38 matches found
MetaMask: Authorization Bypass in Starknet Snap via enableAuthorize parameter leads to unauthorized transaction signing
A critical security vulnerability was discovered in the Starknet Snap by Consensys. The vulnerability allowed malicious websites to bypass user authorization when signing messages or transactions. The vulnerability existed in the enableAuthorize parameter, which could be controlled by any website...
CVE-2022-31153
OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Rollup. Version 0.2.0 is vulnerable to an error that renders account contracts unusable on live networks. This issue affects all accounts vanilla and ethereum flavors in the...
EUVD-2025-8645
Malicious code in bioql PyPI...
EUVD-2024-41428
Malicious code in bioql PyPI...
EUVD-2023-0188
Malicious code in bioql PyPI...
EUVD-2022-0403
Malicious code in bioql PyPI...
CVE-2024-45304
Cairo-Contracts are OpenZeppelin Contracts written in Cairo for Starknet, a decentralized ZK Rollup. This vulnerability can lead to unauthorized ownership transfer, contrary to the original owner's intention of leaving the contract without an owner. It introduces a security risk where an unintend...
Malicious code in starknet-types-07 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c4257a42e91ceb1eb932505422c26d2179850b3baaa3b7c26bd79f4495543280 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4288 Malicious code in starknet-types-07 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c4257a42e91ceb1eb932505422c26d2179850b3baaa3b7c26bd79f4495543280 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Integer Overflow
cairo-lang-starknet-classes is vulnerable to Integer overflow. The vulnerability is due to improper bounds checking in the Sierra bytecode decompression logic of the cairo-lang-starknet-classes library, allows an integer overflow to occur when processing malicious Declare v2/v3 transactions...
SUSE CVE-2025-29072
An integer overflow in Nethermind Juno before v.12.05 within the Sierra bytecode decompression logic within the "cairo-lang-starknet-classes" library could allow remote attackers to trigger an infinite loop and high CPU usage by submitting a malicious Declare v2/v3 transaction. This results in a...
CVE-2025-29072
An integer overflow in Nethermind Juno before v.12.05 within the Sierra bytecode decompression logic within the "cairo-lang-starknet-classes" library could allow remote attackers to trigger an infinite loop and high CPU usage by submitting a malicious Declare v2/v3 transaction. This results in a...
Nethermind Juno Potential Denial of Service (DoS) via Integer Overflow
An integer overflow in Nethermind Juno before v0.12.5 within the Sierra bytecode decompression logic within the "cairo-lang-starknet-classes" library could allow remote attackers to trigger an infinite loop and high CPU usage by submitting a malicious Declare v2/v3 transaction. This results in a...
CVE-2025-29072
An integer overflow in Nethermind Juno before v.12.05 within the Sierra bytecode decompression logic within the "cairo-lang-starknet-classes" library could allow remote attackers to trigger an infinite loop and high CPU usage by submitting a malicious Declare v2/v3 transaction. This results in a...
CVE-2025-29072
An integer overflow in Nethermind Juno before v.12.05 within the Sierra bytecode decompression logic within the "cairo-lang-starknet-classes" library could allow remote attackers to trigger an infinite loop and high CPU usage by submitting a malicious Declare v2/v3 transaction. This results in a...
juno 输入验证错误漏洞
juno is a library from the Nethermind community designed to decentralize Starknet. An input validation error vulnerability exists in juno versions prior to 0.12.5, which stems from an integer overflow and could lead to an infinite loop and denial of service...
CVE-2024-45304
Cairo-Contracts are OpenZeppelin Contracts written in Cairo for Starknet, a decentralized ZK Rollup. This vulnerability can lead to unauthorized ownership transfer, contrary to the original owner's intention of leaving the contract without an owner. It introduces a security risk where an unintend...
CVE-2024-45304 OwnableTwoStep allows a pending owner to accept ownership after the original owner has renounced ownership in cairo-contracts
Cairo-Contracts are OpenZeppelin Contracts written in Cairo for Starknet, a decentralized ZK Rollup. This vulnerability can lead to unauthorized ownership transfer, contrary to the original owner's intention of leaving the contract without an owner. It introduces a security risk where an unintend...
CVE-2024-45304 OwnableTwoStep allows a pending owner to accept ownership after the original owner has renounced ownership in cairo-contracts
Cairo-Contracts are OpenZeppelin Contracts written in Cairo for Starknet, a decentralized ZK Rollup. This vulnerability can lead to unauthorized ownership transfer, contrary to the original owner's intention of leaving the contract without an owner. It introduces a security risk where an unintend...
CVE-2024-45304 OwnableTwoStep allows a pending owner to accept ownership after the original owner has renounced ownership in cairo-contracts
Cairo-Contracts are OpenZeppelin Contracts written in Cairo for Starknet, a decentralized ZK Rollup. This vulnerability can lead to unauthorized ownership transfer, contrary to the original owner's intention of leaving the contract without an owner. It introduces a security risk where an unintend...