Shared-library version with known-vuln status

Axelar Network's assessment for RD-F-135 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

The primary EVM shared library is @axelar-network/axelar-gmp-sdk-solidity v6.0.6 (Axelar's own library - no OZ/Solady production dependency in axelar-cgp-solidity). The Go Cosmos SDK dependency is pinned to an Axelar fork (0.50.14) with no confirmed high/critical GHSA advisory found. No CVE for the pinned Cosmos SDK version identified.

Sources #

GitHub
axelar-cgp-solidity - Library Vulnerability Statuspackage.json: no OZ/Solady dependency; single dep is axelar-internal gmp-sdk-solidity 6.0.6retrieved 2026-05-17
GitHub
axelar-core go.mod - Library Vulnerability Statusaxelar-core go.mod: Cosmos SDK 0.50.14 (Axelar fork) - no confirmed CVEretrieved 2026-05-17

Methodology #

Identify the version of key shared libraries (OZ, Solady, Solmate) used and check against CVE/GHSA databases for any active advisory.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol axelar factor RD-F-135 score green collected_at 2026-05-16 21:57:49