Lucene search
K

531 matches found

OSV
OSV
added 2026/05/14 7:24 p.m.8 views

MAL-2026-3768 Malicious code in npmjs_web3-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 263a0126b20b1d58bc0528a4b7bea19027b94383e00b5b9f03b712d96be89ca7 The package's postinstall lifecycle hook downloads a script from a personal GitHub Gist...

5.5AI score
Exploits0References2
Snyk
Snyk
added 2026/05/14 3:49 p.m.7 views

Malicious Package

Overview web3-utils-core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/14 3:49 p.m.11 views

Malicious code in web3-utils-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a5f9a8e5a9dede9c1427e0e8d5c0d8db66d3edbf33e75da9e7cd205b31a1ce3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/13 8:8 p.m.13 views

MAL-2026-3706 Malicious code in web3-helpers (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8d6102ae402b2583a01da47e71f41cccba99fb7826dcf360004d8924557e1760 During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/13 11:51 a.m.9 views

Malicious code in web3-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2e42f568897d9af194eb75275059455c99b369456b0c8e0ffe13e7f32be839e6 The OpenSSF Package Analysis project identified 'web3-common' @ 1.0.0 npm as malicious. It is considered malicious because: - The package execut...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/13 11:51 a.m.7 views

MAL-2026-3718 Malicious code in web3-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2e42f568897d9af194eb75275059455c99b369456b0c8e0ffe13e7f32be839e6 The OpenSSF Package Analysis project identified 'web3-common' @ 1.0.0 npm as malicious. It is considered malicious because: - The package execut...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/13 11:51 a.m.8 views

Malicious code in web3-core-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46f9612aaab12b9656a1f1b5fbd7684fdcd57833bbf76d14b2a243f679cb0977 package.json declares a lifecycle hook that invokes require'childprocess' and execSync with a curl command at install time. This pattern fetches remo...

6.2AI score
Exploits0References1
OSV
OSV
added 2026/05/13 11:51 a.m.3 views

MAL-2026-3719 Malicious code in web3-core-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46f9612aaab12b9656a1f1b5fbd7684fdcd57833bbf76d14b2a243f679cb0977 package.json declares a lifecycle hook that invokes require'childprocess' and execSync with a curl command at install time. This pattern fetches remo...

6.2AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/10 9:11 a.m.13 views

Malicious code in web3-py-checksum (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4b2052172f5c854b2e91f6bdc9336a97469cd161372621a1880d9cd1e3ad426a The code silently exfiltrates the private key of a crypto account. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/10 9:11 a.m.13 views

MAL-2026-3411 Malicious code in web3-py-checksum (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4b2052172f5c854b2e91f6bdc9336a97469cd161372621a1880d9cd1e3ad426a The code silently exfiltrates the private key of a crypto account. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/08 9:1 a.m.11 views

MAL-2026-3393 Malicious code in web3-tool-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9b0a2f82214baa91e572e7e7081cc863c213321d2a1f69cace704ce9b4a33e70 The code automatically scans the filesystem looking for BIP-39 seed phrases and data indicating private keys, and exfiltrates them --- Category: MALICIOUS - Th...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/08 7:25 a.m.11 views

MAL-2026-3385 Malicious code in web3-helper (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8b4b0ec18a585bcc92bfeea9cf5e3febdd7d540f38f78cb1acc62ce33784a492 The code automatically scans the filesystem looking for BIP-39 seed phrases and data indicating private keys, and exfiltrates them --- Category: MALICIOUS - Th...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/08 7:24 a.m.6 views

MAL-2026-3384 Malicious code in web3-connect (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1395358346670699250fafa1cb824e59ce1d8265d21b6c80c5033f572349265f Code pretends to be a crypto utility but exfiltrates given private key / seed --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

5.8AI score
Exploits0References1
Veracode
Veracode
added 2026/04/18 5:36 a.m.6 views

Server-Side Request Forgery (SSRF)

web3.py is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to web3.py directly processing contract-supplied URLs in its CCIP Read/OffchainLookup EIP-3668 implementation without validating the destination, which allows an attacker to craft a malicious smart contract that...

7.2CVSS6AI score0.00228EPSS
Exploits2References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/09 5:41 p.m.1 views

CVE-2026-40072

web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchainlookuppayload"urls". The implementation uses these...

6.3CVSS6AI score0.00228EPSS
Exploits2References3Affected Software1
EUVD
EUVD
added 2026/04/09 5:41 p.m.4 views

EUVD-2026-21000

web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchainlookuppayload"urls". The implementation uses these...

6.3CVSS6AI score0.00228EPSS
Exploits2References2
CVE
CVE
added 2026/04/09 5:41 p.m.24 views

CVE-2026-40072

CVE-2026-40072 – SSRF via CCIP Read in web3.py Affected: web3.py (Python library) versions 6.0.0b3 through before 7.15.0 and 8.0.0b2. The CCIP Read / OffchainLookup (EIP-3668) implementation fetches URLs supplied by contracts without destination validation and with default-on exposure (global_cci...

7.2CVSS6AI score0.00228EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2026/04/09 5:41 p.m.24 views

CVE-2026-40072 web3.py affected by SSRF via CCIP Read (EIP-3668) OffchainLookup URL handling

web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchainlookuppayload"urls". The implementation uses these...

6.3CVSS0.00228EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.9 views

web3.py 代码问题漏洞

web3.py is an open-source Python library developed by ethereum for interacting with the Ethereum blockchain. There were code-related vulnerabilities in versions of web3.py from 6.0.0b3 to 7.15.0, as well as in version 8.0.0b2. These vulnerabilities stemmed from a lack of target validation when...

6.3CVSS5.8AI score0.00228EPSS
Exploits2References2
vulnersOsv
vulnersOsv
added 2026/04/04 6:38 a.m.5 views

aark-sdk (>=0.1.2 <=0.1.9), abi-maker (=0.1.2) +404 more potentially affected by CVE-2026-40072 via web3 (>=6.0.0b3 <=7.14.1)

web3 PYPI version =6.0.0b3, =0.1.2, =0.1.7, =2.6.0, =1.1.0, =1.0.0, =0.2.1, =0.1.0, =0.7.2, =0.3.0, =0.4.0a1, =0.1.0b1, =0.1.22, =0.4.0, =0.7.0, =0.7.1 and more Source cves: CVE-2026-40072 Source advisory: SNYK:PYTHON-WEB3-15907867...

7.2CVSS5.4AI score0.00228EPSS
Exploits2
Rows per page
Query Builder