Every CVE whose affected-product data names Ethereum Go Ethereum, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (24)
CVE-2018-12018 — CVSS 7.5 (high): The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) before 1.8.11 may lead to an access violation…
CVE-2018-16733 — CVSS 7.5 (high): In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer.go does not verify that the end block is after the start block.
CVE-2018-19184 — CVSS 7.5 (high): cmd/evm/runner.go in Go Ethereum (aka geth) 1.8.17 allows attackers to cause a denial of service (SEGV) via crafted bytecode.
CVE-2018-20421 — CVSS 7.5 (high): Go Ethereum (aka geth) 1.8.19 allows attackers to cause a denial of service (memory consumption) by rewriting the length of a dynamic array…
CVE-2021-42219 — CVSS 7.5 (high): Go-Ethereum v1.10.9 was discovered to contain an issue which allows attackers to cause a denial of service (DoS) via sending an excessive…
CVE-2022-23327 — CVSS 7.5 (high): A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a high gas price in…
CVE-2022-23328 — CVSS 7.5 (high): A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account…
CVE-2023-40591 — CVSS 7.5 (high): go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node, can be made to consume unbounded…
CVE-2023-42319 — CVSS 7.5 (high): Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service (memory…
CVE-2026-22862 — CVSS 7.5 (high): go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash…
CVE-2026-22868 — CVSS 7.5 (high): go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash…
CVE-2026-26313 — CVSS 7.5 (high): go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.17.0, an attacker can cause high…
CVE-2026-26314 — CVSS 7.5 (high): go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, a vulnerable node can be…
CVE-2026-26315 — CVSS 7.5 (high): go-ethereum (Geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the…
CVE-2021-39137 — CVSS 6.5 (medium): go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum…
CVE-2020-26241 — CVSS 6.5 (medium): Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before…
CVE-2020-26242 — CVSS 6.5 (medium): Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a…
CVE-2020-26264 — CVSS 6.5 (medium): Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service…
CVE-2022-29177 — CVSS 5.9 (medium): Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to…
CVE-2022-37450 — CVSS 5.9 (medium): Go Ethereum (aka geth) through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a…
CVE-2021-41173 — CVSS 5.7 (medium): Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9, a vulnerable node is susceptible to…
CVE-2021-43668 — CVSS 5.5 (medium): Go-Ethereum 1.10.9 nodes crash (denial of service) after receiving a serial of messages and cannot be recovered. They will crash with…
CVE-2020-26240 — CVSS 5.3 (medium): Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before…
CVE-2020-26265 — CVSS 5.3 (medium): Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version…