Openzeppelin Contracts — known CVE vulnerabilities
Every CVE whose affected-product data names Openzeppelin Contracts, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2021-39167 — CVSS 10.0 (critical): OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with…
CVE-2021-39168 — CVSS 10.0 (critical): OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with…
CVE-2021-41264 — CVSS 9.8 (critical): OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using `UUPSUpgradeable` may…
CVE-2022-35961 — CVSS 7.9 (high): OpenZeppelin Contracts is a library for secure smart contract development. The functions `ECDSA.recover` and `ECDSA.tryRecover` are…
CVE-2022-31170 — CVSS 7.5 (high): OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting…
CVE-2022-31172 — CVSS 7.5 (high): OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker…
CVE-2022-31198 — CVSS 7.5 (high): OpenZeppelin Contracts is a library for secure smart contract development. This issue concerns instances of Governor that use the module…
CVE-2023-30542 — CVSS 6.8 (medium): OpenZeppelin Contracts is a library for secure smart contract development. The proposal creation entrypoint (`propose`) in…
CVE-2024-27094 — CVSS 6.5 (medium): OpenZeppelin Contracts is a library for secure smart contract development. The `Base64.encode` function encodes a `bytes` input by…
CVE-2022-31153 — CVSS 6.5 (medium): OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Rollup. Version…
CVE-2023-26488 — CVSS 6.5 (medium): OpenZeppelin Contracts is a library for secure smart contract development. The ERC721Consecutive contract designed for minting NFTs in…
CVE-2023-23940 — CVSS 6.4 (medium): OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK…
CVE-2023-49798 — CVSS 5.9 (medium): OpenZeppelin Contracts is a library for smart contract development. A merge issue when porting the 5.0.1 patch to the 4.9 branch caused a…
CVE-2022-39384 — CVSS 5.6 (medium): OpenZeppelin Contracts is a library for secure smart contract development. Before version 4.4.1 but after 3.2.0, initializer functions that…
CVE-2023-30541 — CVSS 5.3 (medium): OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if…
CVE-2023-34234 — CVSS 5.3 (medium): OpenZeppelin Contracts is a library for smart contract development. By frontrunning the creation of a proposal, an attacker can become the…
CVE-2023-34459 — CVSS 5.3 (medium): OpenZeppelin Contracts is a library for smart contract development. Starting in version 4.7.0 and prior to version 4.9.2, when the…
CVE-2022-35916 — CVSS 5.3 (medium): OpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbitrum L2…
CVE-2022-35915 — CVSS 5.3 (medium): OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 `supportsInterface` query can…
CVE-2024-45304 — CVSS 5.3 (medium): Cairo-Contracts are OpenZeppelin Contracts written in Cairo for Starknet, a decentralized ZK Rollup. This vulnerability can lead to…