github.com/consensys/gnark (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/consensys/gnark, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2025-57801 — CVSS 9.1 (critical): gnark is a zero-knowledge proof system framework. In versions prior to 0.14.0, the Verify function in eddsa.go and ecdsa.go used the S…
CVE-2025-58157 — CVSS 7.5 (high): gnark is a zero-knowledge proof system framework. In version 0.12.0, there is a potential denial of service vulnerability when computing…
CVE-2023-44378 — CVSS 7.1 (high): gnark is a zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.9.0, for some in-circuit values, it is…
CVE-2024-45039 — CVSS 6.2 (medium): gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Versions prior to 0.11.0 have a soundness issue - in case…
CVE-2024-45040 — CVSS 5.9 (medium): gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.11.0, commitments to private witnesses…
CVE-2024-50354 — CVSS 5.5 (medium): gnark is a fast zk-SNARK library that offers a high-level API to design circuits. In gnark 0.11.0 and earlier, deserialization of Groth16…