Vulnerability Database

319,561

Total vulnerabilities in the database

Vulnerabilities for products matching "github.com-cometbft-cometbft"

Found 1 matching product.

You can search for specific versions with /product/github.com-cometbft-cometbft/1.2.3

github.com/cometbft/cometbft

9 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CometBFT's invalid BitArray handling can lead to network halt	High		October 14, 2025 10/14/25	< 0.37.16 >= 0.38.0-alpha.1 < 0.38.19
CometBFT allows a malicious peer to stall the network by disseminating seemingly valid block parts	High		February 3, 2025 2/3/25	>= 1.0.0-alpha.1 < 1.0.1 < 0.38.17
CVE-2025-24371	Medium		February 3, 2025 2/3/25	>= 1.0.0-alpha.1 < 1.0.1 < 0.38.17
CometBFT is unstability during blocksync when syncing from malicious peer	Medium		June 28, 2024 6/28/24	>= 0.37.0 < 0.37.7 >= 0.38.0 < 0.38.8
ASA-2024-004: Default configuration param for Evidence may limit window of validity	Low		February 28, 2024 2/28/24	<= 0.38.5
Validation of `VoteExtensionsEnableHeight` can cause chain halt in Go package github.com/cometbft/cometbft	High		January 19, 2024 1/19/24	>= 0.38.0 < 0.38.3
CometBFT's default for `BlockParams.MaxBytes` consensus parameter may increase block times and affect consensus participation	Low		September 29, 2023 9/29/23	<= 0.38.0
CVE-2023-34450	Low		July 3, 2023 7/3/23	== 0.34.28 >= 0.34.28 < 0.34.29 == 0.37.1 >= 0.37.1 < 0.37.2
CVE-2023-34451	High		July 3, 2023 7/3/23	< 0.34.29 >= 0.37.0 < 0.37.2

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime