@openzeppelin/contracts-upgradeable vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the @openzeppelin/contracts-upgradeable package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Out-of-bounds Read	>=4.5.0 <4.9.6>=5.0.0-rc.0 <5.0.2
M Always-Incorrect Control Flow Implementation	>=4.9.4 <4.9.5
M Improper Encoding or Escaping of Output	>=4.0.0 <4.9.3
M Improper Input Validation	>=4.7.0 <4.9.2
L Missing Authorization	>=4.3.0 <4.9.1
L Denial of Service (DoS)	>=3.2.0 <4.8.3
M Improper Input Validation	>=4.3.0 <4.8.3
M Incorrect Calculation	>=4.8.0 <4.8.2
M Incorrect Calculation	>=4.8.0 <4.8.2
H Improper Verification of Cryptographic Signature	<4.7.3
M Denial of Service (DoS)	>=3.2.0 <4.7.2
L Incorrect Resource Transfer Between Spheres	>=4.6.0 <4.7.2
H Incorrect Calculation	>=4.3.0 <4.7.2
H Information Exposure	>=4.1.0 <4.7.1
H Information Exposure	>=4.0.0 <4.7.1
M Function Call With Incorrect Argument	>=4.3.0 <4.4.2
H Deserialization of Untrusted Data	>=3.2.0 <4.4.1
H Deserialization of Untrusted Data	>=3.2.0 <4.4.1
M Numeric Errors	>=4.2.0 <4.3.3
C Improper Initialization	>=4.1.0 <4.3.2
H Improper Input Validation	>=4.1.0 <4.3.2
C Privilege Escalation	>=4.0.0-beta.0 <4.3.1<3.4.2

Vulnerability

Vulnerable Version

Out-of-bounds Read

>=4.5.0 <4.9.6>=5.0.0-rc.0 <5.0.2

Always-Incorrect Control Flow Implementation

>=4.9.4 <4.9.5

Improper Encoding or Escaping of Output

>=4.0.0 <4.9.3

Improper Input Validation

>=4.7.0 <4.9.2

Missing Authorization

>=4.3.0 <4.9.1

Denial of Service (DoS)

>=3.2.0 <4.8.3

Improper Input Validation

>=4.3.0 <4.8.3

Incorrect Calculation

>=4.8.0 <4.8.2

Incorrect Calculation

>=4.8.0 <4.8.2

Improper Verification of Cryptographic Signature

<4.7.3

Denial of Service (DoS)

