Openzeppelin Contracts vulnerabilities
23 known vulnerabilities affecting openzeppelin/contracts.
Total CVEs
23
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH7MEDIUM13
Vulnerabilities
Page 2 of 2
CVE-2021-41264CRITICALCVSS 9.8≥ 4.1.0, < 4.3.22021-11-12
CVE-2021-41264 [CRITICAL] CWE-665 CVE-2021-41264: OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable
OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using `UUPSUpgradeable` may be vulnerable to an attack affecting uninitialized implementation contracts. A fix is included in version 4.3.2 of `@openzeppelin/contracts` and `@openzeppelin/contracts-upgradeable`. For users unable to upgrad
ghsanvdosv
CVE-2021-39168CRITICALCVSS 9.8≥ 3.3.0, < 3.4.2≥ 4.0.0, < 4.3.12021-08-27
CVE-2021-39168 [CRITICAL] CWE-269 CVE-2021-39168: OpenZepplin is a library for smart contract development. In affected versions a vulnerability in Tim
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team's control.
nvd
CVE-2021-39167CRITICALCVSS 9.8≥ 3.3.0, < 3.4.2≥ 4.0.0, < 4.3.12021-08-27
CVE-2021-39167 [CRITICAL] CWE-269 CVE-2021-39167: OpenZepplin is a library for smart contract development. In affected versions a vulnerability in Tim
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team's control.
ghsanvdosv
← Previous2 / 2