Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openzeppelin openzeppelin vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-35915
OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 `supportsInterface` query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost. The issue h...
Openzeppelin Openzeppelin-solidity
Openzeppelin Contracts
Openzeppelin Openzeppelin-eth
Openzeppelin Contracts Upgradeable
NA
CVE-2023-40014
OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using `ERC2771Context` along with a custom trusted forwarder may see `_msgSender` return `address(0)` in calls that originate from the forwar...
Openzeppelin Openzeppelin Contracts-upgradable
Openzeppelin Openzeppelin Contracts
1 Github repository
445
VMScore
CVE-2021-46320
In OpenZeppelin <=v4.4.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-ex...
Openzeppelin Openzeppelin
NA
CVE-2023-26488
OpenZeppelin Contracts is a library for secure smart contract development. The ERC721Consecutive contract designed for minting NFTs in batches does not update balances when a batch has size 1 and consists of a single token. Subsequent transfers from the receiver of that token may...
Openzeppelin Contracts Upgradeable
Openzeppelin Contracts
1 Github repository
NA
CVE-2022-35961
OpenZeppelin Contracts is a library for secure smart contract development. The functions `ECDSA.recover` and `ECDSA.tryRecover` are vulnerable to a kind of signature malleability due to accepting EIP-2098 compact signatures in addition to the traditional 65 byte signature format....
Openzeppelin Contracts
Openzeppelin Contracts Upgradeable
NA
CVE-2023-30541
OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incom...
Openzeppelin Contracts Upgradeable
Openzeppelin Contracts
1 Github repository
NA
CVE-2023-34459
OpenZeppelin Contracts is a library for smart contract development. Starting in version 4.7.0 and prior to version 4.9.2, when the `verifyMultiProof`, `verifyMultiProofCalldata`, `procesprocessMultiProof`, or `processMultiProofCalldat` functions are in use, it is possible to cons...
Openzeppelin Contracts Upgradeable
Openzeppelin Contracts
1 Github repository
NA
CVE-2023-34234
OpenZeppelin Contracts is a library for smart contract development. By frontrunning the creation of a proposal, an attacker can become the proposer and gain the ability to cancel it. The attacker can do this repeatedly to try to prevent a proposal from being proposed at all. Thi...
Openzeppelin Contracts Upgradeable
Openzeppelin Contracts
NA
CVE-2022-39384
OpenZeppelin Contracts is a library for secure smart contract development. Before version 4.4.1 but after 3.2.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted no...
Openzeppelin Contracts
Openzeppelin Contracts Upgradeable
NA
CVE-2023-30542
OpenZeppelin Contracts is a library for secure smart contract development. The proposal creation entrypoint (`propose`) in `GovernorCompatibilityBravo` allows the creation of proposals with a `signatures` array shorter than the `calldatas` array. This causes the additional elemen...
Openzeppelin Contracts Upgradeable
Openzeppelin Contracts
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
CVE-2024-20360
CVE-2021-47559
XXE
CVE-2024-5229
CVE-2021-47543
CVE-2021-47571
SSTI
CVE-2024-4978
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »