Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm @openzeppelin/contracts Security Advisories

Loading...
Low
GSA_kwCzR0hTQS05dng2LTd4eGYteDk2N84AA5qR
OpenZeppelin Contracts base64 encoding may read from potentially dirty memory
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS02OTlnLXE2cWgtcTR2OM4AA3q7
OpenZeppelin Contracts and Contracts Upgradeable duplicated execution of subcalls in v4.9.4
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1nNHZwLW02ODItcXFtcM4AA1Qt
OpenZeppelin Contracts vulnerable to Improper Escaping of Output
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS13cHJ2LTkzcjQtamoycM4AAz8m
OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific trees
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01aDN4LTl3dnEtdzRtMs4AAzvg
OpenZeppelin Contracts's governor proposal creation may be blocked by frontrunning
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: about 1 year ago
High
GSA_kwCzR0hTQS05M2hxLTV3Z2MtamM4Ms4AAy45
GovernorCompatibilityBravo may trim proposal calldata
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1teDJxLTM1bTIteDJyaM4AAy0V
OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04NzhtLTNnNnEtNTk0cc4AAx7E
OpenZeppelin Contracts contains Incorrect Calculation
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: over 1 year ago
High
GSA_kwCzR0hTQS00aDk4LTI3NjktZ2g2aM4AAuFk
OpenZeppelin Contracts vulnerable to ECDSA signature malleability
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 35.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS14cmM0LTczN3YtOXE3Nc4AAuFh
OpenZeppelin Contracts's GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 34.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05ajNtLWczODMtMjlxcs4AAuAp
OpenZeppelin Contracts's Cross chain utilities for Arbitrum L2 see EOA calls as cross chain calls
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03Z3JmLTgzdnctNmY1eM4AAuAo
OpenZeppelin Contracts ERC165Checker unbounded gas consumption
Ecosystems: npm
Packages: openzeppelin-eth, @openzeppelin/contracts-upgradeable, openzeppelin-solidity, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00ZzYzLWM2NG0tMjV3Oc4AAtkM
OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 34.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1xaDl4LWdjZmgtcGNyd84AAtkL
OpenZeppelin Contracts's ERC165Checker may revert instead of returning false
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 34.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04OGc4LWY1bWYtZjVyas0o5A
Improper Initialization in OpenZeppelin
Ecosystems: npm
Packages: @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 34.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tNnc4LWZxN3YtcGg0bc0h8A
GovernorCompatibilityBravo incorrect ABI encoding may lead to unexpected behavior
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05YzIyLXB3eHctcDZoeM0bQg
OpenZeppelin Contracts initializer reentrancy may lead to double initialization
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: over 2 years ago
Low
GSA_kwCzR0hTQS13bXB2LWMyanAtajJ4Z80XOg
ERC1155Supply vulnerability in OpenZeppelin Contracts
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS01dnAzLXY0aGMtZ3g3Ns0VxA
UUPSUpgradeable vulnerability in @openzeppelin/contracts
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 44.5
Published: almost 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZnNDctM2MyeC1tMndy
TimelockController vulnerability in OpenZeppelin Contracts
Ecosystems: npm
Packages: @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 45.4
Published: almost 3 years ago
Statistics
Advisories: 19,517
Packages: 8,615
Repositories: 1
Ecosystems: 12
Filter by Package
parse-server 30 electron 26 directus 21 @openzeppelin/contracts-upgradeable 21 @openzeppelin/contracts 20 tinymce 16 next 16 sequelize 16 swagger-ui 14 ghost 14 strapi 13 undici 13 joplin 13 ckeditor4 13 vm2 12 nodebb 11 handlebars 11 angular 11 TinyMCE 11 marked 11 tinymce/tinymce 11 nocodb 10 serve 9 next-auth 9 @evershop/evershop 9 @strapi/strapi 8 editor.md 8 matrix-appservice-irc 8 tar 8 steal 8 url-parse 8 npm 8 validator 8 node-forge 8 matrix-js-sdk 8 org.webjars.npm:jquery 8 jquery-rails 8 jquery 8 express-cart 8 systeminformation 8 bootstrap 8 jsrsasign 8 urijs 8 total.js 7 hermes-engine 7 lodash 7 hapi 7 jQuery.UI.Combined 7 org.webjars.npm:jquery-ui 7 jquery-ui-rails 7 jquery-ui 7 matrix-react-sdk 7 jQuery 7 shescape 7 uptime-kuma 7 sanitize-html 7 snyk-broker 7 rsshub 6 parse-url 6 @strapi/plugin-users-permissions 6 aaptjs 6 safe-eval 6 dojo 5 openpgp 5 vite 5 prismjs 5 public 5 mongoose 5 ua-parser-js 5 keystone 5 yarn 5 xlsx 5 ws 5 lodash-es 5 sweetalert2 5 rendertron 5 vditor 5 total4 5 ejs 5 mysql2 5 safer-eval 4 auth0-lock 4 glance 4 jsonwebtoken 4 auth0-js 4 mermaid 4 valine 4 hummus 4 muhammara 4 ecstatic 4 @keystone-6/core 4 generator-jhipster 4 simple-git 4 vega 4 mongo-express 4 apostrophe 4 dompurify 4 moment 4 follow-redirects 4 remarkable 4 materialize-css 4 simple-markdown 4 @backstage/plugin-scaffolder-backend 4 meshcentral 4 qs 4 apollo-server-core 4 axios 4 katex 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 aws-iot-device-sdk-v2 4 engine.io 4 convert-svg-core 4 fastify 4 realms-shim 4 awsiotsdk 4 feathers-sequelize 3 wrangler 3 ftp-srv 3 postcss 3 buttle 3 jspdf 3 apollo-server 3 socket.io-parser 3 @vrite/sdk 3 org.webjars.npm:xlsx 3 jointjs 3 ag-grid-community 3 slp-validate 3 json-ptr 3 yapi-vendor 3 @frangoteam/fuxa 3 codecov 3 ids-enterprise 3 @materializecss/materialize 3 notevil 3 locutus 3 ses 3 n8n 3 @soketi/soketi 3 @strapi/utils 3 mathjs 3 keycloak-connect 3 node-ipc 3 socket.io 3 uap-core 3 http-live-simulator 3 @commercial/subtext 3 xmldom 3 protobufjs 3 nodemailer 3 object-path 3 m-server 3 loader-utils 3 js-yaml 3 node-jose 3 @sveltejs/kit 3 lodash.defaultsdeep 3 mysql 3 @cubejs-backend/api-gateway 3 grunt 3 dns-sync 3 @backstage/techdocs-common 3 tough-cookie 3 django-tinymce 3 code-server 3 @lobehub/chat 3 snyk 3 jquery-validation 3 node-opcua 3 mixme 3 @strapi/plugin-content-manager 3 bin-links 3 typeorm 3 xdLocalStorage 3 openmct 3 browserify-shim 3 blamer 3 stimulsoft-dashboards-js 3 subtext 3 node-fetch 3 convict 3 @hapi/subtext 3 sails 3 bootstrap 3 llhttp 3 statics-server 3 fuxa-server 3 slpjs 3 @ckeditor/ckeditor5-markdown-gfm 3 nadesiko3 3 froala-editor 3 dojox 3 docsify 3 braces 3 socket.io-file 3 mxgraph 3 express-fileupload 3 jose 3 @sequelize/core 3 renovate 3