Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40openzeppelin/contracts-upgradeable@3.3.0
Typenpm
Namespace@openzeppelin
Namecontracts-upgradeable
Version3.3.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.9.6
Latest_non_vulnerable_version5.4.0
Affected_by_vulnerabilities
0
url VCID-khsw-qwwk-cbhe
vulnerability_id VCID-khsw-qwwk-cbhe
summary 
OpenZeppelin Contracts ERC165Checker unbounded gas consumption
### Impact

The target contract of an EIP-165 `supportsInterface` query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost.

### Patches

The issue has been fixed in v4.7.2.

### References

https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3587

### For more information

If you have any questions or comments about this advisory, or need assistance deploying a fix, email us at [security@openzeppelin.com](mailto:security@openzeppelin.com).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-35915
reference_id
reference_type
scores
0
value 0.00305
scoring_system epss
scoring_elements 0.54006
published_at 2026-06-04T12:55:00Z
1
value 0.00305
scoring_system epss
scoring_elements 0.54059
published_at 2026-06-07T12:55:00Z
2
value 0.00305
scoring_system epss
scoring_elements 0.5407
published_at 2026-06-06T12:55:00Z
3
value 0.00305
scoring_system epss
scoring_elements 0.54062
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-35915
1
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OpenZeppelin/openzeppelin-contracts
2
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3587
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:52:38Z/
url https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3587
3
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.7.2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.7.2
4
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-7grf-83vw-6f5x
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:52:38Z/
url https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-7grf-83vw-6f5x
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-35915
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-35915
6
reference_url https://github.com/advisories/GHSA-7grf-83vw-6f5x
reference_id GHSA-7grf-83vw-6f5x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7grf-83vw-6f5x
fixed_packages
0
url pkg:npm/%40openzeppelin/contracts-upgradeable@4.7.2
purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hqyw-2vt2-tfcn
1
vulnerability VCID-mshr-yc9h-jufk
2
vulnerability VCID-n62w-34wv-rbdn
3
vulnerability VCID-nz22-6jy1-x3bv
4
vulnerability VCID-r1tt-p7t8-ufgh
5
vulnerability VCID-rgdr-jxdc-hucn
6
vulnerability VCID-wvaj-hpg7-jbag
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.7.2
aliases CVE-2022-35915, GHSA-7grf-83vw-6f5x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-khsw-qwwk-cbhe
1
url VCID-nkwc-fgjc-kqbt
vulnerability_id VCID-nkwc-fgjc-kqbt
summary 
Improper Privilege Management
OpenZepplin is a library for smart contract development. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team's control. We recommend revoking all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39168
reference_id
reference_type
scores
0
value 0.00443
scoring_system epss
scoring_elements 0.6364
published_at 2026-06-04T12:55:00Z
1
value 0.00443
scoring_system epss
scoring_elements 0.63681
published_at 2026-06-07T12:55:00Z
2
value 0.00443
scoring_system epss
scoring_elements 0.63689
published_at 2026-06-06T12:55:00Z
3
value 0.00443
scoring_system epss
scoring_elements 0.63682
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39168
1
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/CHANGELOG.md#431
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/CHANGELOG.md#431
2
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts/commit/cec4f2ef57495d8b1742d62846da212515d99dd5
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/OpenZeppelin/openzeppelin-contracts/commit/cec4f2ef57495d8b1742d62846da212515d99dd5
3
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeabl
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeabl
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-39168
reference_id CVE-2021-39168
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-39168
5
reference_url https://github.com/advisories/GHSA-vrw4-w73r-6mm8
reference_id GHSA-vrw4-w73r-6mm8
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vrw4-w73r-6mm8
6
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/security/advisories/GHSA-vrw4-w73r-6mm8
reference_id GHSA-vrw4-w73r-6mm8
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/security/advisories/GHSA-vrw4-w73r-6mm8
fixed_packages
0
url pkg:npm/%40openzeppelin/contracts-upgradeable@3.4.2
purl pkg:npm/%40openzeppelin/contracts-upgradeable@3.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-khsw-qwwk-cbhe
1
vulnerability VCID-nz22-6jy1-x3bv
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@3.4.2
1
url pkg:npm/%40openzeppelin/contracts-upgradeable@4.3.1
purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9pnw-9buy-5kab
1
vulnerability VCID-a5j2-t27s-afgq
2
vulnerability VCID-dd7x-jkkf-gygv
3
vulnerability VCID-e2yb-zuf8-6qbk
4
vulnerability VCID-hqyw-2vt2-tfcn
5
vulnerability VCID-khsw-qwwk-cbhe
6
vulnerability VCID-mshr-yc9h-jufk
7
vulnerability VCID-n62w-34wv-rbdn
8
vulnerability VCID-nz22-6jy1-x3bv
9
vulnerability VCID-pah6-6268-63ap
10
vulnerability VCID-qt6w-nqmu-57by
11
vulnerability VCID-r1tt-p7t8-ufgh
12
vulnerability VCID-u3xc-5csn-r3cn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.3.1
aliases CVE-2021-39168, GHSA-vrw4-w73r-6mm8
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nkwc-fgjc-kqbt
2
url VCID-nz22-6jy1-x3bv
vulnerability_id VCID-nz22-6jy1-x3bv
summary 
Interpretation Conflict
OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding, the proxy could revert while attempting to decode the arguments from calldata. The probability of an accidental clash is negligible, but one could be caused deliberately and could cause a reduction in availability. The issue has been fixed in version 4.8.3. As a workaround if a function appears to be inaccessible for this reason, it may be possible to craft the calldata such that ABI decoding does not fail at the proxy and the function is properly proxied through.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-30541
reference_id
reference_type
scores
0
value 0.00452
scoring_system epss
scoring_elements 0.64078
published_at 2026-06-07T12:55:00Z
1
value 0.00452
scoring_system epss
scoring_elements 0.64088
published_at 2026-06-06T12:55:00Z
2
value 0.00452
scoring_system epss
scoring_elements 0.6408
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-30541
1
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OpenZeppelin/openzeppelin-contracts
2
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4154
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T20:31:10Z/
url https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4154
3
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.8.3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T20:31:10Z/
url https://github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.8.3
4
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/commit/58fa0f81c4036f1a3b616fdffad2fd27e5d5ce21
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/commit/58fa0f81c4036f1a3b616fdffad2fd27e5d5ce21
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-30541
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-30541
6
reference_url https://github.com/advisories/GHSA-mx2q-35m2-x2rh
reference_id GHSA-mx2q-35m2-x2rh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mx2q-35m2-x2rh
7
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-mx2q-35m2-x2rh
reference_id GHSA-mx2q-35m2-x2rh
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T20:31:10Z/
url https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-mx2q-35m2-x2rh
fixed_packages
0
url pkg:npm/%40openzeppelin/contracts-upgradeable@4.8.3
purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mshr-yc9h-jufk
1
vulnerability VCID-n62w-34wv-rbdn
2
vulnerability VCID-rgdr-jxdc-hucn
3
vulnerability VCID-wvaj-hpg7-jbag
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.8.3
aliases CVE-2023-30541, GHSA-mx2q-35m2-x2rh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nz22-6jy1-x3bv
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@3.3.0