Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
npm @openzeppelin/contracts-upgradeable Security Advisories
Loading...
Low
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS05dng2LTd4eGYteDk2N84AA5qR
OpenZeppelin Contracts base64 encoding may read from potentially dirty memoryEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: 4 months ago
GSA_kwCzR0hTQS02OTlnLXE2cWgtcTR2OM4AA3q7
OpenZeppelin Contracts and Contracts Upgradeable duplicated execution of subcalls in v4.9.4Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: 4 months ago
Moderate
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 8 months ago
GSA_kwCzR0hTQS1nNHZwLW02ODItcXFtcM4AA1Qt
OpenZeppelin Contracts vulnerable to Improper Escaping of OutputEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 8 months ago
Moderate
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 10 months ago
GSA_kwCzR0hTQS13cHJ2LTkzcjQtamoycM4AAz8m
OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific treesEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 10 months ago
Moderate
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 11 months ago
GSA_kwCzR0hTQS01aDN4LTl3dnEtdzRtMs4AAzvg
OpenZeppelin Contracts's governor proposal creation may be blocked by frontrunningEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 11 months ago
High
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: 12 months ago
GSA_kwCzR0hTQS05M2hxLTV3Z2MtamM4Ms4AAy45
GovernorCompatibilityBravo may trim proposal calldataEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: 12 months ago
Moderate
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: about 1 year ago
GSA_kwCzR0hTQS1teDJxLTM1bTIteDJyaM4AAy0V
OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegatedEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: about 1 year ago
Moderate
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: about 1 year ago
GSA_kwCzR0hTQS04NzhtLTNnNnEtNTk0cc4AAx7E
OpenZeppelin Contracts contains Incorrect CalculationEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: about 1 year ago
High
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 35.9
Published: over 1 year ago
GSA_kwCzR0hTQS00aDk4LTI3NjktZ2g2aM4AAuFk
OpenZeppelin Contracts vulnerable to ECDSA signature malleabilityEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 35.9
Published: over 1 year ago
High
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 34.1
Published: over 1 year ago
GSA_kwCzR0hTQS14cmM0LTczN3YtOXE3Nc4AAuFh
OpenZeppelin Contracts's GovernorVotesQuorumFraction updates to quorum may affect past defeated proposalsEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 34.1
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: over 1 year ago
GSA_kwCzR0hTQS05ajNtLWczODMtMjlxcs4AAuAp
OpenZeppelin Contracts's Cross chain utilities for Arbitrum L2 see EOA calls as cross chain callsEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: openzeppelin-eth, @openzeppelin/contracts-upgradeable, openzeppelin-solidity, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: over 1 year ago
GSA_kwCzR0hTQS03Z3JmLTgzdnctNmY1eM4AAuAo
OpenZeppelin Contracts ERC165Checker unbounded gas consumptionEcosystems: npm
Packages: openzeppelin-eth, @openzeppelin/contracts-upgradeable, openzeppelin-solidity, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: over 1 year ago
High
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 34.1
Published: over 1 year ago
GSA_kwCzR0hTQS00ZzYzLWM2NG0tMjV3Oc4AAtkM
OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signersEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 34.1
Published: over 1 year ago
High
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 34.1
Published: over 1 year ago
GSA_kwCzR0hTQS1xaDl4LWdjZmgtcGNyd84AAtkL
OpenZeppelin Contracts's ERC165Checker may revert instead of returning falseEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 34.1
Published: over 1 year ago
Low
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
GSA_kwCzR0hTQS03ajUyLTZmanAtNThncs0ynA
Inconsistent storage layout for ERC2771ContextUpgradeableEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
GSA_kwCzR0hTQS1tNnc4LWZxN3YtcGg0bc0h8A
