Vyperlang Vyper

40 CVEs affecting Vyperlang Vyper. Latest disclosed: 2025-05-15. Critical: 2, High: 13.

Top CVEs affecting Vyperlang Vyper
CVESeverityScorePublishedSummary
CVE-2024-24563Critical9.82024-02-07Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned inte…
CVE-2024-24561Critical9.82024-02-01Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.10 and earlier, the bounds check for slices does not account for…
CVE-2022-24845High8.82022-04-13Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In affected versions, the return of `<iface>.returns_int128()` is not validated t…
CVE-2022-29255High8.22022-06-06Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions prior to 0.3.4 when a calling an external contract with no return val…
CVE-2023-42443High8.12023-09-18Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In version 0.3.9 and prior, under certain conditions, the memory used by th…
CVE-2023-46247High7.52023-12-13Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Contracts containing large arrays might underallocate the number of slots t…
CVE-2023-32059High7.52023-05-11Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorr…
CVE-2023-32058High7.52023-05-11Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assi…
CVE-2023-31146High7.52023-05-11Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written…
CVE-2023-30837High7.52023-05-08Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attac…
CVE-2023-30629High7.52023-04-24Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode…
CVE-2022-24787High7.52022-04-04Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting i…
CVE-2021-41121High7.52021-10-06Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions when performing a function call inside a literal struct, there is a memory corrup…
CVE-2024-22419High7.32024-01-18Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The `concat` built-in can write over the bounds of the memory buffer that was all…
CVE-2022-24788High7.12022-04-13Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importin…
CVE-2024-32649Medium5.32024-04-25Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `sqrt` builtin can result in double eval…
CVE-2024-32648Medium5.32024-04-25Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Prior to version 0.3.0, default functions don't respect nonreentrancy keys and th…
CVE-2024-32647Medium5.32024-04-25Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `create_from_blueprint` builtin can resul…
CVE-2024-32646Medium5.32024-04-25Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `slice` builtin can result in a double ev…
CVE-2024-32645Medium5.32024-04-25Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, incorrect values can be logged when `raw_log` built…