Malicious code in @solana-labs/web3js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b79f799d106eaad2a09af8eac8b3ac64a46966e392ec423461facd26dc958705 This package impersonates the legitimate @solana/web3.js library under a confusable scope @solana-labs/web3js. On npm install, the postinstall hook...

Malicious code in solana-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f0a22ac83bdfd88312e7d422a0e3c27531ccdb7a6c6e4afa1ae513bb9aecf41f Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

@parrotfi/wallets (=1.0.0) potentially affected by CVE-2024-30253 via @solana/web3.js (=1.2.5)

@solana/web3.js NPM version =1.2.5 is affected by a known vulnerability. The following packages have a transitive dependency on @solana/web3.js and may be impacted: - @parrotfi/wallets =1.0.0 Source cves: CVE-2024-30253 Source advisory: OSV:GHSA-8M45-2RJM-J347...

@3s-wallet-core/provider (>=0.0.2 <=1.0.3), @3s-wallet-core/wallet (>=0.0.4 <=1.0.2) +23 more potentially affected by CVE-2024-30253 via @solana/web3.js (>=1.89.0 <=1.89.1)

@solana/web3.js NPM version =1.89.0, =0.0.2, =0.0.4, =0.4.0-beta.25, =0.4.0-beta.30, =0.4.0-beta.30, =0.4.0-beta.30, =0.0.1, =0.0.2, =2.34.0, =0.0.1, =0.0.1, =0.0.1-beta, =0.4.0, =0.4.0, =0.1.8-beta.8, =0.4.6 and more Source cves: CVE-2024-30253 Source advisory: OSV:GHSA-8M45-2RJM-J347...