Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
npm @openzeppelin/contracts Security Advisories
Browse all Security Advisories for npm @openzeppelin/contracts
Loading...
Low
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
GSA_kwCzR0hTQS05dng2LTd4eGYteDk2N84AA5qR
OpenZeppelin Contracts base64 encoding may read from potentially dirty memoryEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Moderate
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: 12 months ago
GSA_kwCzR0hTQS02OTlnLXE2cWgtcTR2OM4AA3q7
OpenZeppelin Contracts and Contracts Upgradeable duplicated execution of subcalls in v4.9.4Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: 12 months ago
Moderate
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: over 1 year ago
GSA_kwCzR0hTQS1nNHZwLW02ODItcXFtcM4AA1Qt
OpenZeppelin Contracts vulnerable to Improper Escaping of OutputEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: over 1 year ago
GSA_kwCzR0hTQS13cHJ2LTkzcjQtamoycM4AAz8m
OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific treesEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: over 1 year ago
GSA_kwCzR0hTQS01aDN4LTl3dnEtdzRtMs4AAzvg
OpenZeppelin Contracts's governor proposal creation may be blocked by frontrunningEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: over 1 year ago
High
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: over 1 year ago
GSA_kwCzR0hTQS05M2hxLTV3Z2MtamM4Ms4AAy45
GovernorCompatibilityBravo may trim proposal calldataEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: over 1 year ago
GSA_kwCzR0hTQS1teDJxLTM1bTIteDJyaM4AAy0V
OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegatedEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: over 1 year ago
GSA_kwCzR0hTQS04NzhtLTNnNnEtNTk0cc4AAx7E
OpenZeppelin Contracts contains Incorrect CalculationEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: over 1 year ago
High
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 35.9
Published: over 2 years ago
GSA_kwCzR0hTQS00aDk4LTI3NjktZ2g2aM4AAuFk
OpenZeppelin Contracts vulnerable to ECDSA signature malleabilityEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 35.9
Published: over 2 years ago
High
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 34.1
Published: over 2 years ago
GSA_kwCzR0hTQS14cmM0LTczN3YtOXE3Nc4AAuFh
OpenZeppelin Contracts's GovernorVotesQuorumFraction updates to quorum may affect past defeated proposalsEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 34.1
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: over 2 years ago
GSA_kwCzR0hTQS05ajNtLWczODMtMjlxcs4AAuAp
OpenZeppelin Contracts's Cross chain utilities for Arbitrum L2 see EOA calls as cross chain callsEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: openzeppelin-eth, @openzeppelin/contracts-upgradeable, openzeppelin-solidity, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: over 2 years ago
GSA_kwCzR0hTQS03Z3JmLTgzdnctNmY1eM4AAuAo
OpenZeppelin Contracts ERC165Checker unbounded gas consumptionEcosystems: npm
Packages: openzeppelin-eth, @openzeppelin/contracts-upgradeable, openzeppelin-solidity, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: over 2 years ago
High
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 34.1
Published: over 2 years ago
GSA_kwCzR0hTQS00ZzYzLWM2NG0tMjV3Oc4AAtkM
OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signersEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 34.1
Published: over 2 years ago
High
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 34.1
Published: over 2 years ago
GSA_kwCzR0hTQS1xaDl4LWdjZmgtcGNyd84AAtkL
OpenZeppelin Contracts's ERC165Checker may revert instead of returning falseEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 34.1
Published: over 2 years ago
High
Ecosystems: npm
Packages: @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 34.1
Published: almost 3 years ago
GSA_kwCzR0hTQS04OGc4LWY1bWYtZjVyas0o5A
Improper Initialization in OpenZeppelinEcosystems: npm
Packages: @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 34.1
Published: almost 3 years ago
Moderate
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
