pkg:PyPI/vyper

78 total CVEsCRITICAL4HIGH30MEDIUM26LOW10

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2024-24563Vyper negative array index bounds checks
    from 0, < 0.4.0b1
  • CRITICAL9.8CVE-2024-24563Vyper negative array index bounds checks
    from 0, < 0.4.0
  • CRITICAL9.8CVE-2024-24561Vyper's bounds check on built-in `slice()` function can be overflowed
    from 0, < 0.4.0
  • CRITICAL9.8CVE-2024-24561Vyper's bounds check on built-in `slice()` function can be overflowed
    from 0, < 0.4.0b1
  • HIGH8.8CVE-2022-24845Integer bounds error in Vyper
    from 0, < 049dbdc647b2ce838fae7c188e6bb09cf16e470b | from 0, < 0.3.2
  • HIGH8.8CVE-2022-24845Integer bounds error in Vyper
    from 0, < 0.3.2
  • HIGH8.7CVE-2023-39363Vyper has incorrectly allocated named re-entrancy locks
    >= 0.2.15, < 0.3.1
  • HIGH8.7CVE-2023-39363Vyper has incorrectly allocated named re-entrancy locks
    from 0
  • HIGH8.1CVE-2023-42443Vyper vulnerable to memory corruption in certain builtins utilizing `msize`
    from 0, < 0.3.10
  • HIGH8.1CVE-2023-42443Vyper vulnerable to memory corruption in certain builtins utilizing `msize`
    >= 0.3.4, < 0.3.10
  • HIGH7.5CVE-2025-21607Vyper Does Not Check the Success of Certain Precompile Calls
    from 0
  • HIGH7.5CVE-2025-21607Vyper Does Not Check the Success of Certain Precompile Calls
    from 0, < 0.4.1
  • HIGH7.5CVE-2023-46247incorrect storage layout for contracts containing large arrays
    from 0, < 0bb7203b584e771b23536ba065a6efda457161bb | from 0, < 0.3.8
  • HIGH7.5CVE-2023-46247incorrect storage layout for contracts containing large arrays
    from 0, < 0.3.8
  • HIGH7.5CVE-2023-31146Vyper vulnerable to OOB DynArray access when array is on both LHS and RHS of an assignment
    from 0, < 0.3.8
  • HIGH7.5CVE-2023-31146Vyper vulnerable to OOB DynArray access when array is on both LHS and RHS of an assignment
    from 0, < 4f8289a81206f767df1900ac48f485d90fc87edb | from 0, < 0.3.8
  • HIGH7.5CVE-2023-32058Vyper vulnerable to integer overflow in loop
    from 0, < 3de1415ee77a9244eb04bdb695e249d3ec9ed868 | from 0, < 0.3.8
  • HIGH7.5CVE-2023-32058Vyper vulnerable to integer overflow in loop
    from 0, < 0.3.8
  • HIGH7.5CVE-2023-32059Vyper vulnerable to incorrect ordering of arguments for kwargs passed to internal calls
    from 0, < 0.3.8
  • HIGH7.5CVE-2023-32059Vyper vulnerable to incorrect ordering of arguments for kwargs passed to internal calls
    from 0, < c3e68c302aa6e1429946473769dd1232145822ac | from 0, < 0.3.8
  • HIGH7.5CVE-2023-30837vyper vulnerable to storage allocator overflow
    from 0, < 0bb7203b584e771b23536ba065a6efda457161bb | from 0, < 0.3.8
  • HIGH7.5CVE-2023-30837vyper vulnerable to storage allocator overflow
    from 0, < 0.3.8
  • HIGH7.5CVE-2023-30629Incorrect success value returned in vyper
    >= 0.3.1, < 0.3.8
  • HIGH7.5CVE-2023-30629Incorrect success value returned in vyper
    from 0, < 851f7a1b3aa2a36fd041e3d0ed38f9355a58c8ae | >= 0.3.1, < 0.3.8
