4 matches found
MAL-2025-2620 Malicious code in solana-headless-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fafc63ce82d201d229734c0ac36321f32d7ed82682cfc4afbcb8fcf20787d95d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
@glow-app/solana-client (>=0.4.0 <=0.5.1), @zetamarkets/flex-sdk (>=0.6.3 <=0.15.0) +8 more potentially affected by CVE-2024-30253 via @solana/web3.js (>=1.43.4 <=1.43.6)
@solana/web3.js NPM version =1.43.4, =0.4.0, =0.6.3, =0.1.1, =0.0.1, =1.4.0, =0.1.0, =1.0.4, =1.4.1 Source cves: CVE-2024-30253 Source advisory: OSV:GHSA-8M45-2RJM-J347...
Permanent DOS in liquidity_lockbox for under $10
Lines of code Vulnerability details Impact The liquiditylockbox contract in the lockbox-solana project is vulnerable to permanent DOS due to its storage limitations. The contract uses a Program Derived Address PDA as a data account, which is created with a maximum size limit of 10 KB. Every time...
0xppl-solana-portfolio (=1.0.0), 0xuath-sdk-react (>=0.0.2 <=0.0.23) +6453 more potentially affected by CVE-2025-3194 via bigint-buffer (=1.1.5)
bigint-buffer NPM version =1.1.5 is affected by a known vulnerability. The following packages have a transitive dependency on bigint-buffer and may be impacted: - 0xppl-solana-portfolio =1.0.0 - 0xuath-sdk-react =0.0.2, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.0, =0.0.77, =0.2.0, =0.1.1,...