Openzeppelin Contracts_upgradeable

12 CVEs affecting Openzeppelin Contracts_upgradeable. Latest disclosed: 2024-03-21. Critical: 0, High: 2.

Top CVEs affecting Openzeppelin Contracts_upgradeable
CVESeverityScorePublishedSummary
CVE-2022-35961High7.92022-08-15OpenZeppelin Contracts is a library for secure smart contract development. The functions `ECDSA.recover` and `ECDSA.tryRecover` are vulnerable to a kind of sig…
CVE-2022-31198High7.52022-08-01OpenZeppelin Contracts is a library for secure smart contract development. This issue concerns instances of Governor that use the module `GovernorVotesQuorumFr…
CVE-2023-30542Medium6.82023-04-16OpenZeppelin Contracts is a library for secure smart contract development. The proposal creation entrypoint (`propose`) in `GovernorCompatibilityBravo` allows…
CVE-2024-27094Medium6.52024-03-21OpenZeppelin Contracts is a library for secure smart contract development. The `Base64.encode` function encodes a `bytes` input by iterating over it in chunks…
CVE-2023-26488Medium6.52023-03-03OpenZeppelin Contracts is a library for secure smart contract development. The ERC721Consecutive contract designed for minting NFTs in batches does not update…
CVE-2023-49798Medium5.92023-12-09OpenZeppelin Contracts is a library for smart contract development. A merge issue when porting the 5.0.1 patch to the 4.9 branch caused a line duplication. In…
CVE-2022-39384Medium5.62022-11-04OpenZeppelin Contracts is a library for secure smart contract development. Before version 4.4.1 but after 3.2.0, initializer functions that are invoked separat…
CVE-2023-34459Medium5.32023-06-16OpenZeppelin Contracts is a library for smart contract development. Starting in version 4.7.0 and prior to version 4.9.2, when the `verifyMultiProof`, `verifyM…
CVE-2023-34234Medium5.32023-06-07 OpenZeppelin Contracts is a library for smart contract development. By frontrunning the creation of a proposal, an attacker can become the proposer and gain t…
CVE-2023-30541Medium5.32023-04-17OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashe…
CVE-2022-35916Medium5.32022-08-01OpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbitrum L2, `CrossChainEnabledArbitru…
CVE-2022-35915Medium5.32022-08-01OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 `supportsInterface` query can cause unbounded gas…