Lucene search
K

10 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 5:15 p.m.13 views

Malicious code in @solana-labs/spl-toke (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 490ce5d7e43d8a79aa85bbd24e7140ed074eee472f375092ab9b4cd650ce41f8 Package name @solana-labs/spl-toke is a one-character omission of the legitimate @solana-labs/spl-token package, abusing the official Solana Labs...

5.3AI score
Exploits0References8
Snyk
Snyk
added 2026/06/11 9:0 p.m.7 views

Malicious Package

Overview spl-token-py is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
OSV
OSV
added 2026/06/08 10:19 p.m.14 views

MAL-2026-5339 Malicious code in spl-token-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e05ba3043dc87365ee0b1dc44cc58243b34b6cdccdf258c5bb9218a06a65d336 On import spltokenpy, the package's init.py collects sensitive files from the installer's machine — /.config/solana/id.json Solana wallet key,...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/08 10:19 p.m.10 views

Malicious code in spl-token-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e05ba3043dc87365ee0b1dc44cc58243b34b6cdccdf258c5bb9218a06a65d336 On import spltokenpy, the package's init.py collects sensitive files from the installer's machine — /.config/solana/id.json Solana wallet key,...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/07/12 4:16 a.m.6 views

Malicious code in spl-token-v2 (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e11bf75d7bf296658cc93ae700f5656d24c455151b1cb8db46389ec375fbc286 Any computer that has this package installed or running should be considered...

6.8AI score
Exploits0References1
OSV
OSV
added 2025/07/12 4:16 a.m.3 views

MAL-2025-6127 Malicious code in spl-token-v2 (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e11bf75d7bf296658cc93ae700f5656d24c455151b1cb8db46389ec375fbc286 Any computer that has this package installed or running should be considered...

7AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2024/12/23 7:29 p.m.7 views

rcc-solana (=0.1.0) potentially affected by unknown CVE via spl-token-swap (=3.0.0)

spl-token-swap CARGO version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on spl-token-swap and may be impacted: - rcc-solana =0.1.0 Source cves: unknown CVE Source advisory: OSV:GHSA-H6XM-C6R4-VMWF...

5.8AI score
Exploits0
OSV
OSV
added 2024/12/23 7:29 p.m.1 views

GHSA-H6XM-C6R4-VMWF Unsound usages of `u8` type casting in spl-token-swap

The library provides a safe public API unpack to cast u8 array to arbitrary types, which can cause to undefined behaviors. The length check of array can only prevent out-of-bound access on the return type. However, it can't prevent misaligned pointer when casting u8 pointer to a type aligned to...

6AI score
Exploits0References3
OSV
OSV
added 2024/10/16 2:51 p.m.9 views

MAL-2024-10167 Malicious code in spl-token (PyPI)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/16 2:51 p.m.8 views

Malicious code in spl-token (PyPI)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
Rows per page
Query Builder