Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm

@openzeppelin/contracts-upgradeable

npm

Secure Smart Contract library for Solidity

View on github.com · View on npmjs.org

Security Advisories for @openzeppelin/contracts-upgradeable in npm

Moderate
3 months ago

OpenZeppelin Contracts Bytes's lastIndexOf function with position argument performs out-of-bound memory access on empty buffers GSA_kwCzR0hTQS05cmN3LWMyZjktMmo1Nc4ABKP_

npm @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Low
over 1 year ago

OpenZeppelin Contracts base64 encoding may read from potentially dirty memory GSA_kwCzR0hTQS05dng2LTd4eGYteDk2N84AA5qR

npm @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Moderate
almost 2 years ago

OpenZeppelin Contracts and Contracts Upgradeable duplicated execution of subcalls in v4.9.4 GSA_kwCzR0hTQS02OTlnLXE2cWgtcTR2OM4AA3q7

npm @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Moderate
about 2 years ago

OpenZeppelin Contracts vulnerable to Improper Escaping of Output GSA_kwCzR0hTQS1nNHZwLW02ODItcXFtcM4AA1Qt

npm @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Moderate
over 2 years ago

OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific trees GSA_kwCzR0hTQS13cHJ2LTkzcjQtamoycM4AAz8m

npm @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Moderate
over 2 years ago

OpenZeppelin Contracts's governor proposal creation may be blocked by frontrunning GSA_kwCzR0hTQS01aDN4LTl3dnEtdzRtMs4AAzvg

npm @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
High
over 2 years ago

GovernorCompatibilityBravo may trim proposal calldata GSA_kwCzR0hTQS05M2hxLTV3Z2MtamM4Ms4AAy45

npm @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Moderate
over 2 years ago

OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated GSA_kwCzR0hTQS1teDJxLTM1bTIteDJyaM4AAy0V

npm @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Moderate
over 2 years ago

OpenZeppelin Contracts contains Incorrect Calculation GSA_kwCzR0hTQS04NzhtLTNnNnEtNTk0cc4AAx7E

npm @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
High
about 3 years ago

OpenZeppelin Contracts vulnerable to ECDSA signature malleability GSA_kwCzR0hTQS00aDk4LTI3NjktZ2g2aM4AAuFk

npm @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
High
about 3 years ago

OpenZeppelin Contracts's GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals GSA_kwCzR0hTQS14cmM0LTczN3YtOXE3Nc4AAuFh

npm @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Moderate
about 3 years ago

OpenZeppelin Contracts's Cross chain utilities for Arbitrum L2 see EOA calls as cross chain calls GSA_kwCzR0hTQS05ajNtLWczODMtMjlxcs4AAuAp

npm @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Moderate
about 3 years ago

OpenZeppelin Contracts ERC165Checker unbounded gas consumption GSA_kwCzR0hTQS03Z3JmLTgzdnctNmY1eM4AAuAo

npm openzeppelin-eth, @openzeppelin/contracts-upgradeable, openzeppelin-solidity, @openzeppelin/contracts
High
about 3 years ago

OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers GSA_kwCzR0hTQS00ZzYzLWM2NG0tMjV3Oc4AAtkM

npm @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
High
about 3 years ago

OpenZeppelin Contracts's ERC165Checker may revert instead of returning false GSA_kwCzR0hTQS1xaDl4LWdjZmgtcGNyd84AAtkL

npm @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Low
over 3 years ago

Inconsistent storage layout for ERC2771ContextUpgradeable GSA_kwCzR0hTQS03ajUyLTZmanAtNThncs0ynA

npm @openzeppelin/contracts-upgradeable
Moderate
over 3 years ago

GovernorCompatibilityBravo incorrect ABI encoding may lead to unexpected behavior GSA_kwCzR0hTQS1tNnc4LWZxN3YtcGg0bc0h8A

npm @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Moderate
almost 4 years ago

OpenZeppelin Contracts initializer reentrancy may lead to double initialization GSA_kwCzR0hTQS05YzIyLXB3eHctcDZoeM0bQg

npm @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Low
almost 4 years ago

ERC1155Supply vulnerability in OpenZeppelin Contracts GSA_kwCzR0hTQS13bXB2LWMyanAtajJ4Z80XOg

npm @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Critical
about 4 years ago

UUPSUpgradeable vulnerability in @openzeppelin/contracts-upgradeable GSA_kwCzR0hTQS1xNGg5LTQ2eGctbTN4Oc0Vww

npm @openzeppelin/contracts-upgradeable
Critical
about 4 years ago

TimelockController vulnerability in OpenZeppelin Contracts MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZydzQtdzczci02bW04

npm @openzeppelin/contracts-upgradeable

Filter by Severity

Moderate 11 High 5 Low 3 Critical 2