npm package
@ensdomains/ens-contracts
pkg:npm/%40ensdomains/ens-contracts
Malware
2 malicious versions on record
One or more versions of this package have been flagged as containing malicious code. Audit any system that installed an affected version.
- MAL-2025-190931Malicious code in @ensdomains/ens-contracts (npm)Nov 24, 2025
- GHSA-58x9-4xmp-8mg5Malware in @ensdomains/ens-contractsNov 24, 2025
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-22866 | — | <= 1.6.2 | — | Feb 25, 2026 | Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the `RSASHA256Algorithm` and `RSASHA1Algorithm` contracts fail to validate PKCS#1 v1.5 padding structure when verifying RSA signatures. | ||
| CVE-2023-38698 | — | < 0.0.22 | 0.0.22 | Aug 4, 2023 | Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or re |
- CVE-2026-22866Feb 25, 2026affected <= 1.6.2
Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the `RSASHA256Algorithm` and `RSASHA1Algorithm` contracts fail to validate PKCS#1 v1.5 padding structure when verifying RSA signatures.
- CVE-2023-38698Aug 4, 2023affected < 0.0.22fixed 0.0.22
Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or re