18 matches found
4337-snap (>=0.1.0 <=0.1.1), @0xflair/contracts-registry (>=0.107.10 <=0.123.2) +410 more potentially affected by CVE-2023-40014 via @openzeppelin/contracts-upgradeable (>=4.2.0 <=4.9.2)
@openzeppelin/contracts-upgradeable NPM version =4.2.0, =0.1.0, =0.107.10, =1.9.0, =0.107.0, =0.107.0, =0.107.0, =0.69.0, =0.107.0, =0.97.1, =0.107.0, =0.107.0, =0.107.0, =4.0.0, =2.0.0, =0.2.1-alpha, =0.2.1-beta2 and more Source cves: CVE-2023-40014 Source advisory: OSV:GHSA-G4VP-M682-QQMP...
4337-snap (>=0.1.0 <=0.1.1), @0xflair/contracts-registry (>=0.107.10 <=0.123.2) +336 more potentially affected by CVE-2023-34459 via @openzeppelin/contracts-upgradeable (>=4.7.0 <=4.8.3)
@openzeppelin/contracts-upgradeable NPM version =4.7.0, =0.1.0, =0.107.10, =1.9.0, =0.107.0, =0.107.0, =0.107.0, =0.69.0, =0.107.0, =0.97.1, =0.107.0, =0.107.0, =0.107.0, =4.0.0, =2.0.0, =3.1.0 - @abheektripathy/nftpass =1.1.0 and more Source cves: CVE-2023-34459 Source advisory:...
4337-snap (>=0.1.0 <=0.1.1), @0xflair/contracts-registry (>=0.107.10 <=0.123.2) +375 more potentially affected by CVE-2023-34234 via @openzeppelin/contracts-upgradeable (>=4.3.0 <=4.8.3)
@openzeppelin/contracts-upgradeable NPM version =4.3.0, =0.1.0, =0.107.10, =1.9.0, =0.107.0, =0.107.0, =0.107.0, =0.69.0, =0.107.0, =0.97.1, =0.107.0, =0.107.0, =0.107.0, =4.0.0, =2.0.0, =0.2.1-alpha, =0.2.1-beta2 and more Source cves: CVE-2023-34234 Source advisory: OSV:GHSA-5H3X-9WVQ-W4M2...
4337-snap (>=0.1.0 <=0.1.1), @0xflair/contracts-registry (>=0.107.10 <=0.123.2) +361 more potentially affected by CVE-2023-30542 via @openzeppelin/contracts-upgradeable (>=4.3.0 <=4.8.2)
@openzeppelin/contracts-upgradeable NPM version =4.3.0, =0.1.0, =0.107.10, =1.9.0, =0.107.0, =0.107.0, =0.107.0, =0.69.0, =0.107.0, =0.97.1, =0.107.0, =0.107.0, =0.107.0, =4.0.0, =2.0.0, =0.2.1-alpha, =0.2.1-beta2 and more Source cves: CVE-2023-30542 Source advisory: OSV:GHSA-93HQ-5WGC-JC82...
4337-snap (>=0.1.0 <=0.1.1), @0xflair/contracts-registry (>=0.107.10 <=0.123.2) +468 more potentially affected by CVE-2023-30541 via @openzeppelin/contracts-upgradeable (>=3.4.0 <=4.8.2)
@openzeppelin/contracts-upgradeable NPM version =3.4.0, =0.1.0, =0.107.10, =1.9.0, =0.107.0, =0.107.0, =0.107.0, =0.69.0, =0.107.0, =0.97.1, =0.107.0, =0.107.0, =0.107.0, =0.0.1, =0.0.1, =4.0.0, =4.3.3 and more Source cves: CVE-2023-30541 Source advisory: OSV:GHSA-MX2Q-35M2-X2RH...
@aragon/core-contracts (>=0.7.0-alpha <=0.8.0-alpha), @aragon/osx (>=1.2.0 <=1.3.0-rc0.4) +42 more potentially affected by CVE-2023-26488 via @openzeppelin/contracts-upgradeable (>=4.8.0 <=4.8.1)
@openzeppelin/contracts-upgradeable NPM version =4.8.0, =0.7.0-alpha, =1.2.0, =0.0.1, =0.0.1, =0.0.1, =1.0.4, =2.0.0, =1.0.1, =1.0.15, =1.0.27, =1.0.16, =1.0.29 and more Source cves: CVE-2023-26488 Source advisory: OSV:GHSA-878M-3G6Q-594Q...
