Libp2p Js-libp2p
4 CVEs affecting Libp2p Js-libp2p. Latest disclosed: 2026-07-08. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-49866 | High | 7.5 | 2026-07-08 | libp2p is a JavaScript Implementation of libp2p networking stack. Prior to 16.0.0, @libp2p/gossipsub defaultDecodeRpcLimits set maxIhaveMessageIDs and maxIwant… |
CVE-2026-46679 | High | 7.5 | 2026-06-10 | libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 15.0.23, three cooperating omissions in @libp2p/gossipsub allow an unauthent… |
CVE-2026-45783 | High | 7.5 | 2026-06-10 | libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 16.2.6, an unauthenticated remote peer can exhaust the disk storage of any @… |
CVE-2022-23487 | High | 7.5 | 2022-12-07 | js-libp2p is the official javascript Implementation of libp2p networking stack. Versions older than `v0.38.0` of js-libp2p are vulnerable to targeted resource… |