Browse all 4 CVE security advisories affecting solana-labs. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Solana Labs develops a high-performance blockchain platform focused on decentralized applications and crypto assets. Historically, their systems have been susceptible to remote code execution and cross-site scripting vulnerabilities, often stemming from API endpoints and smart contract implementations. The platform has experienced notable security incidents, including a $320 million exploit in 2022 affecting the Wormhole cross-chain protocol. While maintaining a relatively low CVE count compared to other blockchain ecosystems, Solana's rapid growth and complex architecture present ongoing security challenges, particularly around smart contract vulnerabilities and cross-chain interoperability risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-54134 | @solana/web3.js modified package published to npm, containing malware that exfiltrates private key material — solana-web3.jsCWE-200 | 8.6 | - | 2024-12-04 |
| CVE-2024-30253 | Handling untrusted input can result in a crash, leading to loss of availability / denial of service — solana-web3.jsCWE-119 | 7.5 | High | 2024-04-17 |
| CVE-2022-35917 | Weakness in Transfer Validation Logic in @solana/pay — solana-payCWE-670 | 5.3 | Medium | 2022-08-01 |
| CVE-2022-23066 | Solana rBPF - Incorrect Calculation in sdiv instruction — rbpfCWE-682 | 9.1 | Critical | 2022-05-09 |
This page lists every published CVE security advisory associated with solana-labs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.