Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm @openzeppelin/contracts-upgradeable Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1teDJxLTM1bTIteDJyaM4AAy0V
OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS05YzIyLXB3eHctcDZoeM0bQg
OpenZeppelin Contracts initializer reentrancy may lead to double initialization
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS01dnAzLXY0aGMtZ3g3Ns0VxA
UUPSUpgradeable vulnerability in @openzeppelin/contracts
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS05M2hxLTV3Z2MtamM4Ms4AAy45
GovernorCompatibilityBravo may trim proposal calldata
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS05ajNtLWczODMtMjlxcs4AAuAp
OpenZeppelin Contracts's Cross chain utilities for Arbitrum L2 see EOA calls as cross chain calls
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: 10 months ago
High
GSA_kwCzR0hTQS00ZzYzLWM2NG0tMjV3Oc4AAtkM
OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1tNnc4LWZxN3YtcGg0bc0h8A
GovernorCompatibilityBravo incorrect ABI encoding may lead to unexpected behavior
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS00aDk4LTI3NjktZ2g2aM4AAuFk
OpenZeppelin Contracts vulnerable to ECDSA signature malleability
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS03Z3JmLTgzdnctNmY1eM4AAuAo
OpenZeppelin Contracts ERC165Checker unbounded gas consumption
Ecosystems: npm
Packages: openzeppelin-eth, @openzeppelin/contracts-upgradeable, openzeppelin-solidity, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1xNGg5LTQ2eGctbTN4Oc0Vww
UUPSUpgradeable vulnerability in @openzeppelin/contracts-upgradeable
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable
Source: GitHub Advisory Database
Published: over 1 year ago
Low
GSA_kwCzR0hTQS03ajUyLTZmanAtNThncs0ynA
Inconsistent storage layout for ERC2771ContextUpgradeable
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04NzhtLTNnNnEtNTk0cc4AAx7E
OpenZeppelin Contracts contains Incorrect Calculation
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: 3 months ago
Low
GSA_kwCzR0hTQS13bXB2LWMyanAtajJ4Z80XOg
ERC1155Supply vulnerability in OpenZeppelin Contracts
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS14cmM0LTczN3YtOXE3Nc4AAuFh
OpenZeppelin Contracts's GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: 10 months ago
High
GSA_kwCzR0hTQS1xaDl4LWdjZmgtcGNyd84AAtkL
OpenZeppelin Contracts's ERC165Checker may revert instead of returning false
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: 11 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZydzQtdzczci02bW04
TimelockController vulnerability in OpenZeppelin Contracts
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable
Source: GitHub Advisory Database
Published: almost 2 years ago
Filter by Package
parse-server 24 electron 19 sequelize 17 @openzeppelin/contracts-upgradeable 16 marked 16 @openzeppelin/contracts 15 swagger-ui 14 strapi 14 handlebars 13 next 12 vm2 10 ghost 10 angular 10 ckeditor4 10 tinymce 10 directus 9 jquery 9 validator 9 serve 9 nodebb 8 url-parse 8 matrix-js-sdk 8 urijs 8 steal 8 jquery-ui 8 next-auth 8 npm 8 node-forge 8 editor.md 8 tar 7 total.js 7 systeminformation 7 jsrsasign 7 keystone 7 snyk-broker 7 hapi 7 bootstrap 7 hermes-engine 7 jQuery 7 undici 7 lodash 7 express-cart 6 parse-url 6 joplin 6 @strapi/strapi 6 safe-eval 6 aaptjs 6 matrix-react-sdk 6 shescape 5 ua-parser-js 5 rendertron 5 dojo 5 dns-sync 5 ecstatic 5 safer-eval 