Security Advisories · klever-io/klever-go · GitHub

Security Advisories

View known security vulnerabilities and report new vulnerabilities privately to maintainers.

Report a vulnerability

Unauthenticated remote node crash (nil-pointer DoS) in klever-go P2P transaction interceptor (txVersionChecker nil RawData) - potential chain halt
GHSA-rm5c-5x2p-48wr published Jun 2, 2026 by fbsobreira

High
klever-go: REST API slow-header connection exhaustion via Gin Engine.Run
GHSA-w4c6-7r69-w7j9 published Jun 2, 2026 by fbsobreira

High
klever-go: Unbounded goroutine spawn on direct-message ingress enables peer-driven DoS
GHSA-hf2g-6j7h-98wg published Jun 2, 2026 by fbsobreira

High
Throttler slot leak in trie account-data sync causes epoch bootstrap / state sync DoS
GHSA-fw38-pc54-jvx9 published Jun 2, 2026 by fbsobreira

Moderate
Hash-array amplification in P2P resolver request handling
GHSA-w342-mj6g-v9c4 published Jun 2, 2026 by fbsobreira

High
Klever-Go KVM read-only execution can commit contract delete and upgrade side effects
GHSA-jc6w-wmfc-fh33 published May 19, 2026 by fbsobreira

Moderate
Klever-Go MultiDataInterceptor: remote OOM via crafted compressed P2P payload
GHSA-87m7-qffr-542v published May 11, 2026 by fbsobreira

High
Klever-Go P2P MultiDataInterceptor leaks global throttler slots on malformed compressed batches (DoS)
GHSA-74m6-4hjp-7226 published May 19, 2026 by fbsobreira

High