Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Advisories

High

GSA_kwCzR0hTQS00aDk4LTI3NjktZ2g2aM4AAuFk

OpenZeppelin Contracts vulnerable to ECDSA signature malleability
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: 6 months ago

High

GSA_kwCzR0hTQS14cmM0LTczN3YtOXE3Nc4AAuFh

OpenZeppelin Contracts's GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: 6 months ago

Moderate

GSA_kwCzR0hTQS05ajNtLWczODMtMjlxcs4AAuAp

OpenZeppelin Contracts's Cross chain utilities for Arbitrum L2 see EOA calls as cross chain calls
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: 6 months ago

Moderate

GSA_kwCzR0hTQS03Z3JmLTgzdnctNmY1eM4AAuAo

OpenZeppelin Contracts ERC165Checker unbounded gas consumption
Ecosystems: npm
Packages: openzeppelin-eth, @openzeppelin/contracts-upgradeable, openzeppelin-solidity, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: 6 months ago

High

GSA_kwCzR0hTQS00ZzYzLWM2NG0tMjV3Oc4AAtkM

OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: 7 months ago

High

GSA_kwCzR0hTQS1xaDl4LWdjZmgtcGNyd84AAtkL

OpenZeppelin Contracts's ERC165Checker may revert instead of returning false
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: 7 months ago

High

GSA_kwCzR0hTQS04OGc4LWY1bWYtZjVyas0o5A

Improper Initialization in OpenZeppelin
Ecosystems: npm
Packages: @openzeppelin/contracts
Source: GitHub Advisory Database
Published: about 1 year ago

Moderate

GSA_kwCzR0hTQS1tNnc4LWZxN3YtcGg0bc0h8A

GovernorCompatibilityBravo incorrect ABI encoding may lead to unexpected behavior
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: about 1 year ago

Moderate

GSA_kwCzR0hTQS05YzIyLXB3eHctcDZoeM0bQg

OpenZeppelin Contracts initializer reentrancy may lead to double initialization
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: about 1 year ago

Low

GSA_kwCzR0hTQS13bXB2LWMyanAtajJ4Z80XOg

ERC1155Supply vulnerability in OpenZeppelin Contracts
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: about 1 year ago

Critical

GSA_kwCzR0hTQS01dnAzLXY0aGMtZ3g3Ns0VxA

UUPSUpgradeable vulnerability in @openzeppelin/contracts
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: over 1 year ago

Critical

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZnNDctM2MyeC1tMndy

TimelockController vulnerability in OpenZeppelin Contracts
Ecosystems: npm
Packages: @openzeppelin/contracts
Source: GitHub Advisory Database
Published: over 1 year ago

Filter by Severity

Moderate 4,475 High 4,156 Critical 1,894 Low 621

Filter by Ecosystem

maven 3,466 npm 2,960 pypi 2,374 packagist 1,397 go 942 nuget 901 rubygems 640 cargo 575 hex 21 actions 6 pub 4

