CVE/GHSA advisory issued against protocol

Chainlink CCIP's assessment for RD-F-178 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No CVE, GHSA, or equivalent public advisory found for Chainlink CCIP in CVE databases, CISA bulletins, GitHub Security Advisory database, or NVD. Web search for CCIP CVE/security advisory returned no hits specific to CCIP infrastructure. CISA weekly vulnerability bulletins searched (including December 2025 bulletin surfaced in search results) - no CCIP entry. Note: this reflects CCIP's clean exploit record; absence of CVE is consistent with zero known exploits.

Sources #

URL
Chainlink GitHub SecurityGitHub security advisory database - Chainlink security tab; no GHSA for CCIP foundretrieved 2026-05-16
URL
CISA Vulnerability Summary Bulletin December 2025CISA vulnerability bulletins - no CCIP-specific advisory found in public bulletin recordsretrieved 2026-05-16

Methodology #

Determine whether a CVE, GHSA, or equivalent public advisory has been issued against this protocol or its code.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol chainlink-ccip factor RD-F-178 score green collected_at 2026-05-16 01:55:09