ConsenSys Diligence
Audits Fuzzing Scribble Blog Tools Research About Contact

Public Disclosure

Responsible disclosure of 0-day vulnerabilities is one way we show our gratitude to all the beautiful ❤️ open-source projects.


Title Author(s) CVE Date
Snapshot.org - Proposal Space Confusion tintinweb - 2021
Python - MIME Splitting tintinweb - 2021
Python - smtplib Multiple Crlf Injection tintinweb - 2021
PHP - IMAP MIME Splitting and Crlf Injection tintinweb - 2021
Remix Ethereum IDE - Drive-By and Remixd Path Traversal and Rce tintinweb - 2021
Nim - Insecure SSL/TLS Defaults, MitM, and nimble shell command injection tintinweb CVE-2021-21374 CVE-2021-21373 CVE-2021-21372 2021
Nim - stdlib asyncftpd - Crlf Injection tintinweb CVE-2020-15690 2021
Ethereum 2.0 - Teku - DoS via Gossipsub tintinweb - 2020
Ethereum 1.0 - Trinity - Neighbour of Death remote DoS via DiscV4 tintinweb - 2020
Nim - stdlib Browsers - `open` Argument Injection tintinweb CVE-2020-15692 2020
Nim - stdlib Httpclient - Header Crlf Injection & Server Response Validation tintinweb CVE-2020-15693 CVE-2020-15694 2020
Nim - stdlib smtp - multiple crlf injections tintinweb CVE-2020-15691 2020
Request a Security Review Today
Get in touch with our team to request a quote for a smart contract audit.
Contact Us
Audits Fuzzing Scribble Blog Tools Research About Contact Careers Privacy Policy
Subscribe to Our Newsletter
Stay up-to-date on our latest offerings, tools, and the world of blockchain security.