pypi
Malicious solana-web3-alt @0.37.1
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 4:30 AM UTC
OSV ID
MAL-2026-3835
Ecosystem
pypi
Summary
In specific environments, the package triggers silent code execution during installation. The code to execute is not included in the package. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-05-foundry-utils Reasons (based on the campaign): - dependency-confusion - other
Source: kam193 (b3846bb2c80cb984e05f37cddc24548b73067be9aaca692e401a06f7c323e7b9)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.