Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Ethereum — Vulnerabilities & Security Advisories 18

Browse all 18 CVE security advisories affecting Ethereum. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Ethereum serves as a decentralized platform for smart contracts and dApps, enabling programmable transactions. Historically, common vulnerabilities include remote code execution, cross-site scripting, and privilege escalation, often stemming from smart contract flaws and node exploits. The platform has faced notable security incidents, including the 2016 DAO hack resulting in $50 million theft and reorganization of the blockchain. With 18 CVEs recorded, security remains a focus area, particularly around smart contract vulnerabilities and consensus mechanisms. The network's immutability and decentralized nature present unique security challenges, requiring rigorous auditing and formal verification for deployed contracts.

Top products by Ethereum: go-ethereum RLPx web3.py
CVE IDTitleCVSSSeverityPublished
CVE-2026-40072 web3.py affected by SSRF via CCIP Read (EIP-3668) OffchainLookup URL handling — web3.pyCWE-918 9.1AICriticalAI2026-04-09
CVE-2026-26315 Go Ethereum Improperly Validates the ECIES Public Key in RLPx Handshake — go-ethereumCWE-203 7.5 -2026-02-19
CVE-2026-26314 Go Ethereum affected by DoS via malicious p2p message — go-ethereumCWE-20 7.5 -2026-02-19
CVE-2026-26313 Go Ethereum affected by DoS via malicious p2p message — go-ethereumCWE-770 7.5 -2026-02-19
CVE-2026-22868 go-ethereum has a DoS via malicious p2p message — go-ethereumCWE-20 7.5AIHighAI2026-01-13
CVE-2026-22862 go-ethereum has a DoS via malicious p2p message — go-ethereumCWE-20 7.5AIHighAI2026-01-13
CVE-2015-20112 Ethereum RLPx 安全漏洞 — RLPxCWE-325 3.4 Low2025-06-29
CVE-2025-24883 go-ethereum has a DoS via malicious p2p message — go-ethereumCWE-248 7.5 -2025-01-30
CVE-2024-32972 go-ethereum denial of service via malicious p2p message — go-ethereumCWE-400 7.5 High2024-05-06
CVE-2023-40591 Denial of service via malicious p2p message in go-ethereum — go-ethereumCWE-400 7.5 High2023-09-06
CVE-2022-29177 DoS via malicious p2p message in Go-Ethereum — go-ethereumCWE-400 5.9 Medium2022-05-20
CVE-2021-41173 DoS via maliciously crafted p2p message — go-ethereumCWE-20 5.7 Medium2021-10-26
CVE-2021-39137 Consensus flaw during block processing in go-ethereum — go-ethereumCWE-436 6.5 Medium2021-08-24
CVE-2020-26264 LES Server DoS via GetProofsV2 — go-ethereumCWE-400 6.5 Medium2020-12-11
CVE-2020-26265 Consensus flaw during block processing — go-ethereumCWE-682 5.3 Medium2020-12-11
CVE-2020-26240 Erroneous Proof of Work calculation in geth — go-ethereumCWE-682 5.3 Medium2020-11-25
CVE-2020-26241 Shallow copy bug in geth — go-ethereumCWE-682 6.5 Medium2020-11-25
CVE-2020-26242 Denial of service in geth — go-ethereum 6.5 Medium2020-11-25

This page lists every published CVE security advisory associated with Ethereum. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.