GovernorCompatibilityBravo incorrect ABI encoding may lead to unexpected behaviorEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: over 2 years ago
GSA_kwCzR0hTQS05YzIyLXB3eHctcDZoeM0bQg
OpenZeppelin Contracts initializer reentrancy may lead to double initializationEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: over 2 years ago
Low
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
GSA_kwCzR0hTQS13bXB2LWMyanAtajJ4Z80XOg
ERC1155Supply vulnerability in OpenZeppelin ContractsEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 44.5
Published: over 2 years ago
GSA_kwCzR0hTQS01dnAzLXY0aGMtZ3g3Ns0VxA
UUPSUpgradeable vulnerability in @openzeppelin/contractsEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 44.5
Published: over 2 years ago
Critical
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
GSA_kwCzR0hTQS1xNGg5LTQ2eGctbTN4Oc0Vww
UUPSUpgradeable vulnerability in @openzeppelin/contracts-upgradeableEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable
Source: GitHub Advisory Database
Blast Radius: 36.9
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZydzQtdzczci02bW04
TimelockController vulnerability in OpenZeppelin ContractsEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable
Source: GitHub Advisory Database
Blast Radius: 36.9
Published: over 2 years ago
Statistics
Advisories: 17,465
Packages: 8,120
Repositories: 2
Ecosystems: 12
Packages: 8,120
Repositories: 2
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
parse-server
29
electron
26
@openzeppelin/contracts-upgradeable
21
@openzeppelin/contracts
20
directus
16
sequelize
16
swagger-ui
14
tinymce
14
strapi
13
ghost
13
ckeditor4
13
next
13
undici
12
vm2
12
marked
11
angular
11
handlebars
11
nodebb
11
tinymce/tinymce
9
TinyMCE
9
@evershop/evershop
9
org.webjars.npm:jquery
9
serve
9
jquery-rails
9
next-auth
9
jquery
9
tar
8
urijs
8
steal
8
joplin
8
@strapi/strapi
8
validator
8
jQuery
8
jsrsasign
8
url-parse
8
bootstrap
8
editor.md
8
matrix-js-sdk
8
systeminformation
8
express-cart
8
npm
8
node-forge
8
snyk-broker
7
matrix-appservice-irc
7
jquery-ui
7
hermes-engine
7
total.js
7
jquery-ui-rails
7
org.webjars.npm:jquery-ui
7
jQuery.UI.Combined
7
matrix-react-sdk
7
lodash
7
nocodb
7
hapi
7
shescape
7
aaptjs
6
parse-url
6
sanitize-html
6
safe-eval
6
rsshub
6
dojo
5
vite
5
prismjs
5
openpgp
5
public
5
yarn
5
lodash-es
5
keystone
5
sweetalert2
5
total4
5
ua-parser-js
5
@strapi/plugin-users-permissions
5
rendertron
5
xlsx
5
moment
4
engine.io
4
dompurify
4
@keystone-6/core
4
realms-shim
4
apostrophe
4
vega
4
vditor
4
mongo-express
4
safer-eval
4
simple-git
4
jsonwebtoken
4
katex
4
mongoose
4
follow-redirects
4
fastify
4
ecstatic
4
generator-jhipster
4
hummus
4
muhammara
4
ws
4
auth0-js
4
glance
4
apollo-server-core
4
remarkable
4
qs
4
simple-markdown
4
meshcentral
4
auth0-lock
4
mermaid
4
valine
4
ejs
4
awsiotsdk
4
aws-iot-device-sdk-v2
4
uptime-kuma
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
@backstage/plugin-scaffolder-backend
4
axios
4
materialize-css
4
n8n
3
org.webjars.npm:xlsx
3
froala-editor
3
jointjs
3
socket.io-file
3
slpjs
3
passport-wsfed-saml2
3
dns-sync
3
highcharts
3
connect
3
fast-xml-parser
3
jose
3
codecov
3
node-red-dashboard
3
ses
3
mixme
3
feathers-sequelize
3
notevil
3
tough-cookie
3
convert-svg-core
3
localhost-now
3
jspdf
3
xmldom
3
m-server
3
keycloak-connect
3
code-server
3
node-jose
3
@strapi/utils
3
@cubejs-backend/api-gateway
3
nodemailer
3
mathjs
3
@backstage/techdocs-common
3
slp-validate
3
node-opcua
3
postcss
3
socket.io-parser
3
apollo-server
3
node-ipc
3
jquery-validation
3
raneto
3
@ckeditor/ckeditor5-markdown-gfm
3
bootstrap
3
js-yaml
3
loader-utils
3
blamer
3
grunt
3
object-path
3
ftp-srv
3
protobufjs
3
@frangoteam/fuxa
3
yapi-vendor
3
immer
3
http-live-simulator
3
uap-core
3
wrangler
3
mysql
3
nadesiko3
3
docsify
3
dojox
3
simplehttpserver
3
parsel
3
@uppy/companion
3
convict
3
fuxa-server
3
mxgraph
3
node-fetch
3
stimulsoft-dashboards-js
3
express-fileupload
3
xdLocalStorage
3
@apollo/server
3
llhttp
3
json-pointer
3
@hapi/subtext
3
serialize-to-js
3
buttle
3
typeorm
3
lodash.defaultsdeep
3
mysql2
3
@vrite/sdk
3
@commercial/subtext
3
json-ptr
3
@sveltejs/kit
3
snyk
3
ids-enterprise
3
@materializecss/materialize
3
@soketi/soketi
3
sails
3