CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2025/02/13 8:14 a.m.•5 views

Malicious code in solana-web3.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ae0ba85746959ae8f7ae3dc7a934de9e4cb299669dbb270322fa2d8871fd8326 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

OSV•added 2024/12/04 3:20 p.m.•4 views

CVE-2024-54134 @solana/web3.js modified package published to npm, containing malware that exfiltrates private key material

8.3CVSS6.7AI score0.00329EPSS

Vulnrichment•added 2024/12/04 3:20 p.m.•9 views

CVE-2024-54134 @solana/web3.js modified package published to npm, containing malware that exfiltrates private key material

8.3CVSS7AI score0.00329EPSS

Cvelist•added 2024/12/04 3:20 p.m.•17 views

CVE-2024-54134 @solana/web3.js modified package published to npm, containing malware that exfiltrates private key material

8.3CVSS0.00329EPSS

The Hacker News•added 2024/12/04 9:48 a.m.•6 views

Researchers Uncover Backdoor in Solana's Popular Web3.js npm Library

Cybersecurity researchers are alerting to a software supply chain attack targeting the popular @solana/web3.js npm library that involved pushing two malicious versions capable of harvesting users' private keys with an aim to drain their cryptocurrency wallets. The attack has been detected in...

8.3CVSS7.3AI score0.00329EPSS

CNNVD•added 2024/12/04 12:0 a.m.•4 views

solana/web3.js 信息泄露漏洞

solana/web3.js is a JavaScript library from Solana Labs. An information disclosure vulnerability exists in solana/web3.js versions 1.95.6 and 1.95.7, which stems from a vulnerability that allows an attacker to distribute unauthorized malicious packages that have been modified to steal private key...

8.3CVSS6.2AI score0.00329EPSS

OSSF Malicious Packages•added 2024/12/03 10:45 p.m.•5 views

Malicious code in @solana/web3.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 507e136eb7d13bd9c88a5e20d692768a759c2ae382d1ab54ba66c196b560cacb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

OSV•added 2024/12/03 10:45 p.m.•7 views

MAL-2024-11183 Malicious code in @solana/web3.js (npm)

7AI score

Positive Technologies•added 2024/12/02 12:0 a.m.•5 views

PT-2024-9247 · Solana · @Solana/Web3.Js

Name of the Vulnerable Software and Affected Versions: @solana/web3.js versions 1.95.6 through 1.95.7 Description: A publish-access account was compromised for @solana/web3.js, a JavaScript library commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious...

8.3CVSS6.3AI score0.00329EPSS

Exploits0References16

vulnersOsv•added 2024/04/17 6:21 p.m.•3 views

@brave/wallet-standard-brave (>=0.0.8 <=0.0.12), @oraichain/owallet-wallet-standard (>=0.1.0 <=0.1.1) +1 more potentially affected by CVE-2024-30253 via @solana/web3.js (=1.58.0)

@solana/web3.js NPM version =1.58.0 is affected by a known vulnerability. The following packages have a transitive dependency on @solana/web3.js and may be impacted: - @brave/wallet-standard-brave =0.0.8, =0.1.0, =0.1.6, =0.1.10 Source cves: CVE-2024-30253 Source advisory: OSV:GHSA-8M45-2RJM-J347...

vulnersOsv•added 2024/04/17 6:21 p.m.•1 views

@convexitydmcc/wallet-adapter-walletconnect (>=2.0.0-beta.26 <=2.0.0-rc.5), @renec-foundation/gasless-sdk (>=0.2.3 <=0.2.6) +1 more potentially affected by CVE-2024-30253 via @solana/web3.js (=1.48.0)

@solana/web3.js NPM version =1.48.0 is affected by a known vulnerability. The following packages have a transitive dependency on @solana/web3.js and may be impacted: - @convexitydmcc/wallet-adapter-walletconnect =2.0.0-beta.26, =0.2.3, =3.0.0, =6.3.0-profits-mercurial-rc8 Source cves:...

vulnersOsv•added 2024/04/17 6:21 p.m.•3 views

@arb-protocol/core (>=2.0.0-alpha.1 <=2.0.0-alpha.5), @arb-protocol/jupiter-adapter (>=2.0.0-alpha.5 <=2.0.0-alpha.6) +80 more potentially affected by CVE-2024-30253 via @solana/web3.js (=1.31.0)

@solana/web3.js NPM version =1.31.0 is affected by a known vulnerability. The following packages have a transitive dependency on @solana/web3.js and may be impacted: - @arb-protocol/core =2.0.0-alpha.1, =2.0.0-alpha.5, =2.0.0-alpha.1, =2.20.0, =1.0.1, =0.0.1, =0.0.1, =1.0.0, =0.2.0, =0.2.0, =0.0....

vulnersOsv•added 2024/04/17 6:21 p.m.•1 views

@abytecurious/serum (>=0.13.38 <=0.13.39), @arkecosystem/platform-sdk-sol (>=3.0.31 <=6.0.8) +67 more potentially affected by CVE-2024-30253 via @solana/web3.js (>=0.0.3 <=0.95.0)

@solana/web3.js NPM version =0.0.3, =0.13.38, =3.0.31, =0.0.1, =0.13.14, =0.1.0, =0.0.4, =1.0.1, =1.0.7, =1.0.1, =2.2.3, =0.0.6, =1.0.0, =1.1.0 and more Source cves: CVE-2024-30253 Source advisory: OSV:GHSA-8M45-2RJM-J347...

7.5CVSS7.2AI score0.00142EPSS

vulnersOsv•added 2024/04/17 6:21 p.m.•1 views

@arb-protocol/core (>=2.0.0-alpha.1 <=2.0.0-alpha.6), @arb-protocol/jupiter-adapter (>=2.0.0-alpha.5 <=2.0.0-alpha.6) +18 more potentially affected by CVE-2024-30253 via @solana/web3.js (=1.69.0)

@solana/web3.js NPM version =1.69.0 is affected by a known vulnerability. The following packages have a transitive dependency on @solana/web3.js and may be impacted: - @arb-protocol/core =2.0.0-alpha.1, =2.0.0-alpha.5, =2.0.0-alpha.1, =0.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1.1, =0.1.8, =1.0.63, =1.0....

vulnersOsv•added 2024/04/17 6:21 p.m.•2 views

@beeman/my-anchor-app-anchor (=0.0.1), @epplex-xyz/sdk (>=0.1.42 <=0.3.0) +1 more potentially affected by CVE-2024-30253 via @solana/web3.js (=1.90.0)

@solana/web3.js NPM version =1.90.0 is affected by a known vulnerability. The following packages have a transitive dependency on @solana/web3.js and may be impacted: - @beeman/my-anchor-app-anchor =0.0.1 - @epplex-xyz/sdk =0.1.42, =0.0.1, =0.1.2 Source cves: CVE-2024-30253 Source advisory:...