Openzeppelin Contracts_upgradeable
12 CVEs affecting Openzeppelin Contracts_upgradeable. Latest disclosed: 2024-03-21. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-35961 | High | 7.9 | 2022-08-15 | OpenZeppelin Contracts is a library for secure smart contract development. The functions `ECDSA.recover` and `ECDSA.tryRecover` are vulnerable to a kind of sig… |
CVE-2022-31198 | High | 7.5 | 2022-08-01 | OpenZeppelin Contracts is a library for secure smart contract development. This issue concerns instances of Governor that use the module `GovernorVotesQuorumFr… |
CVE-2023-30542 | Medium | 6.8 | 2023-04-16 | OpenZeppelin Contracts is a library for secure smart contract development. The proposal creation entrypoint (`propose`) in `GovernorCompatibilityBravo` allows… |
CVE-2024-27094 | Medium | 6.5 | 2024-03-21 | OpenZeppelin Contracts is a library for secure smart contract development. The `Base64.encode` function encodes a `bytes` input by iterating over it in chunks… |
CVE-2023-26488 | Medium | 6.5 | 2023-03-03 | OpenZeppelin Contracts is a library for secure smart contract development. The ERC721Consecutive contract designed for minting NFTs in batches does not update… |
CVE-2023-49798 | Medium | 5.9 | 2023-12-09 | OpenZeppelin Contracts is a library for smart contract development. A merge issue when porting the 5.0.1 patch to the 4.9 branch caused a line duplication. In… |
CVE-2022-39384 | Medium | 5.6 | 2022-11-04 | OpenZeppelin Contracts is a library for secure smart contract development. Before version 4.4.1 but after 3.2.0, initializer functions that are invoked separat… |
CVE-2023-34459 | Medium | 5.3 | 2023-06-16 | OpenZeppelin Contracts is a library for smart contract development. Starting in version 4.7.0 and prior to version 4.9.2, when the `verifyMultiProof`, `verifyM… |
CVE-2023-34234 | Medium | 5.3 | 2023-06-07 | OpenZeppelin Contracts is a library for smart contract development. By frontrunning the creation of a proposal, an attacker can become the proposer and gain t… |
CVE-2023-30541 | Medium | 5.3 | 2023-04-17 | OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashe… |
CVE-2022-35916 | Medium | 5.3 | 2022-08-01 | OpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbitrum L2, `CrossChainEnabledArbitru… |
CVE-2022-35915 | Medium | 5.3 | 2022-08-01 | OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 `supportsInterface` query can cause unbounded gas… |