Dependency had malicious-release incident (last 90d)

Aave v3's assessment for RD-F-134 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No malicious-release incident affecting Aave v3's npm/PyPI/crates.io dependencies flagged in trailing 90 days (Jan 27 – Apr 27, 2026). No GitHub security advisories affecting Aave's OZ or Solady dependencies identified.

Sources #

URL
aave-v3-origin Dependency SecurityGitHub Security Advisories for aave-dao/aave-v3-origin dependencies (no flag)retrieved 2026-04-27

Methodology #

Determine whether any npm/PyPI/crates.io dependency of this protocol had a flagged malicious release in the trailing 90 days.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol aave-v3 factor RD-F-134 score green collected_at 2026-04-27 23:28:46