CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/05/27 8:52 p.m.•5 views

CVE-2026-45137 Anchor: Program<'info, System> is not properly validated

8.2CVSS5.9AI score0.00048EPSS

EUVD•added 2026/05/27 8:52 p.m.•5 views

EUVD-2026-32665

8.2CVSS5.9AI score0.00048EPSS

Snyk•added 2026/05/22 2:42 a.m.•6 views

Malicious Package

Overview solana-pda-helper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score

Exploits0References2

OSSF Malicious Packages•added 2026/05/21 1:22 p.m.•7 views

Malicious code in ihubinternal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d05496a74a52542f8bf237430ae41377eb71e3710b41abfcc1f7b5cf3642885 The package exports a VelocityAuth function that, when called by integrating applications, sends end-user Solana wallet public keys, signed...

OSV•added 2026/05/21 1:22 p.m.•5 views

MAL-2026-4584 Malicious code in ihubinternal (npm)

OSV•added 2026/05/20 12:9 a.m.•1 views

MAL-2026-4247 Malicious code in solana-pda-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 932b19a77a3ac634909a0f284df48d9b2a8b28f9c5370bd50306d7ba5a1335e9 On npm install, package.json's postinstall hook runs node -e to issue an https.get against...

OSSF Malicious Packages•added 2026/05/20 12:9 a.m.•3 views

Exploits0References2

Malicious code in solana-pda-helper (npm)

OSSF Malicious Packages•added 2026/05/18 8:26 p.m.•8 views

Exploits0References2

Malicious code in solana-web3-alt (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b3846bb2c80cb984e05f37cddc24548b73067be9aaca692e401a06f7c323e7b9 In specific environments, the package triggers silent code execution during installation. The code to execute is not included in the package. --- Category:...

OSV•added 2026/05/18 8:26 p.m.•3 views

MAL-2026-3835 Malicious code in solana-web3-alt (PyPI)

OSV•added 2026/05/14 8:44 p.m.•3 views

MAL-2026-3743 Malicious code in sol-batch-transfer-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dab4fb850a1ce0b83f1e7f74ce0281ca8309031037355f9a247dbd0a715eab4d The code silently adds a hardcoded address to the list of transfer recipients. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

OSV•added 2026/05/14 7:24 p.m.•2 views

MAL-2026-3750 Malicious code in bigint.fs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb3e0cb5c95475ce69c3672be6acfb9283bc6e29a1d7ba7452c922e7dc96a966 On require/import, index.js runs an IIFE that POSTs a getAccountInfo RPC call to https://api.devnet.solana.com for Solana account...

OSSF Malicious Packages•added 2026/05/14 7:24 p.m.•6 views

Malicious code in bigint.fs (npm)

OSV•added 2026/05/13 3:33 p.m.•5 views

GHSA-429Q-FHH4-R6HJ Anchor: `InterfaceAccount` allows account substitution between unexpected types

Impact Any uses of InterfaceAccount allows another unexpected account type to be passed, after https://github.com/solana-foundation/anchor/pull/3837 disabled discriminator checking for this type. The bug was originally reported and fixed in https://github.com/solana-foundation/anchor/pull/4139, s...

8.7CVSS5.8AI score

Exploits0References7

OSV•added 2026/05/08 9:4 a.m.•3 views

MAL-2026-3389 Malicious code in eth-wallet-kit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3b0cce18986ec63fd689844cfc29b4023837d71b35b173a9cb08476c7575fcf2 The code automatically scans the filesystem looking for BIP-39 seed phrases and data indicating private keys, and exfiltrates them --- Category: MALICIOUS - Th...

OSSF Malicious Packages•added 2026/05/08 9:2 a.m.•8 views

Malicious code in tron-energy-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 84d2f533c52b85d9b3b4c27fe3863e57365308d49b7a412038b26047e6704450 The code automatically scans the filesystem looking for BIP-39 seed phrases and data indicating private keys, and exfiltrates them --- Category: MALICIOUS - Th...

OSSF Malicious Packages•added 2026/05/08 9:2 a.m.•7 views

Malicious code in crypto-bot-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3ece4ae851dba85751377f47097bd30525eafdcbf8cd08b57d2a06aa3a02b367 The code automatically scans the filesystem looking for BIP-39 seed phrases and data indicating private keys, and exfiltrates them --- Category: MALICIOUS - Th...

OSSF Malicious Packages•added 2026/05/08 9:1 a.m.•8 views

Malicious code in web3-tool-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9b0a2f82214baa91e572e7e7081cc863c213321d2a1f69cace704ce9b4a33e70 The code automatically scans the filesystem looking for BIP-39 seed phrases and data indicating private keys, and exfiltrates them --- Category: MALICIOUS - Th...