Browse all 8 CVE security advisories affecting ipfs. AI-powered Chinese analysis, POCs, and references for each vulnerability.
IPFS is a distributed protocol designed for decentralized file storage and content addressing, enabling persistent data sharing without centralized servers. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and insecure default configurations. While no major public security incidents have been widely documented, the 8 recorded CVEs highlight potential risks in implementations. The protocol's decentralized nature reduces single points of failure but introduces complex attack surfaces across nodes. Security remains a concern, particularly for deployments handling sensitive data, requiring careful hardening and regular updates to mitigate identified weaknesses.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-25568 | Boxo bitswap/server: DOS unbounded persistent memory leak — boxoCWE-400 | 8.2 | High | 2023-05-10 |
| CVE-2023-23625 | Denial of service in HAMT Decoding in go-unixfs — go-unixfsCWE-400 | 5.9 | Medium | 2023-02-09 |
| CVE-2023-23626 | Denial of service when feeding malformed size arguments in go-bitfield — go-bitfieldCWE-754 | 5.9 | Medium | 2023-02-09 |
| CVE-2023-23631 | HAMT Decoding Panics in github.com/ipfs/go-unixfsnode — go-unixfsnodeCWE-400 | 5.9 | Medium | 2023-02-09 |
| CVE-2022-23495 | ProtoNode may be modified such that common method calls may panic in ipfs/go-merkledag — go-merkledagCWE-755 | 7.5 | High | 2022-12-08 |
| CVE-2020-26283 | Control character injection in console output — go-ipfsCWE-116 | 6.8 | Medium | 2021-03-24 |
| CVE-2020-26279 | Path traversal — go-ipfsCWE-22 | 7.7 | High | 2021-03-24 |
| CVE-2020-11059 | Exposure of Sensitive Information to an Unauthorized Actor in AEgir — AEgirCWE-200 | 9.6 | Critical | 2020-05-27 |
This page lists every published CVE security advisory associated with ipfs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.