>=3.2.0 <4.7.2

Incorrect Resource Transfer Between Spheres

>=4.6.0 <4.7.2

Incorrect Calculation

>=4.3.0 <4.7.2

Information Exposure

>=4.1.0 <4.7.1

Information Exposure

>=4.0.0 <4.7.1

Function Call With Incorrect Argument

>=4.3.0 <4.4.2

Deserialization of Untrusted Data

>=3.2.0 <4.4.1

Deserialization of Untrusted Data

>=3.2.0 <4.4.1

Numeric Errors

>=4.2.0 <4.3.3

Improper Initialization

>=4.1.0 <4.3.2

Improper Input Validation

>=4.1.0 <4.3.2

Privilege Escalation

>=4.0.0-beta.0 <4.3.1<3.4.2

Package versions

1 - 65 of 65 Results

version	published	direct vulnerabilities
5.2.0-rc.1	16 Dec, 2024	0 C 0 H 0 M 0 L
5.2.0-rc.0	5 Dec, 2024	0 C 0 H 0 M 0 L
5.1.0	17 Oct, 2024	0 C 0 H 0 M 0 L
5.1.0-rc.0	3 Oct, 2024	0 C 0 H 0 M 0 L
5.0.2	29 Feb, 2024	0 C 0 H 0 M 0 L
5.0.1	7 Dec, 2023	0 C 0 H 1 M 0 L
5.0.0	5 Oct, 2023	0 C 0 H 1 M 0 L
5.0.0-rc.2	2 Oct, 2023	0 C 0 H 1 M 0 L
5.0.0-rc.1	29 Sep, 2023	0 C 0 H 1 M 0 L
5.0.0-rc.0	19 Sep, 2023	0 C 0 H 1 M 0 L
4.9.6	29 Feb, 2024	0 C 0 H 0 M 0 L
4.9.5	8 Dec, 2023	0 C 0 H 1 M 0 L
4.9.4	8 Dec, 2023	0 C 0 H 2 M 0 L
4.9.3	28 Jul, 2023	0 C 0 H 1 M 0 L
4.9.2	16 Jun, 2023	0 C 0 H 2 M 0 L
4.9.1	7 Jun, 2023	0 C 0 H 3 M 0 L
4.9.0	23 May, 2023	0 C 0 H 3 M 1 L
4.9.0-rc.1	17 May, 2023	0 C 0 H 3 M 1 L
4.9.0-rc.0	9 May, 2023	0 C 0 H 3 M 1 L
4.8.3	13 Apr, 2023	0 C 0 H 3 M 1 L
4.8.2	2 Mar, 2023	0 C 0 H 4 M 2 L
4.8.1	13 Jan, 2023	0 C 0 H 6 M 2 L
4.8.0	8 Nov, 2022	0 C 0 H 6 M 2 L
4.8.0-rc.2	25 Oct, 2022	0 C 0 H 4 M 2 L
4.8.0-rc.1	24 Sep, 2022	0 C 0 H 4 M 2 L
4.8.0-rc.0	13 Sep, 2022	0 C 0 H 4 M 2 L
4.7.3	10 Aug, 2022	0 C 0 H 4 M 2 L
4.7.2	27 Jul, 2022	0 C 1 H 4 M 2 L
4.7.1	20 Jul, 2022	0 C 2 H 5 M 3 L
4.7.0	30 Jun, 2022	0 C 4 H 5 M 3 L
4.7.0-rc.0	10 Jun, 2022	0 C 4 H 4 M 3 L
4.6.0	2 May, 2022	0 C 4 H 4 M 3 L
4.6.0-rc.0	1 Apr, 2022	0 C 4 H 4 M 2 L
4.5.2	2 Mar, 2022	0 C 4 H 4 M 2 L
4.5.1	11 Feb, 2022	0 C 4 H 4 M 2 L
4.5.0	9 Feb, 2022	0 C 4 H 4 M 2 L
4.5.0-rc.0	13 Jan, 2022	0 C 4 H 3 M 2 L
4.4.2	11 Jan, 2022	0 C 4 H 3 M 2 L
4.4.1	14 Dec, 2021	0 C 4 H 4 M 2 L
4.4.0	25 Nov, 2021	0 C 6 H 4 M 2 L
4.4.0-rc.1	16 Nov, 2021	0 C 6 H 4 M 2 L
4.3.3	12 Nov, 2021	0 C 6 H 4 M 2 L
4.3.2	14 Sep, 2021	0 C 6 H 5 M 2 L
4.3.1	26 Aug, 2021	1 C 7 H 5 M 2 L
4.3.0	17 Aug, 2021	2 C 7 H 5 M 2 L
4.3.0-rc.0	11 Aug, 2021	2 C 6 H 3 M 1 L
4.2.0	7 Jul, 2021	2 C 6 H 3 M 1 L
4.1.0	29 Apr, 2021	2 C 6 H 2 M 1 L
4.1.0-rc.0	26 Apr, 2021	1 C 4 H 2 M 1 L
4.0.0	23 Mar, 2021	1 C 4 H 2 M 1 L
4.0.0-rc.0	12 Mar, 2021	1 C 3 H 1 M 1 L
4.0.0-beta.0	24 Feb, 2021	1 C 3 H 1 M 1 L
3.4.2	26 Aug, 2021	0 C 3 H 1 M 1 L
3.4.2-solc-0.7	26 Aug, 2021	1 C 3 H 1 M 1 L
3.4.1	3 Mar, 2021	1 C 3 H 1 M 1 L
3.4.1-solc-0.7-2	4 Mar, 2021	1 C 3 H 1 M 1 L
3.4.1-solc-0.7	3 Mar, 2021	1 C 3 H 1 M 1 L
3.4.0	2 Feb, 2021	1 C 3 H 1 M 1 L
3.4.0-solc-0.7-2	2 Feb, 2021	1 C 3 H 1 M 1 L
3.4.0-solc-0.7	2 Feb, 2021	1 C 3 H 1 M 1 L
3.4.0-rc.0	2 Feb, 2021	1 C 3 H 1 M 1 L
3.3.0	27 Nov, 2020	1 C 3 H 1 M 1 L
3.3.0-solc-0.7	27 Nov, 2020	1 C 3 H 1 M 1 L
3.2.2-solc-0.7	16 Nov, 2020	1 C 3 H 1 M 1 L
3.2.0	12 Nov, 2020	1 C 3 H 1 M 1 L

@openzeppelin/contracts-upgradeable vulnerabilities

Secure Smart Contract library for Solidity

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

How to fix?

Package versions