Browse all 3 CVE security advisories affecting Tendermint. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Tendermint is a blockchain consensus engine enabling decentralized applications through its Byzantine Fault Tolerance protocol. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and insecure default configurations. While no major security incidents have been widely documented, the three recorded CVEs highlight risks in API endpoints and state synchronization. The platform's security relies on deterministic consensus but requires careful implementation to prevent common web vulnerabilities. Regular audits and secure coding practices remain essential given its use in critical infrastructure handling sensitive transactions.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2021-21271 | Denial of service in TenderMint Core — tendermintCWE-400 | 6.5 | Medium | 2021-01-26 |
| CVE-2020-15091 | Denial of Service in TenderMint — tendermintCWE-347 | 6.5 | Medium | 2020-07-02 |
| CVE-2020-5303 | Denial of service in Tendermint — TendermintCWE-789 | 3.1 | Low | 2020-04-10 |
This page lists every published CVE security advisory associated with Tendermint. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.