Known Vulnerabilities for products from Openzeppelin
Listed below are 19 of the newest known vulnerabilities associated with the vendor "Openzeppelin".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-40014 json | OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9... | 5.3 - MEDIUM | 2023-08-10 | 2023-08-23 |
| CVE-2023-34459 json | OpenZeppelin Contracts is a library for smart contract development. Starting in version 4.7.0 and prior to version 4.9.2, whe... | 5.9 - MEDIUM | 2023-06-16 | 2023-06-26 |
| CVE-2023-34234 json | OpenZeppelin Contracts is a library for smart contract development. By frontrunning the creation of a proposal, an attacker ... | 5.3 - MEDIUM | 2023-06-07 | 2023-06-15 |
| CVE-2023-30542 json | OpenZeppelin Contracts is a library for secure smart contract development. The proposal creation entrypoint (`propose`) in `G... | 8.8 - HIGH | 2023-04-16 | 2023-04-27 |
| CVE-2023-30541 json | OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be i... | 5.3 - MEDIUM | 2023-04-17 | 2023-04-27 |
| CVE-2023-26488 json | OpenZeppelin Contracts is a library for secure smart contract development. The ERC721Consecutive contract designed for mintin... | 6.5 - MEDIUM | 2023-03-03 | 2023-03-10 |
| CVE-2023-23940 json | OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentra... | 5.3 - MEDIUM | 2023-02-03 | 2023-11-07 |
| CVE-2022-39384 json | OpenZeppelin Contracts is a library for secure smart contract development. Before version 4.4.1 but after 3.2.0, initializer ... | 5.6 - MEDIUM | 2022-11-04 | 2022-12-06 |
| CVE-2022-35961 json | OpenZeppelin Contracts is a library for secure smart contract development. The functions `ECDSA.recover` and `ECDSA.tryRecove... | 6.5 - MEDIUM | 2022-08-15 | 2022-12-06 |
| CVE-2022-35916 json | OpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbi... | 5.3 - MEDIUM | 2022-08-01 | 2022-12-06 |
| CVE-2022-35915 json | OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 `supportsInterfa... | 5.3 - MEDIUM | 2022-08-01 | 2023-07-21 |
| CVE-2022-31198 json | OpenZeppelin Contracts is a library for secure smart contract development. This issue concerns instances of Governor that use... | 7.5 - HIGH | 2022-08-01 | 2022-12-06 |
| CVE-2022-31172 json | OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the Signatur... | 7.5 - HIGH | 2022-07-22 | 2022-08-01 |
| CVE-2022-31170 json | OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checke... | 7.5 - HIGH | 2022-07-22 | 2022-08-01 |
| CVE-2022-31153 json | OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Roll... | 6.5 - MEDIUM | 2022-07-15 | 2022-07-22 |
| CVE-2021-46320 json | In OpenZeppelin <=v4.4.0, initializer functions that are invoked separate from contract creation (the most prominent example ... | 7.5 - HIGH | 2022-02-04 | 2022-02-09 |
| CVE-2021-41264 json | OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using `UUPSUpg... | 9.8 - CRITICAL | 2021-11-12 | 2021-11-15 |
| CVE-2021-39168 json | OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed a... | 9.8 - CRITICAL | 2021-08-27 | 2021-09-01 |
| CVE-2021-39167 json | OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed a... | 9.8 - CRITICAL | 2021-08-27 | 2021-09-01 |