bitcoin

Top products

The 15 most recently published vulnerabilities affecting bitcoin.

• CVE-2025-46598Bitcoin Core through 29.0 allows a denial of service via a crafted transaction.5.3Mar 20, 2026
• CVE-2025-46597Bitcoin Core 0.13.0 through 29.x has an integer overflow.7.5Mar 20, 2026
• CVE-2025-54605Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 2 of 2).7.5Oct 28, 2025
• CVE-2025-54604Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 1 of 2).7.5Oct 28, 2025
• CVE-2024-55563Bitcoin Core through 27.2 allows transaction-relay jamming via an off-chain protocol attack, a related issue to CVE-2024-52913. For example, the outcome of an HTLC (Hashed Timelock Contract) can be...5.3Dec 9, 2024
• CVE-2024-52922In Bitcoin Core before 25.1, an attacker can cause a node to not download the latest block, because there can be minutes of delay when an announcing peer stalls instead of complying with the peer-t...6.5Nov 18, 2024
• CVE-2024-52921In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block.5.3Nov 18, 2024
• CVE-2024-52920Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed GETDATA message.7.5Nov 18, 2024
• CVE-2024-52919Bitcoin Core before 22.0 has a CAddrMan nIdCount integer overflow and resultant assertion failure (and daemon exit) via a flood of addr messages.6.5Nov 18, 2024
• CVE-2024-52917Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device.6.5Nov 18, 2024
• CVE-2024-52916Bitcoin Core before 0.15.0 allows a denial of service (OOM kill of a daemon process) via a flood of minimum difficulty headers.7.5Nov 18, 2024
• CVE-2024-52915Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption) via a crafted INV message.7.5Nov 18, 2024
• CVE-2024-52914In Bitcoin Core before 0.18.0, a node could be stalled for hours when processing the orphans of a crafted unconfirmed transaction.7.5Nov 18, 2024
• CVE-2024-52913In Bitcoin Core before 0.21.0, an attacker could prevent a node from seeing a specific unconfirmed transaction, because transaction re-requests are mishandled.5.3Nov 18, 2024
• CVE-2024-52912Bitcoin Core before 0.21.0 allows a network split that is resultant from an integer overflow (calculating the time offset for newly connecting peers) and an abs64 logic bug.7.5Nov 18, 2024