pkg:npm/@openzeppelin/contracts-upgradeable

共 18 筆 CVECRITICAL2HIGH5MEDIUM10

✅ 檢查你的版本

所有已知漏洞

  • CRITICAL10.0CVE-2021-39168TimelockController vulnerability in OpenZeppelin Contracts
    >= 4.0.0, < 4.3.1
  • CRITICAL9.8CVE-2021-41264UUPSUpgradeable vulnerability in @openzeppelin/contracts
    >= 4.1.0, < 4.3.2
  • HIGH8.8CVE-2023-30542GovernorCompatibilityBravo may trim proposal calldata
    >= 4.3.0, < 4.8.3
  • HIGH7.9CVE-2022-35961OpenZeppelin Contracts vulnerable to ECDSA signature malleability
    >= 4.1.0, < 4.7.3
  • HIGH7.5CVE-2022-31198OpenZeppelin Contracts's GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals
    >= 4.3.0, < 4.7.2
  • HIGH7.5CVE-2022-31172OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers
    >= 4.1.0, < 4.7.1
  • HIGH7.5CVE-2022-31170OpenZeppelin Contracts's ERC165Checker may revert instead of returning false
    >= 4.0.0, < 4.7.1
  • MEDIUM6.5CVE-2024-27094OpenZeppelin Contracts base64 encoding may read from potentially dirty memory
    >= 5.0.0-rc.0, < 5.0.2
  • MEDIUM6.5CVE-2023-26488OpenZeppelin Contracts contains Incorrect Calculation
    >= 4.8.0, < 4.8.2
  • MEDIUM5.9CVE-2023-49798OpenZeppelin Contracts and Contracts Upgradeable duplicated execution of subcalls in v4.9.4
    >= 4.9.4, < 4.9.5
  • MEDIUM5.6CVE-2022-39384OpenZeppelin Contracts initializer reentrancy may lead to double initialization
    >= 3.2.0, < 4.4.1
  • MEDIUM5.3CVE-2023-40014OpenZeppelin Contracts vulnerable to Improper Escaping of Output
    >= 4.0.0, < 4.9.3
  • MEDIUM5.3CVE-2023-34459OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific trees
    >= 4.7.0, < 4.9.2
  • MEDIUM5.3CVE-2023-34234OpenZeppelin Contracts's governor proposal creation may be blocked by frontrunning
    >= 4.3.0, < 4.9.1
  • MEDIUM5.3CVE-2023-30541OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated
    >= 3.2.0, < 4.8.3
  • MEDIUM5.3CVE-2022-35916OpenZeppelin Contracts's Cross chain utilities for Arbitrum L2 see EOA calls as cross chain calls
    >= 4.6.0, < 4.7.2
  • MEDIUM5.3CVE-2022-35915OpenZeppelin Contracts ERC165Checker unbounded gas consumption
    >= 3.2.0, < 4.7.2
  • NONE0.0CVE-2025-54070OpenZeppelin Contracts Bytes's lastIndexOf function with position argument performs out-of-bound memory access on empty buffers
    >= 5.2.0, < 5.4.0