Libp2p Libp2p

  1. Vendors
  2. Libp2p

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Libp2p product.

RSS Feeds for Libp2p security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Libp2p products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Libp2p Sorted by Most Security Vulnerabilities since 2018

Go Libp2p1 vulnerability

Libp2p1 vulnerability

Libp2p Deflate1 vulnerability

By the Year

In 2025 there have been 0 vulnerabilities in Libp2p. Libp2p did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2025 0 0.00
2024 0 0.00
2023 1 7.50
2022 0 0.00
2021 1 9.80
2020 0 0.00
2019 1 7.50

It may take a day or so for new Libp2p vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Libp2p Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2023-39533 Aug 08, 2023
go-libp2p is the Go implementation of the libp2p Networking Stack go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability is present in the core/crypto module of go-libp2p and can occur during the Noise handshake and the libp2p x509 extension verification step. To prevent this attack, go-libp2p versions 0.27.8, 0.28.2, and 0.29.1 restrict RSA keys to <= 8192 bits. To protect one's application, it is necessary to update to these patch releases and to use the updated Go compiler in 1.20.7 or 1.19.12. There are no known workarounds for this issue.
Go Libp2p
CVE-2020-36443 Aug 08, 2021
An issue was discovered in the libp2p-deflate crate before 0.27.1 for Rust An issue was discovered in the libp2p-deflate crate before 0.27.1 for Rust. An uninitialized buffer is passed to AsyncRead::poll_read(), which is a user-provided trait function.
Libp2p Deflate
CVE-2019-15545 Aug 26, 2019
An issue was discovered in the libp2p-core crate before 0.8.1 for Rust An issue was discovered in the libp2p-core crate before 0.8.1 for Rust. Attackers can spoof ed25519 signatures.
Libp2p
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.