LDP-VCs), the result of…

  • CVE-2023-46132Nov 14, 2023
    risk 0.00cvss epss 0.01

    Hyperledger Fabric is an open source permissioned distributed ledger framework. Combining two molecules to one another, called "cross-linking" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a…

  • CVE-2022-45196Nov 12, 2022
    risk 0.00cvss epss 0.01

    Hyperledger Fabric 2.3 allows attackers to cause a denial of service (orderer crash) by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist.

  • CVE-2022-36025Sep 24, 2022
    risk 0.00cvss epss 0.01

    Besu is a Java-based Ethereum client. In versions newer than 22.1.3 and prior to 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations (including…

  • CVE-2022-31006Sep 9, 2022
    risk 0.00cvss epss 0.01

    indy-node is the server portion of Hyperledger Indy, a distributed ledger purpose-built for decentralized identity. In vulnerable versions of indy-node, an attacker can max out the number of client connections allowed by the ledger, leaving the ledger unable to be used for its…

  • CVE-2022-31020Sep 6, 2022
    risk 0.00cvss epss 0.02

    Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the `pool-upgrade` request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The…

  • CVE-2022-36023Aug 18, 2022
    risk 0.00cvss epss 0.01

    Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. Version 2.4.6 checks for the malformed gateway…

  • CVE-2022-31121Jul 7, 2022
    risk 0.00cvss epss 0.02

    Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and…

  • CVE-2021-41272Dec 13, 2021
    risk 0.00cvss epss 0.01

    Besu is an Ethereum client written in Java. Starting in version 21.10.0, changes in the implementation of the SHL, SHR, and SAR operations resulted in the introduction of a signed type coercion error in values that represent negative values for 32 bit signed integers. Smart…

  • CVE-2021-21369Mar 9, 2021
    risk 0.00cvss epss 0.01

    Hyperledger Besu is an open-source, MainNet compatible, Ethereum client written in Java. In Besu before version 1.5.1 there is a denial-of-service vulnerability involving the HTTP JSON-RPC API service. If username and password authentication is enabled for the HTTP JSON-RPC API…

  • CVE-2020-11093Dec 24, 2020
    risk 0.00cvss epss 0.01

    Hyperledger Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In Hyperledger Indy before version 1.12.4, there is lack of signature verification on a specific transaction which enables an attacker to make certain unauthorized…

  • CVE-2020-11090Jun 11, 2020
    risk 0.00cvss epss 0.02

    In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vulnerability. Indy Node has a bug in TAA handling code. The current primary can be crashed with a malformed transaction from a client, which leads to a view change. Repeated rapid view changes have the potential…