VYPR
Vendor

Ipld

Products
8
CVEs
8
Across products
8
Status
Private

Products

8

Recent CVEs

8
  • CVE-2026-35457HigApr 7, 2026
    risk 0.53cvss 8.2epss 0.00

    libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, the rendezvous server stores pagination cookies without bounds. An unauthenticated peer can repeatedly issue DISCOVER requests and force unbounded memory growth. This…

  • CVE-2026-35405HigApr 7, 2026
    risk 0.49cvss 7.5epss 0.00

    libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, libp2p-rendezvous server has no limit on how many namespaces a single peer can register. A malicious peer can just keep registering unique namespaces in a loop and the…

  • CVE-2026-33040HigMar 20, 2026
    risk 0.49cvss 7.5epss 0.00

    libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.49.3, the Gossipsub implementation accepts attacker-controlled PRUNE backoff values and may perform unchecked time arithmetic when storing backoff state. A specially…

  • CVE-2023-22460HigJan 4, 2023
    risk 0.42cvss 7.5epss 0.01

    go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Encoding data which contains a Bytes kind Node will pass a Bytes…

  • CVE-2022-2584HigDec 27, 2022
    risk 0.42cvss 7.5epss 0.01

    The dag-pb codec can panic when decoding invalid blocks.

  • CVE-2026-34219MedMar 31, 2026
    risk 0.38cvss 5.9epss 0.00

    libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to version 0.49.4, the Rust libp2p Gossipsub implementation contains a remotely reachable panic in backoff expiry handling. After a peer sends a crafted PRUNE control message with an…

  • CVE-2026-42328MedMay 27, 2026
    risk 0.33cvss 6.2epss 0.00

    go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.23.0, the DAG-CBOR and DAG-JSON decoders recurse on…

  • CVE-2026-35480MedApr 7, 2026
    risk 0.33cvss 6.2epss 0.00

    go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.22.0, the DAG-CBOR decoder uses collection sizes…