CRITICAL10.0CVE-2021-39168TimelockController vulnerability in OpenZeppelin Contracts >= 4.0.0, < 4.3.1
CRITICAL9.8CVE-2021-41264UUPSUpgradeable vulnerability in @openzeppelin/contracts >= 4.1.0, < 4.3.2
HIGH8.8CVE-2023-30542GovernorCompatibilityBravo may trim proposal calldata >= 4.3.0, < 4.8.3
HIGH7.9OpenZeppelin Contracts vulnerable to ECDSA signature malleability
>= 4.1.0, < 4.7.3
HIGH7.5OpenZeppelin Contracts's GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals
>= 4.3.0, < 4.7.2
HIGH7.5OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers
>= 4.1.0, < 4.7.1
HIGH7.5OpenZeppelin Contracts's ERC165Checker may revert instead of returning false
>= 4.0.0, < 4.7.1
MEDIUM6.5OpenZeppelin Contracts base64 encoding may read from potentially dirty memory
>= 5.0.0-rc.0, < 5.0.2
MEDIUM6.5OpenZeppelin Contracts contains Incorrect Calculation
>= 4.8.0, < 4.8.2
MEDIUM5.9OpenZeppelin Contracts and Contracts Upgradeable duplicated execution of subcalls in v4.9.4
>= 4.9.4, < 4.9.5
MEDIUM5.6OpenZeppelin Contracts initializer reentrancy may lead to double initialization
>= 3.2.0, < 4.4.1
MEDIUM5.3OpenZeppelin Contracts vulnerable to Improper Escaping of Output
>= 4.0.0, < 4.9.3
MEDIUM5.3OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific trees
>= 4.7.0, < 4.9.2
MEDIUM5.3OpenZeppelin Contracts's governor proposal creation may be blocked by frontrunning
>= 4.3.0, < 4.9.1
MEDIUM5.3OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated
>= 3.2.0, < 4.8.3
MEDIUM5.3OpenZeppelin Contracts's Cross chain utilities for Arbitrum L2 see EOA calls as cross chain calls
>= 4.6.0, < 4.7.2
MEDIUM5.3OpenZeppelin Contracts ERC165Checker unbounded gas consumption
>= 3.2.0, < 4.7.2
NONE0.0OpenZeppelin Contracts Bytes's lastIndexOf function with position argument performs out-of-bound memory access on empty buffers
>= 5.2.0, < 5.4.0