  • HIGH7.5CVE-2022-29255Multiple evaluation of contract address in call in vyper
    from 0, < 0.3.4
  • HIGH7.5CVE-2022-29255Multiple evaluation of contract address in call in vyper
    from 0, < 6b4d8ff185de071252feaa1c319712b2d6577f8d | from 0, < 0.3.4
  • HIGH7.5CVE-2022-24787Incorrect Comparison in Vyper
    from 0, < 0.3.2
  • HIGH7.5CVE-2022-24787Incorrect Comparison in Vyper
    from 0, < 2c73f8352635c0a433423a5b94740de1a118e508 | from 0, < 0.3.2
  • HIGH7.5CVE-2021-41121Memory corruption when returning a literal struct with a private call inside of it
    from 0, < 0.3.0
  • HIGH7.5CVE-2021-41121Memory corruption when returning a literal struct with a private call inside of it
    from 0, < 0.3.0
  • HIGH7.3CVE-2024-22419concat built-in can corrupt memory in vyper
    from 0, < 55e18f6d128b2da8986adbbcccf1cd59a4b9ad6f | from 0, < 0.4.0b1
  • HIGH7.3CVE-2024-22419concat built-in can corrupt memory in vyper
    >= 0.3.0, < 0.4.0
  • HIGH7.1CVE-2022-24788Buffer Overflow in vyper
    from 0, < 049dbdc647b2ce838fae7c188e6bb09cf16e470b | from 0, < 0.3.2
  • HIGH7.1CVE-2022-24788Buffer Overflow in vyper
    from 0, < 0.3.2
  • MEDIUM5.3CVE-2024-32481vyper's range(start, start + N) reverts for negative numbers
    >= 0.3.8, < 0.4.0
  • MEDIUM5.3CVE-2024-32481vyper's range(start, start + N) reverts for negative numbers
    >= 0.3.8, < 0.4.0b1
  • MEDIUM5.3CVE-2024-32645vyper performs incorrect topic logging in raw_log
    from 0, < 0.4.0
  • MEDIUM5.3CVE-2024-32645vyper performs incorrect topic logging in raw_log
    from 0, < 0.4.0
  • MEDIUM5.3CVE-2024-32646vyper performs double eval of the slice start/length args in certain cases
    from 0, < 0.4.0
  • MEDIUM5.3CVE-2024-32646vyper performs double eval of the slice start/length args in certain cases
    from 0, < 0.4.0
  • MEDIUM5.3CVE-2024-32647vyper performs double eval of raw_args in create_from_blueprint
    from 0, < 0.4.0
  • MEDIUM5.3CVE-2024-32647vyper performs double eval of raw_args in create_from_blueprint
    from 0, < 0.4.0
  • MEDIUM5.3CVE-2024-32648vyper default functions don't respect nonreentrancy keys
    from 0, < 93287e5ac184b53b395c907d40701f721daf8177, < 93287e5ac184b53b395c907d40701f721daf8177 | from 0, < 0.3.0
  • MEDIUM5.3CVE-2024-32648vyper default functions don't respect nonreentrancy keys
    from 0, < 0.3.0
  • MEDIUM5.3CVE-2024-32649vyper performs multiple eval of `sqrt()` argument built in
    from 0, < 0.4.0
  • MEDIUM5.3CVE-2024-32649vyper performs multiple eval of `sqrt()` argument built in
    from 0, < 0.4.0
  • MEDIUM5.3CVE-2023-42460Vyper's `_abi_decode` input not validated in complex expressions
    >= 0.3.4, < 0.3.10
  • MEDIUM5.3CVE-2023-42460Vyper's `_abi_decode` input not validated in complex expressions
    >= 0.3.4, < 0.3.10
  • MEDIUM5.3CVE-2023-42441Vyper has incorrect re-entrancy lock when key is empty string
    >= 0.2.9, < 0.3.10
  • MEDIUM5.3CVE-2023-42441Vyper has incorrect re-entrancy lock when key is empty string
    from 0, < 0b740280c1e3c5528a20d47b29831948ddcc6d83 | >= 0.2.9, < 0.3.10
  • MEDIUM5.3CVE-2023-41052incorrect order of evaluation of side effects for some builtins
    from 0, < 0.3.10rc1
  • MEDIUM5.3CVE-2023-41052incorrect order of evaluation of side effects for some builtins
    from 0, < 0.3.10rc1
  • MEDIUM5.3CVE-2023-40015Vyper: reversed order of side effects for some operations
    from 0, < 0.3.10rc1
  • MEDIUM5.3CVE-2023-40015Vyper: reversed order of side effects for some operations
    from 0, <= 0.4.2
  • MEDIUM5.3CVE-2023-37902ecrecover can return undefined data if signature does not verify
    from 0, < 019a37ab98ff53f04fecfadf602b6cd5ac748f7f | from 0, < 0.3.9
  • MEDIUM5.3CVE-2023-37902ecrecover can return undefined data if signature does not verify
    from 0, < 0.3.10
  • MEDIUM4.8CVE-2024-24567Vyper's raw_call `value=` kwargs not disabled for static and delegate calls
    from 0, < 0.4.0b1
  • MEDIUM4.8CVE-2024-24567Vyper's raw_call `value=` kwargs not disabled for static and delegate calls
    from 0, < 0.4.0
  • MEDIUM4.3CVE-2021-41122missing clamps for decimal args in external functions
    from 0, < 0.3.0
  • MEDIUM4.3CVE-2021-41122missing clamps for decimal args in external functions
    from 0, < 0.3.0
  • LOW3.7CVE-2024-24564Vyper's `extract32` can ready dirty memory
    from 0, < 0.4.0
  • LOW3.7CVE-2024-24564Vyper's `extract32` can ready dirty memory
    from 0, < 3d9c537142fb99b2672f21e2057f5f202cde194f | from 0, < 0.4.0
  • LOW3.7CVE-2024-26149Vyper's `_abi_decode` vulnerable to Memory Overflow
    from 0, < 0.4.0
  • LOW3.7CVE-2024-26149Vyper's `_abi_decode` vulnerable to Memory Overflow
    from 0, < 0.4.0b1
  • LOW3.7CVE-2024-24559Vyper sha3 codegen bug
    from 0, < 0.4.0b1
  • LOW3.7CVE-2024-24559Vyper sha3 codegen bug
    from 0, < 0.4.0
  • LOW3.7CVE-2024-24560Vyper's external calls can overflow return data to return input buffer
    from 0, < 0.4.0b1
  • LOW3.7CVE-2024-24560Vyper's external calls can overflow return data to return input buffer
    from 0, < 0.4.0
  • LOW3.7CVE-2023-32675Vyper's nonpayable default functions are sometimes payable
    from 0, < 02339dfda0f3caabad142060d511d10bfe93c520. | from 0, < 0.3.8
  • LOW3.7CVE-2023-32675Vyper's nonpayable default functions are sometimes payable
    from 0, < 0.3.8
  • CVE-2025-47774Vyper's `slice()` may elide side-effects when output length is 0
    from 0, <= 0.4.2rc1
  • CVE-2025-47285Vyper's `concat()` builtin may elide side-effects for zero-length arguments
    from 0, <= 0.4.2rc1
  • CVE-2025-27104Vyper has a double eval in For List Iter
    from 0, < 0.4.1
  • CVE-2025-27104Vyper has a double eval in For List Iter
    from 0, < 0.4.1
  • CVE-2025-27105AugAssign evaluation order causing OOB write within the object in Vyper
    from 0, < 0.4.1
  • CVE-2025-27105AugAssign evaluation order causing OOB write within the object in Vyper
    from 0, < 0.4.1
  • CVE-2025-26622Vyper's sqrt doesn't define rounding behavior
    from 0, < 0.4.1
  • CVE-2025-26622Vyper's sqrt doesn't define rounding behavior
    from 0, < 0.4.1