Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
npm @openzeppelin/contracts-upgradeable Security Advisories
Loading...
Moderate
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS1teDJxLTM1bTIteDJyaM4AAy0V
OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegatedEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: over 1 year ago
GSA_kwCzR0hTQS05YzIyLXB3eHctcDZoeM0bQg
OpenZeppelin Contracts initializer reentrancy may lead to double initializationEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: over 1 year ago
GSA_kwCzR0hTQS01dnAzLXY0aGMtZ3g3Ns0VxA
UUPSUpgradeable vulnerability in @openzeppelin/contractsEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: over 1 year ago
High
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS05M2hxLTV3Z2MtamM4Ms4AAy45
GovernorCompatibilityBravo may trim proposal calldataEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: 10 months ago
GSA_kwCzR0hTQS05ajNtLWczODMtMjlxcs4AAuAp
OpenZeppelin Contracts's Cross chain utilities for Arbitrum L2 see EOA calls as cross chain callsEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: 10 months ago
High
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS00ZzYzLWM2NG0tMjV3Oc4AAtkM
OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signersEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: 11 months ago
Moderate
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: over 1 year ago
GSA_kwCzR0hTQS1tNnc4LWZxN3YtcGg0bc0h8A
GovernorCompatibilityBravo incorrect ABI encoding may lead to unexpected behaviorEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: over 1 year ago
High
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: 10 months ago
GSA_kwCzR0hTQS00aDk4LTI3NjktZ2g2aM4AAuFk
OpenZeppelin Contracts vulnerable to ECDSA signature malleabilityEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: 10 months ago
Moderate
Ecosystems: npm
Packages: openzeppelin-eth, @openzeppelin/contracts-upgradeable, openzeppelin-solidity, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: 10 months ago
GSA_kwCzR0hTQS03Z3JmLTgzdnctNmY1eM4AAuAo
OpenZeppelin Contracts ERC165Checker unbounded gas consumptionEcosystems: npm
Packages: openzeppelin-eth, @openzeppelin/contracts-upgradeable, openzeppelin-solidity, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: 10 months ago
Critical
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable
Source: GitHub Advisory Database
Published: over 1 year ago
GSA_kwCzR0hTQS1xNGg5LTQ2eGctbTN4Oc0Vww
UUPSUpgradeable vulnerability in @openzeppelin/contracts-upgradeableEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable
Source: GitHub Advisory Database
Published: over 1 year ago
Low
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS03ajUyLTZmanAtNThncs0ynA
Inconsistent storage layout for ERC2771ContextUpgradeableEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS04NzhtLTNnNnEtNTk0cc4AAx7E
OpenZeppelin Contracts contains Incorrect CalculationEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: 3 months ago
Low
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: over 1 year ago
GSA_kwCzR0hTQS13bXB2LWMyanAtajJ4Z80XOg
ERC1155Supply vulnerability in OpenZeppelin ContractsEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: over 1 year ago
High
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: 10 months ago
GSA_kwCzR0hTQS14cmM0LTczN3YtOXE3Nc4AAuFh
OpenZeppelin Contracts's GovernorVotesQuorumFraction updates to quorum may affect past defeated proposalsEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: 10 months ago
High
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: 11 months ago
GSA_kwCzR0hTQS1xaDl4LWdjZmgtcGNyd84AAtkL
OpenZeppelin Contracts's ERC165Checker may revert instead of returning falseEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: 11 months ago
Critical
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable
Source: GitHub Advisory Database
Published: almost 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZydzQtdzczci02bW04
TimelockController vulnerability in OpenZeppelin ContractsEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable
Source: GitHub Advisory Database
