135 matches found
GHSA-4X76-22X2-RX8V OpenZeppelin Contracts Wizard has Code Injection in Generated Hardhat and Foundry Tests via Unsanitized opts.name / opts.uri
Summary The OpenZeppelin Contracts Wizard generated Hardhat test/test.ts and Foundry test/.t.sol example test files that interpolated user-supplied strings opts.name, opts.uri into the test source without escaping. A crafted input could produce a generated test file in which the input string brok...
Malicious Package
Overview npmjshardhat-common is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Smart_Contract_Researcher_POC
Smart Contract Security Research Portfolio hailthelord...
Malicious Package
Overview hardhat-evmchain is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in hardhat-evmchain (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0f369bb56919b0bda50e063229cfaf0fd1b0481d62c6d5fbdf90eb6e5cd6ac6e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5072 Malicious code in hardhat-evmchain (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0f369bb56919b0bda50e063229cfaf0fd1b0481d62c6d5fbdf90eb6e5cd6ac6e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview hardhat-gas-analytics is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in hardhat-gas-analytics (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71b0b8dd866d9c1f4516f4e537a2d61ea3cbe87f06b0195a24c0dea76fef44c0 This package typosquats the widely-used hardhat-gas-reporter Hardhat plugin matching its cache filename .hardhatgasreporteroutput.json and replicatin...
MAL-2026-4576 Malicious code in hardhat-gas-analytics (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71b0b8dd866d9c1f4516f4e537a2d61ea3cbe87f06b0195a24c0dea76fef44c0 This package typosquats the widely-used hardhat-gas-reporter Hardhat plugin matching its cache filename .hardhatgasreporteroutput.json and replicatin...
Malicious Package
Overview hardhat-gas-profiler-plugin is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious code in hardhat-gas-profiler-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c21e0ec3571fccc81c8e047835e84f75b6f0d95e2e4ee7e3d11537b99eab8115 Package impersonates the Hardhat plugin ecosystem real Hardhat plugins are published under @nomicfoundation/; the referenced github.com/hardhat/...
MAL-2026-4244 Malicious code in hardhat-gas-profiler-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c21e0ec3571fccc81c8e047835e84f75b6f0d95e2e4ee7e3d11537b99eab8115 Package impersonates the Hardhat plugin ecosystem real Hardhat plugins are published under @nomicfoundation/; the referenced github.com/hardhat/...
Malicious code in hardhat-core-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1b62021752710dce40c5fa0491b2c8e75454d25ee7e80bd15e3b5a99ace923ed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview hardhat-core-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-3728 Malicious code in hardhat-core-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1b62021752710dce40c5fa0491b2c8e75454d25ee7e80bd15e3b5a99ace923ed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in npmjs_hardhat-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 687cf12a3e056374d2222b02393858ebeca4856448165be0426f8fb32d207974 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3722 Malicious code in npmjs_hardhat-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 687cf12a3e056374d2222b02393858ebeca4856448165be0426f8fb32d207974 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in hardhat-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b72f90917aaff5b42d639bff4d28227b0cd2105ce4d2b109577a76b9d7003ecc The OpenSSF Package Analysis project identified 'hardhat-common' @ 2.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2026-3712 Malicious code in hardhat-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b72f90917aaff5b42d639bff4d28227b0cd2105ce4d2b109577a76b9d7003ecc The OpenSSF Package Analysis project identified 'hardhat-common' @ 2.0.0 npm as malicious. It is considered malicious because: - The package...
Malicious code in hardhat-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb86c79e7ed3cd429c0f28bc08e00ce020df2ec42fdda086ad8bfca99f259930 package.json declares a postinstall script that base64-decodes the string 'aHR0cDovLzguMjE3Ljc1LjE0NzozMDAwL3BheWxvYWQ=' to the URL...