@ansdomain/react-ans-address (>=0.0.31 <=0.0.32), @ansdomain/ui (>=3.8.0 <=3.8.771) +108 more potentially affected by CVE-2026-22866 via @ensdomains/ens-contracts (>=0.0.10 <=1.2.2)

@ensdomains/ens-contracts NPM version =0.0.10, =0.0.31, =3.8.0, =0.3.0-alpha, =1.2.0, =0.0.1, =0.0.1, =2.1.7, =3.4.2, =0.0.1, =3.4.5, =3.0.0-alpha.3, =2.2.2, =1.0.0, =3.0.0-alpha.3 and more Source cves: CVE-2026-22866 Source advisory: OSV:GHSA-C6RR-7PMC-73WC...

MAL-2025-190931 Malicious code in @ensdomains/ens-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dee805b6610ec644c5edb2b73ca1d1da2119bb3280f182e716cfdd0aa31720fb The package @ensdomains/ens-contracts was found to contain malicious code. Source: ghsa-malware...

@cartesi/rollups (=2.0.0-rc.3), @guidanoli/cmioc (>=0.1.4 <=0.2.1) +5 more potentially affected by unknown CVE via @ensdomains/ens-contracts (>=1.0.0 <=1.2.2)

@ensdomains/ens-contracts NPM version =1.0.0, =0.1.4, =0.1.5, =0.0.6, =0.0.4, =100.2.5-beta.0, =0.4.0, =0.9.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-190931...

@adafel/adafel-solidity (>=0.1.0 <=0.1.6), @ansdomain/ans-contracts (=0.0.11) +219 more potentially affected by unknown CVE via ethereum-ens (>=0.1.1 <=0.8.0)

ethereum-ens NPM version =0.1.1, =0.1.0, =0.0.31, =3.8.0, =0.3.0-alpha, =1.0.0-beta.0, =1.0.0-beta.1, =1.0.0-beta.1, =1.2.0, =0.0.6, =0.0.7-beta.1 and more Source cves: unknown CVE Source advisory: OSV:MAL-2025-190696...

use higher version of openzeppelin library instead of vulnerible ones.

Lines of code Vulnerability details Impact the Op lib has some dangerous vulnerabilities in lower versions especially when you work with ERC1155 Openzeppelin already says the lower versions are vulnerable. Affected versions = 4.2.0 Tools Used vs code Recommended Mitigation Steps upgrade versions ...

Integer overflow

Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration...

CVE-2023-38698 .eth registrar controller can shorten the duration of registered names

Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration...

CVE-2023-38698 .eth registrar controller can shorten the duration of registered names

Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration...