Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/%40openzeppelin/contracts@2.5.0

Type npm

Namespace @openzeppelin

Name contracts

Version 2.5.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.9.6

Latest_non_vulnerable_version 5.4.0

Affected_by_vulnerabilities

url VCID-khsw-qwwk-cbhe

vulnerability_id VCID-khsw-qwwk-cbhe

summary

OpenZeppelin Contracts ERC165Checker unbounded gas consumption
### Impact

The target contract of an EIP-165 `supportsInterface` query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost.

### Patches

The issue has been fixed in v4.7.2.

### References

https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3587

### For more information

If you have any questions or comments about this advisory, or need assistance deploying a fix, email us at [security@openzeppelin.com](mailto:security@openzeppelin.com).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-35915

reference_id

reference_type

scores

value	0.00305
scoring_system	epss
scoring_elements	0.54059
published_at	2026-06-07T12:55:00Z

value	0.00305
scoring_system	epss
scoring_elements	0.5407
published_at	2026-06-06T12:55:00Z

value	0.00305
scoring_system	epss
scoring_elements	0.54062
published_at	2026-06-05T12:55:00Z

value	0.00305
scoring_system	epss
scoring_elements	0.54036
published_at	2026-06-08T12:55:00Z

value	0.00305
scoring_system	epss
scoring_elements	0.54006
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-35915

reference_url

https://github.com/OpenZeppelin/openzeppelin-contracts

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/OpenZeppelin/openzeppelin-contracts

reference_url

https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3587

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:52:38Z/

url

https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3587

reference_url

https://github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.7.2

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.7.2

reference_url

https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-7grf-83vw-6f5x

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:52:38Z/

url

https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-7grf-83vw-6f5x

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-35915

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-35915

reference_url

https://github.com/advisories/GHSA-7grf-83vw-6f5x

reference_id

GHSA-7grf-83vw-6f5x

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7grf-83vw-6f5x

fixed_packages

url pkg:npm/%40openzeppelin/contracts@4.7.2

purl pkg:npm/%40openzeppelin/contracts@4.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-rgdr-jxdc-hucn

vulnerability	VCID-wvaj-hpg7-jbag

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.7.2

aliases CVE-2022-35915, GHSA-7grf-83vw-6f5x

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-khsw-qwwk-cbhe

url VCID-rcz7-hu9d-mfbg

vulnerability_id VCID-rcz7-hu9d-mfbg

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-46151

reference_id

reference_type

scores

value	0.00288
scoring_system	epss
scoring_elements	0.52508
published_at	2026-06-04T12:55:00Z

value	0.00288
scoring_system	epss
scoring_elements	0.52568
published_at	2026-06-05T12:55:00Z

value	0.00288
scoring_system	epss
scoring_elements	0.52576
published_at	2026-06-06T12:55:00Z

value	0.00288
scoring_system	epss
scoring_elements	0.52557
published_at	2026-06-07T12:55:00Z

value	0.00288
scoring_system	epss
scoring_elements	0.52529
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-46151

reference_url	https://github.com/pinterest/querybook/commit/88a7f10495bf5ed1a556ade51a2f2794e403c063
reference_id
reference_type
scores
url	https://github.com/pinterest/querybook/commit/88a7f10495bf5ed1a556ade51a2f2794e403c063

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-46151
reference_id	CVE-2022-46151
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-46151

reference_url	https://github.com/pinterest/querybook/security/advisories/GHSA-mrrw-9wf7-xq6w
reference_id	GHSA-mrrw-9wf7-xq6w
reference_type
scores
url	https://github.com/pinterest/querybook/security/advisories/GHSA-mrrw-9wf7-xq6w

fixed_packages

url pkg:npm/%40openzeppelin/contracts@4.0.0-beta.0

purl pkg:npm/%40openzeppelin/contracts@4.0.0-beta.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jwma-7k4s-5kgx

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-snry-t5m2-c3hn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.0.0-beta.0

url pkg:npm/%40openzeppelin/contracts@4.0.0

purl pkg:npm/%40openzeppelin/contracts@4.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-jwma-7k4s-5kgx

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nkwc-fgjc-kqbt

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-snry-t5m2-c3hn

vulnerability	VCID-xpnm-mbrk-mugy

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.0.0

aliases CVE-2022-46151, GHSA-mrrw-9wf7-xq6w

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rcz7-hu9d-mfbg

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@2.5.0

Package Instance