| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-40072 | web3.py affected by SSRF via CCIP Read (EIP-3668) OffchainLookup URL handling | ethereum | web3.py | - | - | 2026-04-09 17:41:15 | Deep Dive |
| CVE-2024-12265 | Web3 Cryptocurrency Payments by DePay for WooCommerce <= 2.12.17 - Missing Authorization to Information Exposure | depayfi | Web3 Crypto Payments by DePay for WooCommerce | Medium | 5.3 | 2024-12-12 05:24:24 | Deep Dive |
| CVE-2024-54134 | @solana/web3.js modified package published to npm, containing malware that exfiltrates private key material | solana-labs | solana-web3.js | 中危 | - | 2024-12-04 15:20:54 | Deep Dive |
| CVE-2024-11365 | Crypto and DeFi Widgets – Web3 Cryptocurrency Shortcodes <= 1.1.6 - Reflected Cross-Site Scripting | securityforce | Crypto and DeFi Widgets – Web3 Cryptocurrency Shortcodes | Medium | 6.1 | 2024-11-21 02:06:48 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-30253 | Handling untrusted input can result in a crash, leading to loss of availability / denial of service | solana-labs | solana-web3.js | High | 7.5 | 2024-04-17 15:07:28 | Deep Dive |
| CVE-2024-21505 | Web3.js 安全漏洞 | - | web3-utils | High | 7.5 | 2024-03-25 05:00:01 | Deep Dive |
| CVE-2023-6036 | Web3 – Crypto wallet Login & NFT token gating < 3.0.0 - Authentication Bypass | Unknown | Web3 | 中危 | - | 2024-02-12 16:06:01 | Deep Dive |
| CVE-2023-3249 | Web3 – Crypto wallet Login & NFT token gating <= 2.6.0 - Authentication Bypass | cyberlord92 | Web3 – Crypto wallet Login & NFT token gating | Critical | 9.8 | 2023-06-30 01:56:18 | Deep Dive |
| CVE-2023-30543 | `chainId` may be outdated if user changes chains as part of connection in @web3-react | Uniswap | web3-react | Medium | 5.2 | 2023-04-17 21:02:21 | Deep Dive |