Browse all 6 CVE security advisories affecting Consensys. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Consensys develops enterprise blockchain solutions with a focus on Ethereum infrastructure. Historically, their products have been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and access control flaws. While no major public security incidents have been widely reported, the six CVEs on record highlight ongoing security challenges in their software development lifecycle. Their security posture reflects typical blockchain application risks, including smart contract vulnerabilities and API weaknesses, requiring continuous security testing and patch management to maintain system integrity.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-58157 | gnark affected by denial of service when computing scalar multiplication using fake-GLV algorithm — gnarkCWE-400 | 7.5 | High | 2025-08-29 |
| CVE-2025-57801 | gnark is vulnerable to signature malleability in EdDSA and ECDSA due to missing scalar checks — gnarkCWE-347 | 7.5AI | HighAI | 2025-08-22 |
| CVE-2024-50354 | Out-of-memory during deserialization with crafted inputs — gnarkCWE-400 | 5.5 | Medium | 2024-10-31 |
| CVE-2024-45039 | gnark's Groth16 commitment extension unsound for more than one commitment — gnarkCWE-200 | 6.2 | Medium | 2024-09-06 |
| CVE-2024-45040 | gnark's commitments to private witnesses in Groth16 as implemented break zero-knowledge property — gnarkCWE-200 | 5.9 | Medium | 2024-09-06 |
| CVE-2023-44378 | gnark vulnerable to unsoundness in variable comparison/non-unique binary decomposition — gnarkCWE-191 | 7.1 | High | 2023-10-09 |
This page lists every published CVE security advisory associated with Consensys. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.