CVE/GHSA advisory issued against protocol

Babylon Protocol's assessment for RD-F-178 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Three GHSA advisories confirmed against babylonlabs-io/babylon: (1) GHSA-2fcv-qww3-9v6h — Moderate — malformed vote extensions chain-halt DoS — patched v4.1.0 (Nov 2025); (2) GHSA-m6wq-66p2-c8pc — High — nil BlockHash consensus panics — patched v4.2.0 (Dec 2025); (3) GHSA-xq4h-wqm2-668w — Low — BIP-322 SIGHASH compliance — patched v4.1.0 (Nov 2025). All advisories patched in current release v4.2.7. No unpatched advisories found. Yellow = advisory exists and patched.

Sources #

GitHub
GHSA-m6wq-66p2-c8pc: Nil BlockHash in BLS vote extensions triggers panicsGHSA-m6wq-66p2-c8pc — High severity — nil BlockHash consensus panics — patched v4.2.0retrieved 2026-05-04
GitHub
GHSA-2fcv-qww3-9v6h: Malformed vote extensions are not rejectedGHSA-2fcv-qww3-9v6h — Moderate severity — malformed vote extensions — patched v4.1.0retrieved 2026-05-04
GitHub
GHSA-xq4h-wqm2-668w: BIP322 signature implementation is not fully compliantGHSA-xq4h-wqm2-668w — Low severity — BIP322 non-compliance — patched v4.1.0retrieved 2026-05-04

Methodology #

Determine whether a CVE, GHSA, or equivalent public advisory has been issued against this protocol or its code.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol babylon-protocol factor RD-F-178 score yellow collected_at 2026-05-04 19:43:27