Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

openzeppelin-contracts — Vulnerabilities & Security Advisories 18

All 18 CVE vulnerabilities found in openzeppelin-contracts, with AI-generated Chinese analysis, references, and POCs.

Vendor: OpenZeppelin

CVE IDTitleCVSSSeverityPublished
CVE-2025-54070 OpenZeppelin Contracts's Bytes's lastIndexOf function with position argument performs out-of-bound memory access on empty buffers CWE-125 5.3AIMediumAI2025-07-17
CVE-2024-27094 OpenZeppelin Contracts base64 encoding may read from potentially dirty memory CWE-125 6.5 Medium2024-02-29
CVE-2023-49798 Duplicated execution of subcalls in OpenZeppelin Contracts CWE-670 5.9 Medium2023-12-08
CVE-2023-40014 OpenZeppelin Contracts's ERC2771Context with custom forwarder may lead to zero-valued _msgSender CWE-116 5.3 Medium2023-08-10
CVE-2023-34459 OpenZeppelin Contracts's MerkleProof multiproofs may allow proving arbitrary leaves for specific trees CWE-354 5.3 Medium2023-06-16
CVE-2023-34234 Governor proposal creation may be blocked by frontrunning in OpenZeppelin CWE-862 5.3 Medium2023-06-07
CVE-2023-30541 TransparentUpgradeableProxy clashing selector calls may not be delegated in @openzeppelin/contracts CWE-436 5.3 Medium2023-04-17
CVE-2023-30542 GovernorCompatibilityBravo may trim proposal calldata CWE-20 6.8 Medium2023-04-16
CVE-2023-26488 OpenZeppelin Contracts contains Incorrect Calculation CWE-682 6.5 Medium2023-03-03
CVE-2022-39384 OpenZeppelin Contracts initializer reentrancy may lead to double initialization CWE-665 5.6 Medium2022-11-04
CVE-2022-35961 ECDSA signature malleability in OpenZeppelin Contracts CWE-354 7.9 High2022-08-14
CVE-2022-35915 Unbounded gas consumption in @openzeppelin/contracts CWE-400 5.3 Medium2022-08-01
CVE-2022-35916 Cross chain utilities for Arbitrum L2 see EOA calls as cross chain calls CWE-669 5.3 Medium2022-08-01
CVE-2022-31198 GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals in @openzeppelin/contracts CWE-682 7.5 High2022-08-01
CVE-2022-31170 OpenZeppelin Contracts's ERC165Checker may revert instead of returning false CWE-20 7.5 High2022-07-21
CVE-2022-31172 OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers CWE-20 7.5 High2022-07-21
CVE-2021-41264 UUPSUpgradeable vulnerability in OpenZeppelin Contracts CWE-665 9.8 Critical2021-11-12
CVE-2021-39167 TimelockController vulnerability in OpenZeppelin Contracts CWE-269 10.0 Critical2021-08-26

All 18 known CVE vulnerabilities affecting openzeppelin-contracts with full Chinese analysis, references, and POCs where available.