Browse all 13 CVE security advisories affecting libp2p. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Libp2p serves as a modular networking stack for peer-to-peer applications, enabling decentralized communication protocols. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and insecure default configurations. While no major public security incidents have been widely documented, the 13 recorded CVEs highlight potential risks in its implementation. Security characteristics include its decentralized nature but also complexity in secure deployment. Developers must carefully implement access controls and validate all inputs to mitigate risks, as the library's extensive functionality surface area increases potential attack vectors when not properly configured.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-35457 | libp2p-rust has unbounded rendezvous DISCOVER cookies enable remote memory exhaustion — rust-libp2pCWE-770 | 8.2 | High | 2026-04-07 |
| CVE-2026-35405 | libp2p-rendezvous: Unlimited namespace registrations per peer enables OOM DoS on rendezvous servers — rust-libp2pCWE-770 | 7.5 | High | 2026-04-07 |
| CVE-2026-34219 | libp2p-gossipsub: Gossipsub PRUNE Backoff Heartbeat Instant Overflow — rust-libp2pCWE-190 | 7.5AI | HighAI | 2026-03-31 |
| CVE-2026-33040 | libp2p-rust: Gossipsub PRUNE.backoff Duration Overflow — rust-libp2pCWE-190 | 7.5 | - | 2026-03-20 |
| CVE-2022-23486 | libp2p-rust denial of service vulnerability from lack of resource management — rust-libp2pCWE-400 | 7.5 | High | 2022-12-07 |
This page lists every published CVE security advisory associated with libp2p. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.