@abacus-network/helloworld (>=0.2.1-alpha <=0.2.1-beta2), @alt-research/orbit-sdk-avail (>=0.9.1 <=0.9.11) +108 more potentially affected by CVE-2022-35961 via @openzeppelin/contracts-upgradeable (>=4.2.0 <=4.7.0)
@openzeppelin/contracts-upgradeable NPM version =4.2.0, =0.2.1-alpha, =0.9.1, =0.19.0-beta.0, =0.1.0-alpha, =0.24.2, =1.0.0, =0.6.0, =1.1.4-migration-beta.0, =1.0.0-beta.0, =1.0.0-upstream-0.19.0, =1.4.0, =1.5.0-beta.0 and more Source cves: CVE-2022-35961 Source advisory: OSV:GHSA-4H98-2769-GH6H...
@abacus-network/helloworld (>=0.2.1-alpha <=0.2.1-beta2), @alt-research/orbit-sdk-avail (>=0.9.1 <=0.9.11) +106 more potentially affected by CVE-2022-31198 via @openzeppelin/contracts-upgradeable (>=4.3.0 <=4.7.0)
@openzeppelin/contracts-upgradeable NPM version =4.3.0, =0.2.1-alpha, =0.9.1, =0.19.0-beta.0, =0.1.0-alpha, =0.24.2, =1.0.0, =0.6.0, =1.1.4-migration-beta.0, =1.0.0-beta.0, =1.0.0-upstream-0.19.0, =1.4.0, =1.5.0-beta.0 and more Source cves: CVE-2022-31198 Source advisory: OSV:GHSA-XRC4-737V-9Q75...
@0xwen/core (>=0.0.1 <=0.0.3), @0xwen/core-v5 (>=0.0.1 <=0.0.3) +215 more potentially affected by CVE-2022-35915 via @openzeppelin/contracts-upgradeable (>=3.4.0 <=4.7.0)
@openzeppelin/contracts-upgradeable NPM version =3.4.0, =0.0.1, =0.0.1, =0.0.2, =0.0.1, =0.2.1-alpha, =0.9.1, =0.19.0-beta.0, =2.0.0, =3.0.0-alpha0, =2.0.0, =3.0.1-alpha, =0.1.0-alpha, =0.24.2, =1.0.0, =0.6.0, =0.26.0 and more Source cves: CVE-2022-35915 Source advisory: OSV:GHSA-7GRF-83VW-6F5X...
@abacus-network/helloworld (>=0.2.1-alpha <=0.2.1-beta2), @alt-research/orbit-sdk-avail (>=0.9.1 <=0.9.11) +108 more potentially affected by CVE-2022-31172 via @openzeppelin/contracts-upgradeable (>=4.2.0 <=4.7.0)
@openzeppelin/contracts-upgradeable NPM version =4.2.0, =0.2.1-alpha, =0.9.1, =0.19.0-beta.0, =0.1.0-alpha, =0.24.2, =1.0.0, =0.6.0, =1.1.4-migration-beta.0, =1.0.0-beta.0, =1.0.0-upstream-0.19.0, =1.4.0, =1.5.0-beta.0 and more Source cves: CVE-2022-31172 Source advisory: OSV:GHSA-4G63-C64M-25W9...
@abacus-network/helloworld (>=0.2.1-alpha <=0.2.1-beta2), @alt-research/orbit-sdk-avail (>=0.9.1 <=0.9.11) +108 more potentially affected by CVE-2022-31170 via @openzeppelin/contracts-upgradeable (>=4.2.0 <=4.7.0)
@openzeppelin/contracts-upgradeable NPM version =4.2.0, =0.2.1-alpha, =0.9.1, =0.19.0-beta.0, =0.1.0-alpha, =0.24.2, =1.0.0, =0.6.0, =1.1.4-migration-beta.0, =1.0.0-beta.0, =1.0.0-upstream-0.19.0, =1.4.0, =1.5.0-beta.0 and more Source cves: CVE-2022-31170 Source advisory: OSV:GHSA-QH9X-GCFH-PCRW...
