GHSA-x468-phr8-h3p3

Suggest an improvement
Source
https://github.com/advisories/GHSA-x468-phr8-h3p3
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/02/GHSA-x468-phr8-h3p3/GHSA-x468-phr8-h3p3.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-x468-phr8-h3p3
Published
2026-02-06T20:59:26Z
Modified
2026-02-06T21:55:21.116497Z
Summary
`uniswap-utils` was removed from crates.io for malicious code
Details

It depended on the evm-units crate, which appeared to be attempting to steal cryptocurrency.

Database specific 
{
    "nvd_published_at": null,
    "github_reviewed": true,
    "cwe_ids": [],
    "github_reviewed_at": "2026-02-06T20:59:26Z",
    "severity": "CRITICAL"
}
References

Affected packages

crates.io / uniswap-utils

Package

Name
uniswap-utils
View open source insights on deps.dev
Purl
pkg:cargo/uniswap-utils

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/02/GHSA-x468-phr8-h3p3/GHSA-x468-phr8-h3p3.json"