5 moment 5 qs 5 public 5 @sequelize/core 5 jsonwebtoken 5 lodash-es 5 prismjs 5 sanitize-html 5 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 awsiotsdk 4 aws-iot-device-sdk-v2 4 simple-git 4 rsshub 4 simple-markdown 4 glance 4 sweetalert2 4 engine.io 4 matrix-appservice-irc 4 yarn 4 hummus 4 muhammara 4 nocodb 4 apostrophe 4 generator-jhipster 4 valine 4 highcharts 4 is-my-json-valid 4 mermaid 4 auth0-js 4 vditor 4 xmldom 4 materialize-css 4 ejs 4 tinymce/tinymce 4 TinyMCE 4 realms-shim 4 fastify 4 xlsx 4 ws 4 openpgp 4 remarkable 4 vega 4 auth0-lock 4 xdLocalStorage 3 jwt-simple 3 @strapi/plugin-users-permissions 3 mixme 3 static-eval 3 nadesiko3 3 jspdf 3 bson 3 immer 3 jointjs 3 axios 3 ftp-srv 3 aedes 3 subtext 3 @hapi/subtext 3 bin-links 3 node-red-dashboard 3 node-fetch 3 mongoose 3 lodash.merge 3 apollo-server 3 harp 3 minimist 3 dompurify 3 node-opcua 3 apollo-server-core 3 raneto 3 protobufjs 3 hekto 3 object-path 3 jquery-validation 3 json-pointer 3 @uppy/companion 3 slpjs 3 froala-editor 3 convert-svg-core 3 yapi-vendor 3 node-ipc 3 grunt 3 code-server 3 mathjs 3 keycloak-connect 3 send 3 notevil 3 sails 3 feathers-sequelize 3 json-ptr 3 mongo-express 3 convict 3 @backstage/plugin-scaffolder-backend 3 socket.io-parser 3 loader-utils 3 org.webjars.npm:xlsx 3 simplehttpserver 3 socket.io-file 3 locutus 3 @backstage/techdocs-common 3 n8n 3 codecov 3 @ckeditor/ckeditor5-markdown-gfm 3 uap-core 3 @commercial/subtext 3 parsel 3 http-live-simulator 3 lodash.mergewith 3 lodash.defaultsdeep 3 buttle 3 serialize-to-js 3 m-server 3 slp-validate 3 dojox 3 https-proxy-agent 3 ids-enterprise 3 localhost-now 3 js-yaml 3 uglify-js 3 macaddress 2 node-rules 2 lazysizes 2 decal 2 http-proxy-agent 2 waterline-sequel 2 @claviska/jquery-minicolors 2 whereis 2 merge 2 fastify-static 2 canvas 2 sshpk 2 jsuites 2 docsify 2 @node-red/runtime 2 node-jose 2 nunjucks 2 sockjs 2 papaparse 2 highlight.js 2 electron-markdownify 2 async-git 2 multi-ini 2 request 2 braces 2 @hapi/hoek 2 isolated-vm 2 netmask 2 ses 2 saml2-js 2 yeoman-genrator 2 json-serializer 2 ibm_db 2 node-saml 2 quill 2 debug 2 snyk 2 set-in 2 loopback 2 defaults-deep 2 elliptic 2 eslint-config-eslint 2 @fastify/passport 2 flatmap-stream 2 angular-expressions 2 minimatch 2 dotty 2 fs-path 2 jose-node-esm-runtime 2 jose 2 jose-node-cjs-runtime 2 jose-browser-runtime 2 google-closure-library 2 knockout 2 moment-timezone 2 vite 2 @actions/core 2 constantinople 2 list-n-stream 2 tough-cookie 2 node-simple-router 2 renovate 2 @finastra/nestjs-proxy 2 mysql 2 @builder.io/qwik 2 tomato 2 jQuery.Validation 2 serialize-javascript 2 serve-lite 2 bootstrap-table 2 pullit 2 node-static 2 blamer 2 payload 2 deep-get-set 2 deap 2 detect-character-encoding 2 querymen 2 fast-string-search 2 crud-file-server 2 dot 2 set-value 2 giting 2 jpeg-js 2 semver-regex 2 ungit 2 mout 2 @keystone-6/core 2 @xmldom/xmldom 2 sds 2 shell-quote 2 fastify-csrf 2 node-sass 2 html-janitor 2 mapbox-rails 2 mapbox.js 2 @npmcli/arborist 2 jszip 2 ms 2 madlib-object-utils 2 express-openid-connect 2 css-what 2 passport-saml 2 bodymen 2 rgb2hex 2 libnested 2 acorn 2 connect 2 assign-deep 2 merge-deep 2 status-board 2 http-file-server 2 jquery-rails 2 typeorm 2 jquery.terminal 2 angular-http-server 2 @cubejs-backend/api-gateway 2 mqtt-packet 2 bootstrap-sass 2 bootstrap 2 st 2 i18next 2 mustache 2 ssri 2 http-proxy 2 express-fileupload 2