Malicious code in bucket-protocol-sdk-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e19ff8a6cb5a08bd0561658d41dfe3616f1680bc5acac989c97da38f37ee41b4 bucket-protocol-sdk-v2 advertises itself as a 'community maintained drop-in replacement' for the Sui ecosystem's bucket-protocol-sdk, but its src/ tr...

MAL-2026-4502 Malicious code in bucket-protocol-sdk-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e19ff8a6cb5a08bd0561658d41dfe3616f1680bc5acac989c97da38f37ee41b4 bucket-protocol-sdk-v2 advertises itself as a 'community maintained drop-in replacement' for the Sui ecosystem's bucket-protocol-sdk, but its src/ tr...

GHSA-QPRH-M6P3-HWXC `sui-execution-cut` was removed from crates.io for malicious code

sui-execution-cut included a build script that attempted to exfiltrate data from the build machine. The malicious crate had 1 version published on 2026-04-20 and had no evidence of actual usage. This crate had no dependencies on crates.io...

PT-2026-37360

sui-execution-cut included a build script that attempted to exfiltrate data from the build machine. The malicious crate had 1 version published on 2026-04-20 and had no evidence of actual usage. This crate had no dependencies on crates.io...

RUSTSEC-2026-0108 `sui-execution-cut` was removed from crates.io for malicious code

sui-execution-cut included a build script that attempted to exfiltrate data from the build machine. The malicious crate had 1 version published on 2026-04-20 and had no evidence of actual usage. This crate had no dependencies on crates.io...

`sui-execution-cut` was removed from crates.io for malicious code

sui-execution-cut included a build script that attempted to exfiltrate data from the build machine. The malicious crate had 1 version published on 2026-04-20 and had no evidence of actual usage. This crate had no dependencies on crates.io...

Malicious Package

Overview xpack-sui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious code in xpack-sui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6569d492596cfa28e2627bd747ac4bd380bf9ff0e7ce0d931036e5f8de9ed276 The package xpack-sui was found to contain malicious code. Source: ghsa-malware 3fab32aa3396f63ec52f77a3d6ba319776c90390afa1264937a1537dde583443 Any...

MAL-2026-1161 Malicious code in xpack-sui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6569d492596cfa28e2627bd747ac4bd380bf9ff0e7ce0d931036e5f8de9ed276 The package xpack-sui was found to contain malicious code. Source: ghsa-malware 3fab32aa3396f63ec52f77a3d6ba319776c90390afa1264937a1537dde583443 Any...

Malicious Package

Overview @row-components/pricing-embedded-sui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...

Malicious code in @row-components/pricing-embedded-sui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63928e8cf0861bfa8d3def2e822d818c038315c0a9d5918b6f27aeaab7ec9e3a The package @row-components/pricing-embedded-sui was found to contain malicious code. Source: ghsa-malware...

MAL-2026-526 Malicious code in @row-components/pricing-embedded-sui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63928e8cf0861bfa8d3def2e822d818c038315c0a9d5918b6f27aeaab7ec9e3a The package @row-components/pricing-embedded-sui was found to contain malicious code. Source: ghsa-malware...

CVE-2019-2239

Sanity checks are missing in layout which can lead to SUI Corruption or can lead to Denial of Service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon...

atomkraft (>=0.0.1 <=0.1.2), bitcoin-utils (>=0.6.1 <=0.7.1) +14 more potentially affected by CVE-2025-69277 via hdwallet (>=0.2.0 <=3.4.0)

hdwallet PYPI version =0.2.0, =0.0.1, =0.6.1, =1.3.6, =0.1.5, =0.1.4, =0.1.6, =0.1.0, =0.1.0, =0.0.2, =0.2.3, =0.1.0, =5.1.0, =0.3.0, =0.5.0a1 and more Source cves: CVE-2025-69277 Source advisory: OSV:GHSA-MRFV-M5WM-5W6W...

sui_vulnerable_vault

I will update this project in the future. Now, we have to co...

@0xfutbol/id (>=2.0.0 <=2.0.200), @0xkamal7/sui-agent (>=1.1.2 <=1.1.5) +1691 more potentially affected by CVE-2025-66020 via valibot (>=0.31.0-rc.4 <=1.1.0)

valibot NPM version =0.31.0-rc.4, =2.0.0, =1.1.2, =1.2.0-pre.92, =1.2.0-pre.24, =1.2.0-pre.24, =0.0.1, =0.0.1, =0.0.1, =1.2.0-pre.64, =0.0.1, =0.0.1, =0.5.9, =0.5.18, =0.0.2-beta.0, =0.1.1-beta.1, =0.2.0 and more Source cves: CVE-2025-66020 Source advisory: SNYK:JS-VALIBOT-14122017...

Fake Chrome Extension "Safery" Steals Ethereum Wallet Seed Phrases Using Sui Blockchain

Cybersecurity researchers have uncovered a malicious Chrome extension that poses as a legitimate Ethereum wallet but harbors functionality to exfiltrate users' seed phrases. The name of the extension is "Safery: Ethereum Wallet," with the threat actor describing it as a "secure wallet for managin...

Malicious code in tanura-sui-dafuni (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf53cf6d4f9aeb63b3cc7271fe219b212aaa603bb38c8326cfa19bda900e12a6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-178796 Malicious code in tanura-sui-dafun (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ed7c0fd0783ab7ce2c2b421f10e908a8fcf1d944a0f8fb8f5110c39e2009e62 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-176239 Malicious code in munufafai-sui-cagafs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d65323b3cb7209f68abd6d988f66227f5f5ab985186e04bb01f56a4e1b9815d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...