Shared-library version with known-vuln status

Marinade Finance's assessment for RD-F-135 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Key shared library versions: anchor-lang 0.27.0, anchor-spl 0.27.0, spl-token 3.5.0. No CVE or GHSA advisory found for anchor-lang 0.27.0, anchor-spl 0.27.0, or spl-token 3.5.0 at high/critical severity. Note: anchor 0.27.0 is an older release (current is 0.30.x as of 2026) but not end-of-life and has no known active security advisories. The program code was frozen at the Nov 2023 audit state — dependency upgrade risk is a governance/ops concern rather than a current CVE finding.

Sources #

URL
anchor-lang crates.iocrates.io anchor-lang — version history and no active security advisory for 0.27.0retrieved 2026-05-16
GitHub
Marinade programs/marinade-finance/Cargo.tomlprograms/marinade-finance/Cargo.toml anchor-lang 0.27.0retrieved 2026-05-16

Methodology #

Identify the version of key shared libraries (OZ, Solady, Solmate) used and check against CVE/GHSA databases for any active advisory.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol marinade factor RD-F-135 score green collected_at 2026-05-16 08:48:35