Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openzeppelin openzeppelin vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2022-35915
OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 `supportsInterface` query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost. The issue h...
Openzeppelin Openzeppelin-solidity
Openzeppelin Contracts
Openzeppelin Openzeppelin-eth
Openzeppelin Contracts Upgradeable
5.3
CVSSv3
CVE-2023-40014
OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using `ERC2771Context` along with a custom trusted forwarder may see `_msgSender` return `address(0)` in calls that originate from the forwar...
Openzeppelin Openzeppelin Contracts-upgradable
Openzeppelin Openzeppelin Contracts
1 Github repository
7.5
CVSSv3
CVE-2021-46320
In OpenZeppelin <=v4.4.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-ex...
Openzeppelin Openzeppelin
6.5
CVSSv3
CVE-2023-26488
OpenZeppelin Contracts is a library for secure smart contract development. The ERC721Consecutive contract designed for minting NFTs in batches does not update balances when a batch has size 1 and consists of a single token. Subsequent transfers from the receiver of that token may...
Openzeppelin Contracts Upgradeable
Openzeppelin Contracts
1 Github repository
5.3
CVSSv3
CVE-2023-30541
OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incom...
Openzeppelin Contracts Upgradeable
Openzeppelin Contracts
1 Github repository
8.8
CVSSv3
CVE-2023-30542
OpenZeppelin Contracts is a library for secure smart contract development. The proposal creation entrypoint (`propose`) in `GovernorCompatibilityBravo` allows the creation of proposals with a `signatures` array shorter than the `calldatas` array. This causes the additional elemen...
Openzeppelin Contracts Upgradeable
Openzeppelin Contracts
1 Github repository
7.5
CVSSv3
CVE-2022-31198
OpenZeppelin Contracts is a library for secure smart contract development. This issue concerns instances of Governor that use the module `GovernorVotesQuorumFraction`, a mechanism that determines quorum requirements as a percentage of the voting token's total supply. In affe...
Openzeppelin Contracts
Openzeppelin Contracts Upgradeable
1 Github repository
6.5
CVSSv3
CVE-2022-35961
OpenZeppelin Contracts is a library for secure smart contract development. The functions `ECDSA.recover` and `ECDSA.tryRecover` are vulnerable to a kind of signature malleability due to accepting EIP-2098 compact signatures in addition to the traditional 65 byte signature format....
Openzeppelin Contracts
Openzeppelin Contracts Upgradeable
5.3
CVSSv3
CVE-2022-35916
OpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbitrum L2, `CrossChainEnabledArbitrumL2` or `LibArbitrumL2`, will classify direct interactions of externally owned accounts (EOAs) as cross chain calls, even...
Openzeppelin Contracts
Openzeppelin Contracts Upgradeable
5.6
CVSSv3
CVE-2022-39384
OpenZeppelin Contracts is a library for secure smart contract development. Before version 4.4.1 but after 3.2.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted no...
Openzeppelin Contracts
Openzeppelin Contracts Upgradeable
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »