Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm @openzeppelin/contracts-upgradeable Security Advisories

Browse all Security Advisories for npm @openzeppelin/contracts-upgradeable

Low

GSA_kwCzR0hTQS05dng2LTd4eGYteDk2N84AA5qR

OpenZeppelin Contracts base64 encoding may read from potentially dirty memory
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago

Moderate

GSA_kwCzR0hTQS02OTlnLXE2cWgtcTR2OM4AA3q7

OpenZeppelin Contracts and Contracts Upgradeable duplicated execution of subcalls in v4.9.4
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: 12 months ago

Moderate

GSA_kwCzR0hTQS1nNHZwLW02ODItcXFtcM4AA1Qt

OpenZeppelin Contracts vulnerable to Improper Escaping of Output
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS13cHJ2LTkzcjQtamoycM4AAz8m

OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific trees
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS01aDN4LTl3dnEtdzRtMs4AAzvg

OpenZeppelin Contracts's governor proposal creation may be blocked by frontrunning
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: over 1 year ago

High

GSA_kwCzR0hTQS05M2hxLTV3Z2MtamM4Ms4AAy45

GovernorCompatibilityBravo may trim proposal calldata
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS1teDJxLTM1bTIteDJyaM4AAy0V

OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS04NzhtLTNnNnEtNTk0cc4AAx7E

OpenZeppelin Contracts contains Incorrect Calculation
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: over 1 year ago

High

GSA_kwCzR0hTQS00aDk4LTI3NjktZ2g2aM4AAuFk

OpenZeppelin Contracts vulnerable to ECDSA signature malleability
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 35.9
Published: over 2 years ago

High

GSA_kwCzR0hTQS14cmM0LTczN3YtOXE3Nc4AAuFh

OpenZeppelin Contracts's GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 34.1
Published: over 2 years ago

Moderate

GSA_kwCzR0hTQS05ajNtLWczODMtMjlxcs4AAuAp

OpenZeppelin Contracts's Cross chain utilities for Arbitrum L2 see EOA calls as cross chain calls
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: over 2 years ago

Moderate

GSA_kwCzR0hTQS03Z3JmLTgzdnctNmY1eM4AAuAo

OpenZeppelin Contracts ERC165Checker unbounded gas consumption
Ecosystems: npm
Packages: openzeppelin-eth, @openzeppelin/contracts-upgradeable, openzeppelin-solidity, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: over 2 years ago

High

Advisories: 20,668
Packages: 9,040
Repositories: 2
Ecosystems: 12

Filter by Severity

Moderate 8,836 High 7,269 Critical 3,070 Low 1,144

Filter by Ecosystem

maven 5,864 packagist 4,634 pypi 4,352 npm 3,812 go 2,295 nuget 1,552 cargo 882 rubygems 880 swift 33 hex 32 actions 20 pub 9