Filter by Package

parse-server 23 electron 19 marked 16 swagger-ui 14 strapi 14 handlebars 13 @openzeppelin/contracts-upgradeable 13 @openzeppelin/contracts 12 sequelize 12 next 12 ckeditor4 10 tinymce 10 jquery 9 validator 9 serve 9 ghost 8 url-parse 8 nodebb 8 urijs 8 steal 8 jquery-ui 8 npm 8 node-forge 8 systeminformation 7 tar 7 total.js 7 jsrsasign 7 keystone 7 snyk-broker 7 next-auth 7 hapi 7 angular 7 hermes-engine 7 lodash 7 express-cart 6 parse-url 6 bootstrap 6 aaptjs 6 shescape 5 ua-parser-js 5 matrix-js-sdk 5 rendertron 5 dojo 5 joplin 5 ecstatic 5 safer-eval 5 dns-sync 5 @strapi/strapi 5 vm2 5 qs 5 moment 5 public 5 sanitize-html 5 jsonwebtoken 5 lodash-es 5 undici 5 editor.md 5 prismjs 5 aws-iot-device-sdk-v2 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 simple-git 4 auth0-js 4 sweetalert2 4 matrix-appservice-irc 4 muhammara 4 yarn 4 hummus 4 generator-jhipster 4 apostrophe 4 nocodb 4 valine 4 awsiotsdk 4 highcharts 4 is-my-json-valid 4 safe-eval 4 mermaid 4 directus 4 xmldom 4 materialize-css 4 ejs 4 tinymce/tinymce 4 TinyMCE 4 realms-shim 4 fastify 4 openpgp 4 ws 4 remarkable 4 auth0-lock 4 xdLocalStorage 3 jwt-simple 3 mixme 3 rsshub 3 static-eval 3 jspdf 3 nadesiko3 3 bson 3 jointjs 3 ftp-srv 3 engine.io 3 axios 3 loader-utils 3 node-red-dashboard 3 @hapi/subtext 3 subtext 3 bin-links 3 mongoose 3 lodash.merge 3 apollo-server 3 harp 3 immer 3 dompurify 3 node-opcua 3 raneto 3 apollo-server-core 3 hekto 3 https-proxy-agent 3 protobufjs 3 aedes 3 object-path 3 froala-editor 3 json-pointer 3 @uppy/companion 3 minimist 3 slpjs 3 yapi-vendor 3 convert-svg-core 3 jquery-validation 3 vditor 3 node-ipc 3 grunt 3 mathjs 3 node-fetch 3 send 3 notevil 3 sails 3 feathers-sequelize 3 json-ptr 3 @backstage/plugin-scaffolder-backend 3 convict 3 mongo-express 3 org.webjars.npm:xlsx 3 simplehttpserver 3 xlsx 3 locutus 3 @backstage/techdocs-common 3 codecov 3 matrix-react-sdk 3 socket.io-file 3 @ckeditor/ckeditor5-markdown-gfm 3 uap-core 3 glance 3 @commercial/subtext 3 parsel 3 http-live-simulator 3 lodash.defaultsdeep 3 lodash.mergewith 3 buttle 3 serialize-to-js 3 m-server 3 slp-validate 3 dojox 3 ids-enterprise 3 localhost-now 3 js-yaml 3 uglify-js 3 acorn 2 decal 2 macaddress 2 node-rules 2 lazysizes 2 google-closure-library 2 http-proxy-agent 2 waterline-sequel 2 sshpk 2 merge 2 whereis 2 @node-red/runtime 2 docsify 2 canvas 2 xmlhttprequest-ssl 2 highlight.js 2 sockjs 2 isolated-vm 2 electron-markdownify 2 jose-browser-runtime 2 async-git 2 multi-ini 2 braces 2 papaparse 2 @hapi/hoek 2 express-fileupload 2 st 2 tough-cookie 2 mustache 2 ssri 2 mqtt 2 @curveball/a12n-server 2 rollup-plugin-server 2 generator-jhipster-kotlin 2 aegir 2 statics-server 2 vp-toolkit 2 assign-deep 2 set-value 2 status-board 2 http-file-server 2 typeorm 2 jquery.terminal 2 @cubejs-backend/api-gateway 2 mqtt-packet 2 simple-markdown 2 bleach 2 jquery.json-viewer 2 takeapeek 2 node-red 2 node-sass 2 loopback-connector-mongodb 2 react 2 netmask 2 ses 2 yeoman-genrator 2 saml2-js 2 ibm_db 2 json-serializer 2 node-saml 2 quill 2 debug 2 snyk 2 fastify-static 2 css-what 2 loopback 2 set-in 2 defaults-deep 2 elliptic 2 flatmap-stream 2 eslint-config-eslint 2 angular-expressions 2 minimatch 2 dotty 2 jose 2 jose-node-cjs-runtime 2 jose-node-esm-runtime 2 fs-path 2 detect-character-encoding 2 moment-timezone 2 constantinople 2 @actions/core 2 knockout 2 list-n-stream 2 node-simple-router 2 renovate 2 mysql 2 tomato 2 deep-get-set 2 serve-lite 2 serialize-javascript 2 bootstrap-table 2 blamer 2 deap 2 eta 2 mout 2 dot 2 Moment.js 2 fastify-csrf 2 querymen 2 crud-file-server 2 fast-string-search 2 jsuites 2 @finastra/nestjs-proxy 2 jszip 2 jpeg-js 2 giting 2 shell-quote 2 semver-regex 2 ungit 2 socket.io 2 @xmldom/xmldom 2 @keystone-6/core 2 code-server 2 i18next 2 sds 2 mapbox.js 2 keycloak-connect 2 html-janitor 2 ms 2 madlib-object-utils 2 express-openid-connect 2 passport-saml 2 rgb2hex 2 libnested 2 bodymen 2 lodash-amd 2 swagger-ui-dist 2 shelljs 2 @finastra/ssr-pages 2 oauth2-server 2 reveal.js 2 karma 2 @strikeentco/set 2 bmoor 2