Openzeppelin Contracts Upgradeable — known CVE vulnerabilities
Every CVE whose affected-product data names Openzeppelin Contracts Upgradeable, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2022-35961 — CVSS 7.9 (high): OpenZeppelin Contracts is a library for secure smart contract development. The functions `ECDSA.recover` and `ECDSA.tryRecover` are…
CVE-2022-31198 — CVSS 7.5 (high): OpenZeppelin Contracts is a library for secure smart contract development. This issue concerns instances of Governor that use the module…
CVE-2023-30542 — CVSS 6.8 (medium): OpenZeppelin Contracts is a library for secure smart contract development. The proposal creation entrypoint (`propose`) in…
CVE-2024-27094 — CVSS 6.5 (medium): OpenZeppelin Contracts is a library for secure smart contract development. The `Base64.encode` function encodes a `bytes` input by…
CVE-2023-26488 — CVSS 6.5 (medium): OpenZeppelin Contracts is a library for secure smart contract development. The ERC721Consecutive contract designed for minting NFTs in…
CVE-2023-49798 — CVSS 5.9 (medium): OpenZeppelin Contracts is a library for smart contract development. A merge issue when porting the 5.0.1 patch to the 4.9 branch caused a…
CVE-2022-39384 — CVSS 5.6 (medium): OpenZeppelin Contracts is a library for secure smart contract development. Before version 4.4.1 but after 3.2.0, initializer functions that…
CVE-2022-35916 — CVSS 5.3 (medium): OpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbitrum L2…
CVE-2022-35915 — CVSS 5.3 (medium): OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 `supportsInterface` query can…
CVE-2023-34459 — CVSS 5.3 (medium): OpenZeppelin Contracts is a library for smart contract development. Starting in version 4.7.0 and prior to version 4.9.2, when the…
CVE-2023-34234 — CVSS 5.3 (medium): OpenZeppelin Contracts is a library for smart contract development. By frontrunning the creation of a proposal, an attacker can become the…
CVE-2023-30541 — CVSS 5.3 (medium): OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if…