x402 SDK Security Advisory

Impact A security vulnerability exists in outdated versions of the x402 SDK. This vulnerability does not affect users' private keys, smart contracts, or funds. The issue impacts resource servers accepting payments on Solana when the facilitator is running a vulnerable version of the x402 SDK. Who...

2sio (>=0.1.0 <=0.1.5), 4mica-x402 (>=0.1.0 <=1.2.3) +49 more potentially affected by unknown CVE via x402 (>=0.2.1 <=2.12.0)

x402 PYPI version =0.2.1, =0.1.0, =0.1.0, =0.2.0, =1.0.0, =0.0.15, =0.3.14, =0.1.0, =0.1.1, =0.7.0, =0.5.4, =0.1.0, =0.1.0, =0.3.0, =0.3.5 and more Source cves: unknown CVE Source advisory: OSV:GHSA-QR2G-P6Q7-W82M...

EUVD-2025-29434

Malicious code in bioql PyPI...

@6missedcalls-ai/zora-mcp-server (>=0.1.2 <=0.1.3), @aurracloud/agentkit (>=0.9.0 <=0.10.0) +31 more potentially affected by unknown CVE via x402 (>=0.1.2 <=0.4.3)

x402 NPM version =0.1.2, =0.1.2, =0.9.0, =0.1.0-alpha.1, =0.0.1, =0.0.1, =0.0.1, =0.0.0-nightly-20250711210411, =0.3.0, =0.0.3, =0.1.2, =0.1.3 - @openflow-sh/sdk =1.0.0 - @thorium-dev-group/x402-mcp-extension =0.1.0 and more Source cves: unknown CVE Source advisory: SNYK:JS-X402-12239904...

@6missedcalls-ai/zora-mcp-server (>=0.1.2 <=0.1.3), @aurracloud/agentkit (>=0.9.0 <=0.10.0) +31 more potentially affected by unknown CVE via x402 (>=0.1.2 <=0.4.3)

x402 NPM version =0.1.2, =0.1.2, =0.9.0, =0.1.0-alpha.1, =0.0.1, =0.0.1, =0.0.1, =0.0.0-nightly-20250711210411, =0.3.0, =0.0.3, =0.1.2, =0.1.3 - @openflow-sh/sdk =1.0.0 - @thorium-dev-group/x402-mcp-extension =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-3J63-5H8P-GF7C...