Skip to content

Security data

Weaknesses (CWE)The MITRE CWE weakness catalog
Attack Patterns (CAPEC)MITRE CAPEC attack patterns
CNAsNumbering authorities + report cards
VendorsVulnerabilities by vendor

Tools

CVSS CalculatorScore CVSS 4.0, 3.1, 3.0 & 2.0

Resources

LearnPlain-English security guides
Data SourcesHow we source CVE data

About Us Blog Pricing Book a Demo

Log in

RadicalNotion.AI

We do not sell or share your personal information

© 2026 RadicalNotion.AI

Security Data

CWE Directory
CAPEC Directory
CNA Directory
CNA Report Cards
Data Sources

Calculators

CVSS Calculator
CVSS 4.0
CVSS 3.1
CVSS 3.0
CVSS 2.0

Platform

My Vulnerabilities
Insights
Notifications
Account
Pricing

Company

About us
Blog
Learn
Book a demo

Get Started

Sign up
Log in

Legal

Privacy
Terms

Home
Vendors
Protocol

protocol Vulnerabilities: CVEs, CISA KEV & Security Advisories

24 CVEs

protocol Vulnerabilities

CVE security advisories and vulnerability history for protocol.

24

Total CVEs

Published

0

In CISA KEV

Exploited in the wild

3

Public exploits

With known exploit

7.3

Avg CVSS

2020–2026

Overview

protocol has 24 published CVE records since 2020, of which 0 are in CISA's Known Exploited Vulnerabilities catalog and 3 have a known public exploit. The average CVSS base score across scored CVEs is 7.3.

This page aggregates every publicly disclosed vulnerability (CVE) affecting protocol products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of protocol's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical0

High15

Medium6

Low0

3 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

0

None of protocol's CVEs are currently listed in CISA's KEV catalog.

Public exploits

3

3 of protocol's CVEs have a known public exploit available.

Most affected products

The protocol products with the most published CVEs.

rust-libp2p7 CVEs
libp2p6 CVEs
github.com/ipfs/go-ipfs3 CVEs
gossipsub2 CVEs
go-ipld-prime2 CVEs
go-libp2p2 CVEs
github.com/libp2p/go-libp2p2 CVEs
github.com/ipld/go-ipld-prime2 CVEs

Common weakness types

The CWE weakness categories most often found in protocol CVEs. Follow any weakness for its full explanation.

CWE-400Uncontrolled Resource Consumption6 CVEs
CWE-770Allocation of Resources Without Limits or Throttling4 CVEs
CWE-190Integer Overflow or Wraparound2 CVEs
CWE-248Uncaught Exception1 CVE
CWE-116Improper Encoding or Escaping of Output1 CVE
CWE-617Reachable Assertion1 CVE
CWE-754Improper Check for Unusual or Exceptional Conditions1 CVE
CWE-755Improper Handling of Exceptional Conditions1 CVE

CNAs that assign these CVEs

The CVE Numbering Authorities that publish protocol CVE records.

GitHub_M19 CVEs
mitre4 CVEs
Go1 CVEs

Disclosure activity by year

How many protocol CVEs were published each year.

2020

3

2021

2

2022

6

2023

6

2026

7

Latest protocol CVEs

The most recently disclosed vulnerabilities affecting protocol.

go-ipld-prime's DAG-CBOR decoder unbounded memory allocation from CBOR headers
CWE-770
Medium · CVSS 6.2
EPSS 0.0%2026-04-07
libp2p-rust has unbounded rendezvous DISCOVER cookies enable remote memory exhaustion
CWE-770
High · CVSS 8.2
EPSS 0.1%2026-04-07
libp2p-rendezvous: Unlimited namespace registrations per peer enables OOM DoS on rendezvous servers
CWE-770
High · CVSS 7.5
EPSS 0.1%2026-04-07
libp2p-gossipsub: Gossipsub PRUNE Backoff Heartbeat Instant Overflow
CWE-617
High · CVSS 8.2
EPSS 0.1%2026-03-31
libp2p-rust: Gossipsub PRUNE.backoff Duration Overflow
CWE-190
High · CVSS 8.7
EPSS 0.0%2026-03-20
Yamux remote Panic via malformed Data frame with SYN set and len = 262145
CWE-248
High · CVSS 8.7
EPSS 0.1%2026-03-13
Yamux remote Panic via malformed WindowUpdate credit
CWE-190
High · CVSS 8.7
EPSS 0.0%2026-03-13
libp2p nodes vulnerable to OOM attack
CWE-400
High · CVSS 7.5
EPSS 0.4%2023-08-25
High vulnerability · 2023-05-10
CWE-770
High · CVSS 8.2
EPSS 1.1%2023-05-10
Medium vulnerability · 2023-02-09
CWE-400
Medium · CVSS 5.9
EPSS 0.5%2023-02-09
Denial of service when feeding malformed size arguments in go-bitfield
CWE-754
Medium · CVSS 5.9
EPSS 0.5%2023-02-09
Medium vulnerability · 2023-02-09
CWE-400
Medium · CVSS 5.9
EPSS 0.8%2023-02-09

Track new protocol CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor protocol CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

microsoft24,097 CVEs Linux19,131 CVEs google14,281 CVEs apple14,019 CVEs oracle10,440 CVEs debian10,201 CVEs IBM8,265 CVEs Adobe7,222 CVEs

Browse all vendors

Frequently asked questions

Common questions about protocol vulnerabilities.

How many CVEs does protocol have?

protocol has 24 published CVE records since 2020, including 7 in the last two years.

How many protocol CVEs are in CISA KEV?

None of protocol's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.

Which protocol products have the most CVEs?

The protocol products with the most published CVEs are rust-libp2p, libp2p, github.com/ipfs/go-ipfs, gossipsub, go-ipld-prime.

What are the most common weakness types in protocol CVEs?

protocol's CVEs most often map to these CWE weakness types: CWE-400 (Uncontrolled Resource Consumption), CWE-770 (Allocation of Resources Without Limits or Throttling), CWE-190 (Integer Overflow or Wraparound), CWE-248 (Uncaught Exception).

Are there public exploits for protocol vulnerabilities?

Yes — 3 of protocol's CVEs have a known public exploit.

What is the average severity of protocol CVEs?

The average CVSS base score across protocol's scored CVEs is 7.3.

References

The MITRE CVE Program (opens in a new tab)
Learn: What is a CVE?
CWE directory: the weakness types these CVEs map to
CNA directory: the CNAs that assign these CVEs

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track protocol vulnerabilities

Monitor new protocol vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing

On this page

Overview
Severity and exploitation
Most affected products
Common weakness types
Assigning CNAs
Disclosure activity
Latest CVEs
Other vendors
FAQ
References