CWE-34528 advisories

Insufficient Verification of Data Authenticity

What it is

Data or code is accepted without verifying it really came from the expected source.

How to fix it

Upgrade and verify signatures/checksums on the affected data.

How to avoid it

Verify signatures and integrity hashes on anything you download or trust.

Known Insufficient Verification of Data Authenticity vulnerabilities

WEB3-FRONTEND-DNS-HIJACK-2022 — high · Web3/dApp web frontend / DNS / registrar / CDN trust boundary
PHISH-QUISHING — medium · Phishing · QR code/QR-code phishing (quishing)
WEB3-KILOEX-2025 — critical · Web3 · Multichain/KiloEx (perpetuals DEX price feed) · exploited
WEB3-BYBIT-2025 — critical · Web3 · CEX/Bybit · exploited
WEB3-RADIANT-2024 — critical · Web3 · Arbitrum/Radiant Capital · exploited
PHISH-BEC — critical · Phishing · BEC/Business email compromise (BEC)
WEB3-WAZIRX-2024 — critical · Web3 · CEX/WazirX
WEB3-UWULEND-2024 — critical · Web3 · Ethereum/UwU Lend · exploited
SC-GHA-CACHE-POISON-2024 — high · CI/CD · GitHub Actions/GitHub Actions cache poisoning · exploited
PHISH-SPEAR-PHISHING — high · Phishing · Spear phishing/Spear phishing
WEB3-ORBITCHAIN-2024 — critical · Web3 · Ethereum/Orbit Chain (Orbit Bridge) · exploited
WEB3-LEDGER-CONNECT-KIT-2023 — critical · Web3 · Ethereum/Ledger Connect Kit · exploited
WEB3-MANGO-MARKETS-2022 — critical · Web3 · Solana/Mango Markets
WEB3-BNB-CHAIN-2022 — critical · Web3 · BNB Chain/BSC Token Hub · exploited
WEB3-NOMAD-2022 — critical · Web3 · Ethereum/Nomad · exploited
WEB3-INVERSE-2022 — critical · Web3 · Ethereum/Inverse Finance · exploited
WEB3-RONIN-2022 — critical · Web3 · Ethereum/Ronin Network
WEB3-WORMHOLE-2022 — critical · Web3 · Solana/Wormhole · exploited
WEB3-CREAM-FINANCE-2021 — critical · Web3 · Ethereum/Cream Finance · exploited
WEB3-POLY-NETWORK-2021 — critical · Web3 · Ethereum/Poly Network · exploited
WEB3-PANCAKEBUNNY-2021 — critical · Web3 · BNB Chain/PancakeBunny · exploited
WEB3-VALUEDEFI-2020 — critical · Web3 · Ethereum/Value DeFi · exploited
WEB3-HARVEST-2020 — critical · Web3 · Ethereum/Harvest Finance · exploited
WEB3-BZX-2020 — critical · Web3 · Ethereum/bZx Protocol · exploited
PHISH-GOOGLE-FACEBOOK-BEC-2019 — critical · Phishing · BEC/Google and Facebook
PHISH-DNC-PODESTA-2016 — high · Phishing · Spear phishing/Clinton campaign (John Podesta)
CVE-2011-0609 — critical · Phishing · Spear phishing/RSA SecurID (EMC) · exploited
INFRA-STUXNET-2010 — critical · ICS · OT/Siemens SIMATIC S7 PLCs (Natanz)

Stateward flags Insufficient Verification of Data Authenticity in your own code and dependencies on every pull request.

Scan my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.