VYPR

npm package

@solana/web3.js

pkg:npm/%40solana/web3.js

Malware

2 malicious versions on record

One or more versions of this package have been flagged as containing malicious code. Audit any system that installed an affected version.

Vulnerabilities (2)

  • CVE-2024-54134HigDec 4, 2024
    affected >= 1.95.6, < 1.95.8fixed 1.95.8

    A publish-access account was compromised for `@solana/web3.js`, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from

  • CVE-2024-30253HigApr 17, 2024
    affected >= 1.91.0, < 1.91.3fixed 1.91.3

    @solana/web3.js is the Solana JavaScript SDK. Using particular inputs with `@solana/web3.js` will result in memory exhaustion (OOM). If you have a server, client, mobile, or desktop product that accepts untrusted input for use with `@solana/web3.js`, your application/service may