Malicious code in openzeppelin-solidity-2.3.0 (npm)

The package openzeppelin-solidity-2.3.0 was found to contain malicious code...

MAL-2025-28346 Malicious code in openzeppelin-solidity-2.3.0 (npm)

The package openzeppelin-solidity-2.3.0 was found to contain malicious code...

Malicious code in openzeppelinsolidty (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cb787a0b4ed067dab6d7d8744277b8b3133b97cb42ab9931b4553cba1f4af858 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in openzepplin-solidity (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 96160503f6efd74b51cbb0434c82e4d7e8e07d087e3d9578d56ab5563071bcd2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@acatalan/erc223-20-contracts (=0.0.3), @adacash/liquidity-staker (=0.0.1) +272 more potentially affected by CVE-2022-35915 via openzeppelin-solidity (>=2.0.0 <=3.4.2)

openzeppelin-solidity NPM version =2.0.0, =1.1.1, =0.3.0, =0.5.1, =0.3.2, =0.3.1, =0.3.1, =0.0.3, =0.1.0, =0.1.0, =2.2.1, =0.1.0, =0.1.4 and more Source cves: CVE-2022-35915 Source advisory: OSV:GHSA-7GRF-83VW-6F5X...

Reentrancy Attack

openzeppelin-solidity is vulnerable to reentrancy attack. The vulnerability exists when a extend custom beforeTokenTransfer is invoked when burning tokens and before the send hook is externally called on the sender while token balances are adjusted after the process and this may cause the...