Browse all 4 CVE security advisories affecting solana-labs. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-54134 | @solana/web3.js modified package published to npm, containing malware that exfiltrates private key material — solana-web3.jsCWE-200 | 8.6 | - | 2024-12-04 |
| CVE-2024-30253 | Handling untrusted input can result in a crash, leading to loss of availability / denial of service — solana-web3.jsCWE-119 | 7.5 | High | 2024-04-17 |
| CVE-2022-35917 | Weakness in Transfer Validation Logic in @solana/pay — solana-payCWE-670 | 5.3 | Medium | 2022-08-01 |
| CVE-2022-23066 | Solana rBPF - Incorrect Calculation in sdiv instruction — rbpfCWE-682 | 9.1 | Critical | 2022-05-09 |
This page lists every published CVE security advisory associated with solana-labs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.