Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm @openzeppelin/contracts Security Advisories

Moderate

GSA_kwCzR0hTQS1nNHZwLW02ODItcXFtcM4AA1Qt

OpenZeppelin Contracts vulnerable to Improper Escaping of Output
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: 4 months ago

Moderate

GSA_kwCzR0hTQS13cHJ2LTkzcjQtamoycM4AAz8m

OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific trees
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: 6 months ago

Moderate

GSA_kwCzR0hTQS01aDN4LTl3dnEtdzRtMs4AAzvg

OpenZeppelin Contracts's governor proposal creation may be blocked by frontrunning
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: 6 months ago

High

GSA_kwCzR0hTQS05M2hxLTV3Z2MtamM4Ms4AAy45

GovernorCompatibilityBravo may trim proposal calldata
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: 8 months ago

Moderate

GSA_kwCzR0hTQS1teDJxLTM1bTIteDJyaM4AAy0V

OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: 8 months ago

Moderate

GSA_kwCzR0hTQS04NzhtLTNnNnEtNTk0cc4AAx7E

OpenZeppelin Contracts contains Incorrect Calculation
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: 9 months ago

High

GSA_kwCzR0hTQS00aDk4LTI3NjktZ2g2aM4AAuFk

OpenZeppelin Contracts vulnerable to ECDSA signature malleability
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: over 1 year ago

High

GSA_kwCzR0hTQS14cmM0LTczN3YtOXE3Nc4AAuFh

OpenZeppelin Contracts's GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS05ajNtLWczODMtMjlxcs4AAuAp

OpenZeppelin Contracts's Cross chain utilities for Arbitrum L2 see EOA calls as cross chain calls
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS03Z3JmLTgzdnctNmY1eM4AAuAo

OpenZeppelin Contracts ERC165Checker unbounded gas consumption
Ecosystems: npm
Packages: openzeppelin-eth, @openzeppelin/contracts-upgradeable, openzeppelin-solidity, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: over 1 year ago

High

GSA_kwCzR0hTQS00ZzYzLWM2NG0tMjV3Oc4AAtkM

OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: over 1 year ago

High

GSA_kwCzR0hTQS1xaDl4LWdjZmgtcGNyd84AAtkL

OpenZeppelin Contracts's ERC165Checker may revert instead of returning false
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: over 1 year ago

High

GSA_kwCzR0hTQS04OGc4LWY1bWYtZjVyas0o5A

Improper Initialization in OpenZeppelin
Ecosystems: npm
Packages: @openzeppelin/contracts
Source: GitHub Advisory Database
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS1tNnc4LWZxN3YtcGg0bc0h8A

GovernorCompatibilityBravo incorrect ABI encoding may lead to unexpected behavior
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS05YzIyLXB3eHctcDZoeM0bQg

OpenZeppelin Contracts initializer reentrancy may lead to double initialization
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: almost 2 years ago

Low

GSA_kwCzR0hTQS13bXB2LWMyanAtajJ4Z80XOg

ERC1155Supply vulnerability in OpenZeppelin Contracts
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: about 2 years ago

Critical

GSA_kwCzR0hTQS01dnAzLXY0aGMtZ3g3Ns0VxA

UUPSUpgradeable vulnerability in @openzeppelin/contracts
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: about 2 years ago

Critical

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZnNDctM2MyeC1tMndy

TimelockController vulnerability in OpenZeppelin Contracts
Ecosystems: npm
Packages: @openzeppelin/contracts
Source: GitHub Advisory Database
Published: over 2 years ago

Filter by Severity

Moderate 6,458 High 5,578 Critical 2,464 Low 810

Filter by Ecosystem

maven 4,736 npm 3,386 pypi 3,111 packagist 2,555 go 1,511 nuget 1,316 rubygems 801 cargo 701 swift 31 hex 25 actions 11 pub 7