Filter by Package

parse-server 31 directus 26 electron 26 @openzeppelin/contracts-upgradeable 21 @openzeppelin/contracts 20 next 18 sequelize 16 tinymce 16 ghost 15 ckeditor4 15 joplin 14 swagger-ui 14 angular 13 undici 13 strapi 13 vm2 12 nodebb 12 bootstrap 11 marked 11 matrix-js-sdk 11 handlebars 11 TinyMCE 11 tinymce/tinymce 11 flowise 10 nocodb 10 next-auth 9 @strapi/strapi 9 serve 9 bootstrap 9 twbs/bootstrap 9 org.webjars:bootstrap 9 bootstrap 9 matrix-react-sdk 9 @evershop/evershop 9 matrix-appservice-irc 8 express-cart 8 steal 8 systeminformation 8 url-parse 8 node-forge 8 jsrsasign 8 editor.md 8 jquery 8 org.webjars.npm:jquery 8 npm 8 urijs 8 tar 8 jquery-rails 8 validator 8 hermes-engine 7 jQuery.UI.Combined 7 elliptic 7 org.webjars.npm:jquery-ui 7 jquery-ui-rails 7 jquery-ui 7 hapi 7 jQuery 7 uptime-kuma 7 snyk-broker 7 shescape 7 vite 7 dompurify 7 lodash 7 bootstrap.sass 7 sanitize-html 7 total.js 7 bootstrap-sass 7 rsshub 6 parse-url 6 safe-eval 6 @strapi/plugin-users-permissions 6 aaptjs 6 bootstrap-sass 6 xlsx 5 ws 5 axios 5 keystone 5 prismjs 5 mattermost-desktop 5 mermaid 5 vditor 5 yarn 5 mysql2 5 public 5 ua-parser-js 5 lunary 5 rendertron 5 sweetalert2 5 ejs 5 @saltcorn/server 5 openpgp 5 mongoose 5 dojo 5 lodash-es 5 total4 5 engine.io 4 mongo-express 4 awsiotsdk 4 apostrophe 4 fastify 4 moment 4 auth0-js 4 ecstatic 4 qs 4 convert-svg-core 4 simple-git 4 safer-eval 4 auth0-lock 4 hono 4 vega 4 hummus 4 apollo-server-core 4 express 4 glance 4 muhammara 4 materialize-css 4 simple-markdown 4 @keystone-6/core 4 katex 4 jsonwebtoken 4 meshcentral 4 fast-xml-parser 4 generator-jhipster 4 valine 4 realms-shim 4 @backstage/plugin-scaffolder-backend 4 follow-redirects 4 remarkable 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 aws-iot-device-sdk-v2 4 @lobehub/chat 4 blamer 3 llhttp 3 @backstage/techdocs-common 3 froala-editor 3 convict 3 uap-core 3 apollo-server 3 node-jose 3 n8n 3 highcharts 3 stimulsoft-dashboards-js 3 django-tinymce 3 snyk 3 wrangler 3 @vrite/sdk 3 slp-validate 3 @strapi/utils 3 slpjs 3 typeorm 3 dset 3 nadesiko3 3 immer 3 raneto 3 lodash.defaultsdeep 3 buttle 3 code-server 3 ses 3 layui 3 @uppy/companion 3 grunt 3 fuxa-server 3 jointjs 3 localhost-now 3 json-pointer 3 @materializecss/materialize 3 node-opcua 3 socket.io 3 browserify-shim 3 keycloak-connect 3 ids-enterprise 3 jspdf 3 @strapi/plugin-content-manager 3 renovate 3 express-fileupload 3 js-yaml 3 xmldom 3 postcss 3 mxgraph 3 mixme 3 @sveltejs/kit 3 @hapi/subtext 3 sails 3 jose-node-esm-runtime 3 org.webjars.npm:xlsx 3 m-server 3 jose-node-cjs-runtime 3 jquery-validation 3 ag-grid-community 3 bin-links 3 openmct 3 send 3 libxmljs 3 nuxt 3 @cubejs-backend/api-gateway 3 node-ipc 3 @builder.io/qwik 3 tough-cookie 3 feathers-sequelize 3 socket.io-file 3

Filter by Repository

https://github.com/OpenZeppelin/openzeppelin-contracts 18 https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable 3

Ecosyste.ms: Advisories

npm @openzeppelin/contracts-upgradeable Security Advisories

GSA_kwCzR0hTQS05dng2LTd4eGYteDk2N84AA5qR

GSA_kwCzR0hTQS02OTlnLXE2cWgtcTR2OM4AA3q7

GSA_kwCzR0hTQS1nNHZwLW02ODItcXFtcM4AA1Qt

GSA_kwCzR0hTQS13cHJ2LTkzcjQtamoycM4AAz8m

GSA_kwCzR0hTQS01aDN4LTl3dnEtdzRtMs4AAzvg

GSA_kwCzR0hTQS05M2hxLTV3Z2MtamM4Ms4AAy45

GSA_kwCzR0hTQS1teDJxLTM1bTIteDJyaM4AAy0V

GSA_kwCzR0hTQS04NzhtLTNnNnEtNTk0cc4AAx7E

GSA_kwCzR0hTQS00aDk4LTI3NjktZ2g2aM4AAuFk

GSA_kwCzR0hTQS14cmM0LTczN3YtOXE3Nc4AAuFh

GSA_kwCzR0hTQS05ajNtLWczODMtMjlxcs4AAuAp

GSA_kwCzR0hTQS03Z3JmLTgzdnctNmY1eM4AAuAo

GSA_kwCzR0hTQS00ZzYzLWM2NG0tMjV3Oc4AAtkM

GSA_kwCzR0hTQS1xaDl4LWdjZmgtcGNyd84AAtkL

GSA_kwCzR0hTQS03ajUyLTZmanAtNThncs0ynA

GSA_kwCzR0hTQS1tNnc4LWZxN3YtcGg0bc0h8A

GSA_kwCzR0hTQS05YzIyLXB3eHctcDZoeM0bQg

GSA_kwCzR0hTQS13bXB2LWMyanAtajJ4Z80XOg

GSA_kwCzR0hTQS01dnAzLXY0aGMtZ3g3Ns0VxA

GSA_kwCzR0hTQS1xNGg5LTQ2eGctbTN4Oc0Vww

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZydzQtdzczci02bW04