Lucene search
+L

382 matches found

ossf
ossf
added 2 days ago6 views

Malicious code in solana-key-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68b4680547530fce361014fe8c228734a8ec33bc8c834f46285e371e8f6b9f92 On require, index.js waits 37 seconds, reads test/fixtures/keypairs.dat a 53KB base64 blob disguised as a test fixture, no test harness references it...

6.4AI score
Exploits0References4
osv
osv
added 2 days ago4 views

MAL-2026-10591 Malicious code in solana-key-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68b4680547530fce361014fe8c228734a8ec33bc8c834f46285e371e8f6b9f92 On require, index.js waits 37 seconds, reads test/fixtures/keypairs.dat a 53KB base64 blob disguised as a test fixture, no test harness references it...

6.4AI score
Exploits0References4
ossf
ossf
added 2026/07/07 3:6 p.m.13 views

Malicious code in solana-address-codec (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e1008cff7bb82464ce9ade3ae5c353e929b7367800b404a038baa8a026c69ae The package name resembles utilities in the Solana ecosystem e.g., @solana/addresses and address codec helpers, which is a common target for typosqua...

5.9AI score
Exploits0References7
osv
osv
added 2026/07/07 3:6 p.m.7 views

MAL-2026-6924 Malicious code in solana-address-codec (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e1008cff7bb82464ce9ade3ae5c353e929b7367800b404a038baa8a026c69ae The package name resembles utilities in the Solana ecosystem e.g., @solana/addresses and address codec helpers, which is a common target for typosqua...

6.1AI score
Exploits0References7
osv
osv
added 2026/06/26 2:13 p.m.7 views

MAL-2026-6522 Malicious code in @epsteinlovekids483/crossmint-wallets-sdk-pentest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e43e5a418541bb3e485010eba536ecc9f1483dba866af53ff4a760684409213 Package's main entry dist/index.cjs unconditionally requires dist/shai-hulud.js at module load. On require, the code harvests installer secrets —...

5.9AI score
Exploits0References9
osv
osv
added 2026/06/23 4:11 p.m.7 views

MAL-2026-6317 Malicious code in ts-bn-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e591f0b407bc22e3abe20da9207df2d2922f75d98ab97aaa62557ca88b8fc349 [email protected] is a credential harvester disguised as a TypeScript/lint utility. index.js defines decodeStr which base64-decodes all operationally...

5.9AI score
Exploits0References2
ossf
ossf
added 2026/06/16 3:1 a.m.14 views

Malicious code in solana-js-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 855cf386497f33e21db48ae8b87c769fd777f52b585f3d8d5f276fd4c9d42628 Package masquerades as a 'Drop-in replacement for @solana/web3.js' and lists its author as 'Solana Labs Maintainers ' to impersonate the legitimate...

5.4AI score
Exploits0References1
ossf
ossf
added 2026/06/16 3:0 a.m.14 views

Malicious code in solana-mev-bot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e65516d3e042858742ebfee878ff2de6361994ce0155dcbf53c8e0f24cd5fafb bot.js performs a hardcoded HTTPS GET to api.telegram.org's bot sendMessage endpoint, transmitting host fingerprint data collected via os.hostname,...

5.3AI score
Exploits0References1
osv
osv
added 2026/06/16 3:0 a.m.9 views

MAL-2026-5861 Malicious code in solana-mev-bot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e65516d3e042858742ebfee878ff2de6361994ce0155dcbf53c8e0f24cd5fafb bot.js performs a hardcoded HTTPS GET to api.telegram.org's bot sendMessage endpoint, transmitting host fingerprint data collected via os.hostname,...

5.4AI score
Exploits0References1
ossf
ossf
added 2026/06/15 5:17 p.m.18 views

Malicious code in @solana-labs/ancor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d59b87155558b811b79a7d671f6dcd66bee47adff3a7022ab22d73f18d86369 Package name @solana-labs/ancor is a one-character typosquat of the legitimate @coral-xyz/anchor / @project-serum/anchor Solana framework, published...

5.5AI score
Exploits0References6
osv
osv
added 2026/06/15 5:17 p.m.13 views

MAL-2026-5786 Malicious code in @solana-labs/ancor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d59b87155558b811b79a7d671f6dcd66bee47adff3a7022ab22d73f18d86369 Package name @solana-labs/ancor is a one-character typosquat of the legitimate @coral-xyz/anchor / @project-serum/anchor Solana framework, published...

5.6AI score
Exploits0References6
ossf
ossf
added 2026/06/15 5:15 p.m.17 views

Malicious code in @solana-labs/spl-toke (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 490ce5d7e43d8a79aa85bbd24e7140ed074eee472f375092ab9b4cd650ce41f8 Package name @solana-labs/spl-toke is a one-character omission of the legitimate @solana-labs/spl-token package, abusing the official Solana Labs...

5.3AI score
Exploits0References8
osv
osv
added 2026/06/15 5:15 p.m.9 views

MAL-2026-5787 Malicious code in @solana-labs/spl-toke (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 490ce5d7e43d8a79aa85bbd24e7140ed074eee472f375092ab9b4cd650ce41f8 Package name @solana-labs/spl-toke is a one-character omission of the legitimate @solana-labs/spl-token package, abusing the official Solana Labs...

5.3AI score
Exploits0References8
ossf
ossf
added 2026/06/15 5:15 p.m.13 views

Malicious code in @solana-labs/web3js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b79f799d106eaad2a09af8eac8b3ac64a46966e392ec423461facd26dc958705 This package impersonates the legitimate @solana/web3.js library under a confusable scope @solana-labs/web3js. On npm install, the postinstall hook...

5.7AI score
Exploits0References6
snyk
snyk
added 2026/06/11 9:0 p.m.13 views

Malicious Package

Overview @solana-labs/web3.js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
snyk
snyk
added 2026/06/11 9:0 p.m.11 views

Malicious Package

Overview solana-web3-patched is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
snyk
snyk
added 2026/06/11 9:0 p.m.12 views

Malicious Package

Overview @solana-labs/ancor is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
snyk
snyk
added 2026/06/11 9:0 p.m.12 views

Malicious Package

Overview solana-mev-bot is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
snyk
snyk
added 2026/06/11 9:0 p.m.10 views

Malicious Package

Overview solana-web3-fork is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
snyk
snyk
added 2026/06/11 9:0 p.m.9 views

Malicious Package

Overview solana-rpc-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Rows per page
Query Builder