Filter by Package

parse-server 27 electron 26 @openzeppelin/contracts-upgradeable 19 @openzeppelin/contracts 18 sequelize 17 marked 16 swagger-ui 14 tinymce 13 handlebars 13 next 13 strapi 13 vm2 12 directus 12 ghost 11 nodebb 11 ckeditor4 11 angular 10 jquery-rails 10 jquery 10 next-auth 9 org.webjars.npm:jquery 9 validator 9 serve 9 systeminformation 8 url-parse 8 node-forge 8 urijs 8 matrix-js-sdk 8 steal 8 joplin 8 @strapi/strapi 8 npm 8 jQuery.UI.Combined 8 jquery-ui 8 org.webjars.npm:jquery-ui 8 jquery-ui-rails 8 jQuery 8 undici 8 editor.md 8 shescape 7 tar 7 nocodb 7 total.js 7 keystone 7 snyk-broker 7 hapi 7 jsrsasign 7 hermes-engine 7 bootstrap 7 TinyMCE 7 tinymce/tinymce 7 lodash 7 matrix-react-sdk 7 matrix-appservice-irc 6 express-cart 6 parse-url 6 safe-eval 6 aaptjs 6 @strapi/plugin-users-permissions 5 sweetalert2 5 generator-jhipster 5 qs 5 ua-parser-js 5 rendertron 5 dojo 5 ecstatic 5 dns-sync 5 safer-eval 5 moment 5 public 5 @sequelize/core 5 jsonwebtoken 5 lodash-es 5 total4 5 openpgp 5 prismjs 5 sanitize-html 5 aws-iot-device-sdk-v2 4 awsiotsdk 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 engine.io 4 rsshub 4 simple-git 4 glance 4 axios 4 hummus 4 yarn 4 muhammara 4 apostrophe 4 valine 4 apollo-server-core 4 dompurify 4 protobufjs 4 highcharts 4 is-my-json-valid 4 auth0-js 4 vditor 4 @keystone-6/core 4 xmldom 4 materialize-css 4 sails 4 ejs 4 passport-wsfed-saml2 4 realms-shim 4 mermaid 4 fastify 4 @backstage/plugin-scaffolder-backend 4 ws 4 xlsx 4 remarkable 4 vega 4 auth0-lock 4 simple-markdown 4 mongoose 4 postcss 3 llhttp 3 tough-cookie 3 @strapi/utils 3 snyk 3 xdLocalStorage 3 jwt-simple 3 mixme 3 static-eval 3 jspdf 3 nadesiko3 3 docsify 3 openmct 3 ftp-srv 3 jointjs 3 @frangoteam/fuxa 3 aedes 3 @hapi/subtext 3 subtext 3 node-fetch 3 bin-links 3 node-red-dashboard 3 loader-utils 3 ses 3 apollo-server 3 harp 3 immer 3 fuxa-server 3 socket.io-parser 3 node-opcua 3 hekto 3 object-path 3 mysql 3 @uppy/companion 3 json-pointer 3 minimist 3 slpjs 3 froala-editor 3 blamer 3 convert-svg-core 3 yapi-vendor 3 node-ipc 3 code-server 3 grunt 3 mathjs 3 notevil 3 send 3 feathers-sequelize 3 keycloak-connect 3 json-ptr 3 convict 3 mongo-express 3 org.webjars.npm:xlsx 3 @soketi/soketi 3 locutus 3 @backstage/techdocs-common 3 jquery-validation 3 codecov 3 bson 3 socket.io-file 3 @ckeditor/ckeditor5-markdown-gfm 3 n8n 3 uap-core 3 @commercial/subtext 3 parsel 3 express-fileupload 3 http-live-simulator 3 lodash.defaultsdeep 3 buttle 3 @materializecss/materialize 3 serialize-to-js 3 m-server 3 uptime-kuma 3 @vrite/sdk 3 slp-validate 3 dojox 3 connect 3 ids-enterprise 3 localhost-now 3 js-yaml 3 mxgraph 3 uglify-js 3 simplehttpserver 3 https-proxy-agent 3 fast-xml-parser 3 node-jose 3 raneto 3 @apollo/server 3 request 2 cli 2 mixin-deep 2 is-svg 2 matrix-appservice-bridge 2 merge-deep 2 fastify-static 2 detect-character-encoding 2 dijit 2 crypto-js 2 Moment.js 2 pullit 2 hawk 2 bootstrap 2 jQuery.Validation 2 @fastify/passport 2 lazysizes 2 node-rules 2 macaddress 2 http-proxy-agent 2 decal 2 waterline-sequel 2 merge 2 @claviska/jquery-minicolors 2 whereis 2 sshpk 2 jszip 2 @node-red/runtime 2 canvas 2 nunjucks 2 highlight.js 2 sockjs 2 electron-markdownify 2 async-git 2 multi-ini 2 braces 2 @hapi/hoek 2 lodash.merge 2 isolated-vm 2 saml2-js 2 yeoman-genrator 2 json-serializer 2 ibm_db 2 node-saml 2 quill 2 defaults-deep 2 loopback 2 converse.js 2 set-in 2 jodit 2 minimatch 2 flatmap-stream 2 angular-expressions 2 google-closure-library 2 jose-node-cjs-runtime 2 jose-node-esm-runtime 2 jose-browser-runtime 2 jose 2 papaparse 2 fs-path 2 knockout 2 moment-timezone 2 @actions/core 2 vite 2 constantinople 2 list-n-stream 2 node-simple-router 2 renovate 2 @builder.io/qwik 2 tomato 2 serve-lite 2 shell-quote 2 sharp 2 bootstrap-table 2 jquery 2 @vendure/core 2 bootbox 2 payload 2 node-static 2 @adobe/css-tools 2 deep-get-set 2 deap 2 @strapi/plugin-content-manager 2 fast-string-search 2 crud-file-server 2 dot 2 serialize-javascript 2 giting 2 @finastra/nestjs-proxy 2 querymen 2 jsuites 2 jpeg-js 2 set-value 2 @xmldom/xmldom 2 semver-regex 2 mout 2 ungit 2 html-janitor 2