Published: almost 2 years ago
Filter by Severity
Filter by Ecosystem
Filter by Package
parse-server
24
electron
19
sequelize
17
@openzeppelin/contracts-upgradeable
16
marked
16
@openzeppelin/contracts
15
swagger-ui
14
strapi
14
handlebars
13
next
12
vm2
10
ghost
10
angular
10
ckeditor4
10
tinymce
10
directus
9
jquery
9
validator
9
serve
9
nodebb
8
url-parse
8
matrix-js-sdk
8
urijs
8
steal
8
jquery-ui
8
next-auth
8
npm
8
node-forge
8
editor.md
8
tar
7
total.js
7
systeminformation
7
jsrsasign
7
keystone
7
snyk-broker
7
hapi
7
bootstrap
7
hermes-engine
7
jQuery
7
undici
7
lodash
7
express-cart
6
parse-url
6
joplin
6
@strapi/strapi
6
safe-eval
6
aaptjs
6
matrix-react-sdk
6
shescape
5
ua-parser-js
5
rendertron
5
dojo
5
dns-sync
5
ecstatic
5
safer-eval
5
moment
5
qs
5
public
5
@sequelize/core
5
jsonwebtoken
5
lodash-es
5
prismjs
5
sanitize-html
5
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
awsiotsdk
4
aws-iot-device-sdk-v2
4
simple-git
4
rsshub
4
simple-markdown
4
glance
4
sweetalert2
4
engine.io
4
matrix-appservice-irc
4
yarn
4
hummus
4
muhammara
4
nocodb
4
apostrophe
4
generator-jhipster
4
valine
4
highcharts
4
is-my-json-valid
4
mermaid
4
auth0-js
4
vditor
4
xmldom
4
materialize-css
4
ejs
4
tinymce/tinymce
4
TinyMCE
4
realms-shim
4
fastify
4
xlsx
4
ws
4
openpgp
4
remarkable
4
vega
4
auth0-lock
4
xdLocalStorage
3
jwt-simple
3
@strapi/plugin-users-permissions
3
mixme
3
static-eval
3
nadesiko3
3
jspdf
3
bson
3
immer
3
jointjs
3
axios
3
ftp-srv
3
aedes
3
subtext
3
@hapi/subtext
3
bin-links
3
node-red-dashboard
3
node-fetch
3
mongoose
3
lodash.merge
3
apollo-server
3
harp
3
minimist
3
dompurify
3
node-opcua
3
apollo-server-core
3
raneto
3
protobufjs
3
hekto
3
object-path
3
jquery-validation
3
json-pointer
3
@uppy/companion
3
slpjs
3
froala-editor
3
convert-svg-core
3
yapi-vendor
3
node-ipc
3
grunt
3
code-server
3
mathjs
3
keycloak-connect
3
send
3
notevil
3
sails
3
feathers-sequelize
3
json-ptr
3
mongo-express
3
convict
3
@backstage/plugin-scaffolder-backend
3
socket.io-parser
3
loader-utils
3
org.webjars.npm:xlsx
3
simplehttpserver
3
socket.io-file
3
locutus
3
@backstage/techdocs-common
3
n8n
3
codecov
3
@ckeditor/ckeditor5-markdown-gfm
3
uap-core
3
@commercial/subtext
3
parsel
3
http-live-simulator
3
lodash.mergewith
3
lodash.defaultsdeep
3
buttle
3
serialize-to-js
3
m-server
3
slp-validate
3
dojox
3
https-proxy-agent
3
ids-enterprise
3
localhost-now
3
js-yaml
3
uglify-js
3
macaddress
2
node-rules
2
lazysizes
2
decal
2
http-proxy-agent
2
waterline-sequel
2
@claviska/jquery-minicolors
2
whereis
2
merge
2
fastify-static
2
canvas
2
sshpk
2
jsuites
2
docsify
2
@node-red/runtime
2
node-jose
2
nunjucks
2
sockjs
2
papaparse
2
highlight.js
2
electron-markdownify
2
async-git
2
multi-ini
2
request
2
braces
2
@hapi/hoek
2
isolated-vm
2
netmask
2
ses
2
saml2-js
2
yeoman-genrator
2
json-serializer
2
ibm_db
2
node-saml
2
quill
2
debug
2
snyk
2
set-in
2
loopback
2
defaults-deep
2
elliptic
2
eslint-config-eslint
2
@fastify/passport
2
flatmap-stream
2
angular-expressions
2
minimatch
2
dotty
2
fs-path
2
jose-node-esm-runtime
2
jose
2
jose-node-cjs-runtime
2
jose-browser-runtime
2
google-closure-library
2
knockout
2
moment-timezone
2
vite
2
@actions/core
2
constantinople
2
list-n-stream
2
tough-cookie
2
node-simple-router
2
renovate
2
@finastra/nestjs-proxy
2
mysql
2
@builder.io/qwik
2
tomato
2
jQuery.Validation
2
serialize-javascript
2
serve-lite
2
bootstrap-table
2
pullit
2
node-static
2
blamer
2
payload
2
deep-get-set
2
deap
2
detect-character-encoding
2
querymen
2
fast-string-search
2
crud-file-server
2
dot
2
set-value
2
giting
2
jpeg-js
2
semver-regex
2
ungit
2
mout
2
@keystone-6/core
2
@xmldom/xmldom
2
sds
2
shell-quote
2
fastify-csrf
2
node-sass
2
html-janitor
2
mapbox-rails
2
mapbox.js
2
@npmcli/arborist
2
jszip
2
ms
2
madlib-object-utils
2
express-openid-connect
2
css-what
2
passport-saml
2
bodymen
2
rgb2hex
2
libnested
2
acorn
2
connect
2
assign-deep
2
merge-deep
2
status-board
2
http-file-server
2
jquery-rails
2
typeorm
2
jquery.terminal
2
angular-http-server
2
@cubejs-backend/api-gateway
2
mqtt-packet
2
bootstrap-sass
2
bootstrap
2
st
2
i18next
2
mustache
2
ssri
2
http-proxy
2
express-fileupload
2