GSA_kwCzR0hTQS1tNnc4LWZxN3YtcGg0bc0h8A
GovernorCompatibilityBravo incorrect ABI encoding may lead to unexpected behaviorEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: almost 3 years ago
GSA_kwCzR0hTQS05YzIyLXB3eHctcDZoeM0bQg
OpenZeppelin Contracts initializer reentrancy may lead to double initializationEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: almost 3 years ago
Low
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
GSA_kwCzR0hTQS13bXB2LWMyanAtajJ4Z80XOg
ERC1155Supply vulnerability in OpenZeppelin ContractsEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Critical
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 44.5
Published: about 3 years ago
GSA_kwCzR0hTQS01dnAzLXY0aGMtZ3g3Ns0VxA
UUPSUpgradeable vulnerability in @openzeppelin/contractsEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 44.5
Published: about 3 years ago
Critical
Ecosystems: npm
Packages: @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 45.4
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZnNDctM2MyeC1tMndy
TimelockController vulnerability in OpenZeppelin ContractsEcosystems: npm
Packages: @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 45.4
Published: about 3 years ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 1
Ecosystems: 12
Packages: 9,040
Repositories: 1
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
parse-server
31
electron
26
directus
26
@openzeppelin/contracts-upgradeable
21
@openzeppelin/contracts
20
next
18
sequelize
16
tinymce
16
ghost
15
ckeditor4
15
joplin
14
swagger-ui
14
strapi
13
undici
13
angular
13
vm2
12
nodebb
12
marked
11
bootstrap
11
matrix-js-sdk
11
tinymce/tinymce
11
TinyMCE
11
handlebars
11
flowise
10
nocodb
10
twbs/bootstrap
9
org.webjars:bootstrap
9
bootstrap
9
serve
9
bootstrap
9
@evershop/evershop
9
@strapi/strapi
9
matrix-react-sdk
9
next-auth
9
validator
8
express-cart
8
url-parse
8
jsrsasign
8
matrix-appservice-irc
8
node-forge
8
systeminformation
8
tar
8
steal
8
urijs
8
npm
8
jquery-rails
8
jquery
8
org.webjars.npm:jquery
8
editor.md
8
uptime-kuma
7
jquery-ui
7
jquery-ui-rails
7
org.webjars.npm:jquery-ui
7
jQuery.UI.Combined
7
lodash
7
total.js
7
hapi
7
shescape
7
hermes-engine
7
vite
7
bootstrap.sass
7
snyk-broker
7
elliptic
7
dompurify
7
bootstrap-sass
7
jQuery
7
sanitize-html
7
aaptjs
6
bootstrap-sass
6
rsshub
6
parse-url
6
safe-eval
6
@strapi/plugin-users-permissions
6
mysql2
5
prismjs
5
mermaid
5
public
5
axios
5
lodash-es
5
ejs
5
rendertron
5
ua-parser-js
5
vditor
5
openpgp
5
xlsx
5
yarn
5
lunary
5
sweetalert2
5
ws
5
mattermost-desktop
5
dojo
5
keystone
5
total4
5
mongoose
5
@saltcorn/server
5
generator-jhipster
4
auth0-js
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
ecstatic
4
fastify
4
fast-xml-parser
4
@lobehub/chat
4
aws-iot-device-sdk-v2
4
awsiotsdk
4
remarkable
4
realms-shim
4
apollo-server-core
4
convert-svg-core
4
follow-redirects
4
moment
4
mongo-express
4
@keystone-6/core
4
@backstage/plugin-scaffolder-backend
4
vega
4
hono
4
valine
4
glance
4
safer-eval
4
meshcentral
4
materialize-css
4
hummus
4
muhammara
4
simple-markdown
4
express
4
jsonwebtoken
4
engine.io
4
qs
4
auth0-lock
4
apostrophe
4
simple-git
4
katex
4
buttle
3
grunt
3
apollo-server
3
openmct
3
n8n
3
ses
3
nadesiko3
3
jquery-validation
3
highcharts
3
node-opcua
3
dns-sync
3
jspdf
3
layui
3
wrangler
3
ag-grid-community
3
json-pointer
3
fuxa-server
3
subtext
3
bin-links
3
statics-server
3
simplehttpserver
3
@directus/api
3
http-live-simulator
3
localhost-now
3
slpjs
3
convict
3
dset
3
node-jose
3
nuxt
3
bson
3
braces
3
node-fetch
3
serialize-to-js
3
dojox
3
raneto
3
slp-validate
3
code-server
3
js-yaml
3
passport-wsfed-saml2
3
@sequelize/core
3
@hapi/subtext
3
keycloak-connect
3
@apollo/server
3
lodash.defaultsdeep
3
protobufjs
3
socket.io
3
node-ipc
3
@cubejs-backend/api-gateway
3
notevil
3
sails
3
docsify
3
xdLocalStorage
3
m-server
3
mixme
3
django-tinymce
3
connect
3
libxmljs
3
froala-editor
3
uap-core
3
typeorm
3
@uppy/companion
3
yapi-vendor
3
@backstage/techdocs-common
3
nodemailer
3
@frangoteam/fuxa
3
org.webjars.npm:xlsx
3
node-red-dashboard
3
@strapi/utils
3
feathers-sequelize
3
Filter by Repository