Shared-library version with known-vuln status

Kamino Lend's assessment for RD-F-135 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No known high/critical CVEs or GHSA advisories for Anchor 0.29.0, SPL token 3.5.0, Solana ~1.17.18, pyth-solana-receiver-sdk 0.3.1, or fixed 1.23.1.

Detail #

WebSearch for Anchor 0.29.0 and SPL token 3.5.0 advisories returned no high/critical hits. Pyth-solana-receiver-sdk 0.3.1 and fixed 1.23.1 (fixed-point arithmetic) have no known high/critical CVEs found. Rust dependencies generally have fewer CVEs than their npm counterparts.

Sources #

GitHub
klend programs Cargo.tomlprograms/klend/Cargo.toml — library versions reviewed against GHSAretrieved 2026-04-27

Methodology #

Identify the version of key shared libraries (OZ, Solady, Solmate) used and check against CVE/GHSA databases for any active advisory.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol kamino-lend factor RD-F-135 score green collected_at 2026-04-30 21:19:16