CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

553 matches found

OSV•added 2026/06/11 1:27 p.m.•5 views

GHSA-4X76-22X2-RX8V OpenZeppelin Contracts Wizard has Code Injection in Generated Hardhat and Foundry Tests via Unsanitized opts.name / opts.uri

Summary The OpenZeppelin Contracts Wizard generated Hardhat test/test.ts and Foundry test/.t.sol example test files that interpolated user-supplied strings opts.name, opts.uri into the test source without escaping. A crafted input could produce a generated test file in which the input string brok...

8.8CVSS5.3AI score0.0004EPSS

Exploits0References4

Positive Technologies•added 2026/06/11 12:0 a.m.•13 views

PT-2026-48690

Name of the Vulnerable Software and Affected Versions @openzeppelin/wizard versions prior to 0.10.9 Description The OpenZeppelin Contracts Wizard generates example test files for Hardhat test/test.ts and Foundry test/.t.sol that interpolate user-supplied strings opts.name and opts.uri into the te...

8.8CVSS6AI score0.0004EPSS

Exploits0References6

RedhatCVE•added 2026/01/09 9:28 a.m.•13 views

CVE-2023-49798

OpenZeppelin Contracts is a library for smart contract development. A merge issue when porting the 5.0.1 patch to the 4.9 branch caused a line duplication. In the version of Multicall.sol released in @openzeppelin/[email protected] and @openzeppelin/[email protected], all subcalls are...

7.5CVSS6.8AI score0.00543EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:13 a.m.•5 views

CVE-2022-31153

OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Rollup. Version 0.2.0 is vulnerable to an error that renders account contracts unusable on live networks. This issue affects all accounts vanilla and ethereum flavors in the...

6.5CVSS6.7AI score0.01115EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:11 a.m.•9 views

CVE-2022-35915

OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 supportsInterface query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost. The issue has been fixed in...

5.3CVSS6.7AI score0.00635EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:11 a.m.•12 views

CVE-2022-35916

OpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbitrum L2, CrossChainEnabledArbitrumL2 or LibArbitrumL2, will classify direct interactions of externally owned accounts EOAs as cross chain calls, even though they are not...

5.3CVSS6.6AI score0.00475EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:54 a.m.•11 views

CVE-2021-41264

OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using UUPSUpgradeable may be vulnerable to an attack affecting uninitialized implementation contracts. A fix is included in version 4.3.2 of @openzeppelin/contracts and...

9.8CVSS6.8AI score0.01439EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:42 a.m.•12 views

CVE-2022-31170

OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning false. ERC165Checker.supportsInterface is designed to always successfully return a boolean, and under no circumstance revert. However, an...

7.5CVSS6.6AI score0.00626EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:42 a.m.•9 views

CVE-2022-31198

OpenZeppelin Contracts is a library for secure smart contract development. This issue concerns instances of Governor that use the module GovernorVotesQuorumFraction, a mechanism that determines quorum requirements as a percentage of the voting token's total supply. In affected instances, when a...

7.5CVSS6.6AI score0.00626EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:39 a.m.•11 views

CVE-2022-35961

OpenZeppelin Contracts is a library for secure smart contract development. The functions ECDSA.recover and ECDSA.tryRecover are vulnerable to a kind of signature malleability due to accepting EIP-2098 compact signatures in addition to the traditional 65 byte signature format. This is only an issu...

7.9CVSS6.7AI score0.00336EPSS

Exploits0References1

vulnersOsv•added 2026/01/05 7:57 p.m.•7 views

@zentity/fhevm-contracts (>=0.1.0 <=0.2.0) potentially affected by unknown CVE via @openzeppelin/confidential-contracts (=0.3.0)

@openzeppelin/confidential-contracts NPM version =0.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on @openzeppelin/confidential-contracts and may be impacted: - @zentity/fhevm-contracts =0.1.0, =0.2.0 Source cves: unknown CVE Source advisory:...

5.8AI score

Exploits0

Snyk•added 2025/12/16 10:32 p.m.•2 views

Malicious Package

Overview solhint-plugin-openzeppelin is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.9AI score

Exploits0References2