Openzeppelin Contracts

20 CVEs affecting Openzeppelin Contracts. Latest disclosed: 2024-08-31. Critical: 3, High: 4.

Top CVEs affecting Openzeppelin Contracts
CVESeverityScorePublishedSummary
CVE-2021-39168Critical10.02021-08-27OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to…
CVE-2021-39167Critical10.02021-08-27OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to…
CVE-2021-41264Critical9.82021-11-12OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using `UUPSUpgradeable` may be vulnerable to an…
CVE-2022-35961High7.92022-08-15OpenZeppelin Contracts is a library for secure smart contract development. The functions `ECDSA.recover` and `ECDSA.tryRecover` are vulnerable to a kind of sig…
CVE-2022-31198High7.52022-08-01OpenZeppelin Contracts is a library for secure smart contract development. This issue concerns instances of Governor that use the module `GovernorVotesQuorumFr…
CVE-2022-31172High7.52022-07-22OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. `SignatureChec…
CVE-2022-31170High7.52022-07-22OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning `…
CVE-2023-30542Medium6.82023-04-16OpenZeppelin Contracts is a library for secure smart contract development. The proposal creation entrypoint (`propose`) in `GovernorCompatibilityBravo` allows…
CVE-2024-27094Medium6.52024-03-21OpenZeppelin Contracts is a library for secure smart contract development. The `Base64.encode` function encodes a `bytes` input by iterating over it in chunks…
CVE-2023-26488Medium6.52023-03-03OpenZeppelin Contracts is a library for secure smart contract development. The ERC721Consecutive contract designed for minting NFTs in batches does not update…
CVE-2022-31153Medium6.52022-07-15OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Rollup. Version 0.2.0 is vulnerable to…
CVE-2023-23940Medium6.42023-02-03OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. `is_valid_eth_sig…
CVE-2023-49798Medium5.92023-12-09OpenZeppelin Contracts is a library for smart contract development. A merge issue when porting the 5.0.1 patch to the 4.9 branch caused a line duplication. In…
CVE-2022-39384Medium5.62022-11-04OpenZeppelin Contracts is a library for secure smart contract development. Before version 4.4.1 but after 3.2.0, initializer functions that are invoked separat…
CVE-2024-45304Medium5.32024-08-31Cairo-Contracts are OpenZeppelin Contracts written in Cairo for Starknet, a decentralized ZK Rollup. This vulnerability can lead to unauthorized ownership tran…
CVE-2023-34459Medium5.32023-06-16OpenZeppelin Contracts is a library for smart contract development. Starting in version 4.7.0 and prior to version 4.9.2, when the `verifyMultiProof`, `verifyM…
CVE-2023-34234Medium5.32023-06-07 OpenZeppelin Contracts is a library for smart contract development. By frontrunning the creation of a proposal, an attacker can become the proposer and gain t…
CVE-2023-30541Medium5.32023-04-17OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashe…
CVE-2022-35916Medium5.32022-08-01OpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbitrum L2, `CrossChainEnabledArbitru…
CVE-2022-35915Medium5.32022-08-01OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 `supportsInterface` query can cause unbounded gas…