Openzeppelin Contracts Security Vulnerabilities and Issues — Openzeppelin Contracts CVE List

Lucene search

OpenzeppelinOpenzeppelin Contracts

3 matches found

CVE•added 2024/03/21 2:52 a.m.•86 views

CVE-2024-27094

OpenZeppelin Contracts is a library for secure smart contract development. The Base64.encode function encodes a bytes input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The vulner...

6.5CVSS6.3AI score0.00177EPSS

CVE•added 2023/03/03 10:15 p.m.•51 views

CVE-2023-26488

OpenZeppelin Contracts is a library for secure smart contract development. The ERC721Consecutive contract designed for minting NFTs in batches does not update balances when a batch has size 1 and consists of a single token. Subsequent transfers from the receiver of that token may overflow the balan...

6.5CVSS6.6AI score0.00075EPSS

CVE•added 2025/07/17 7:15 p.m.•5 views

CVE-2025-54070

OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 5.2.0 and prior to version 5.4.0, the lastIndexOf(bytes,byte,uint256) function of the Bytes.sol library may access uninitialized memory when the following two conditions hold: 1) the provided buffer lengt...

6.9CVSS7AI score0.00055EPSS