@hifi/amm (>=1.1.2 <=1.4.0), @hifi/flash-swap (>=1.0.1 <=1.3.1) +6 more potentially affected by unknown CVE via @openzeppelin/contracts-upgradeable (=4.2.0)
@openzeppelin/contracts-upgradeable NPM version =4.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on @openzeppelin/contracts-upgradeable and may be impacted: - @hifi/amm =1.1.2, =1.0.1, =1.1.2, =1.0.0, =0.8.1-pr-brioux-1333.92b26c3a.36, =1.0.5, =2.3....
@biconomy/hyphen-contracts (=1.0.4), @bobanetwork/contracts (=0.0.2) +17 more potentially affected by unknown CVE via @openzeppelin/contracts-upgradeable (>=4.3.0 <=4.4.1)
@openzeppelin/contracts-upgradeable NPM version =4.3.0, =0.0.1, =0.5.0, =3.4.0, =1.5.0, =1.4.0, =1.5.0, =1.4.0, =1.0.0-main.334593a7.46, =2.4.0, =2.0.0, =1.0.0, =2.0.2, =3.0.0-beta, =3.0.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-M6W8-FQ7V-PH4M...
@0xwen/core (>=0.0.1 <=0.0.3), @0xwen/core-v5 (>=0.0.1 <=0.0.3) +128 more potentially affected by CVE-2021-46320 +1 more via @openzeppelin/contracts-upgradeable (>=3.4.0 <=4.3.3)
@openzeppelin/contracts-upgradeable NPM version =3.4.0, =0.0.1, =0.0.1, =0.0.2, =0.0.1, =2.0.0, =3.0.0-alpha0, =2.0.0, =3.0.1-alpha, =1.0.0, =1.0.0-beta.0, =1.0.0, =1.0.4 and more Source cves: CVE-2021-46320, CVE-2022-39384 Source advisory: OSV:GHSA-9C22-PWXW-P6HX...
@biconomy/hyphen-contracts (=1.0.4), @bobanetwork/contracts (=0.0.2) +17 more potentially affected by unknown CVE via @openzeppelin/contracts-upgradeable (>=4.2.0 <=4.3.2)
@openzeppelin/contracts-upgradeable NPM version =4.2.0, =0.0.1, =0.5.0, =3.4.0, =1.1.2, =1.0.1, =1.1.2, =1.0.0, =0.8.1-pr-brioux-1333.92b26c3a.36, =1.0.5, =2.3.0, =2.0.0, =3.0.0-beta, =3.0.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-WMPV-C2JP-J2XG...
GHSA-5VP3-V4HC-GX76 UUPSUpgradeable vulnerability in @openzeppelin/contracts
Impact Upgradeable contracts using UUPSUpgradeable may be vulnerable to an attack affecting uninitialized implementation contracts. We will update this advisory with more information soon. Patches A fix is included in version 4.3.2 of @openzeppelin/contracts and @openzeppelin/contracts-upgradeabl...
@biconomy/hyphen-contracts (=1.0.4), @devprotocol/protocol-l2 (>=0.0.1 <=0.0.2) +8 more potentially affected by CVE-2021-41264 via @openzeppelin/contracts-upgradeable (>=4.2.0 <=4.3.1)
@openzeppelin/contracts-upgradeable NPM version =4.2.0, =0.0.1, =1.1.2, =1.0.1, =1.1.2, =1.0.0, =0.8.1-pr-brioux-1333.92b26c3a.36, =1.0.5, =2.3.0, =2.3.2 Source cves: CVE-2021-41264 Source advisory: OSV:GHSA-5VP3-V4HC-GX76...
@biconomy/hyphen-contracts (=1.0.4), @devprotocol/protocol-l2 (>=0.0.1 <=0.0.2) +8 more potentially affected by unknown CVE via @openzeppelin/contracts-upgradeable (>=4.2.0 <=4.3.1)
@openzeppelin/contracts-upgradeable NPM version =4.2.0, =0.0.1, =1.1.2, =1.0.1, =1.1.2, =1.0.0, =0.8.1-pr-brioux-1333.92b26c3a.36, =1.0.5, =2.3.0, =2.3.2 Source cves: unknown CVE Source advisory: OSV:GHSA-Q4H9-46XG-M3X9...