Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

vyper — Vulnerabilities & Security Advisories 40

All 40 CVE vulnerabilities found in vyper, with AI-generated Chinese analysis, references, and POCs.

Vendor: vyperlang

CVE IDTitleCVSSSeverityPublished
CVE-2025-47774 Vyper's `slice()` may elide side-effects when output length is 0 CWE-691 9.1AICriticalAI2025-05-15
CVE-2025-47285 Vyper's `concat()` builtin may elide side-effects for zero-length arguments CWE-691 8.2AIHighAI2025-05-15
CVE-2025-26622 sqrt doesn't define rounding behavior in Vyper CWE-682--2025-02-21
CVE-2025-27104 double eval in For List Iter in Vyper CWE-662 8.8 -2025-02-21
CVE-2025-27105 AugAssign evaluation order causing OOB write within the object in Vyper CWE-787 6.5 -2025-02-21
CVE-2025-21607 Success of Certain Precompile Calls not Checked in Vyper CWE-670 7.1 -2025-01-14
CVE-2024-32649 vyper performs double eval of the argument of sqrt CWE-95 5.3 Medium2024-04-25
CVE-2024-32648 vyper default functions don't respect nonreentrancy keys CWE-667 5.3 Medium2024-04-25
CVE-2024-32647 vyper performs double eval of raw_args in create_from_blueprint CWE-95 5.3 Medium2024-04-25
CVE-2024-32646 vyper performs double eval of the slice args when buffer from adhoc locations CWE-20 5.3 Medium2024-04-25
CVE-2024-32645 vyper performs incorrect topic logging in raw_log CWE-20 5.3 Medium2024-04-25
CVE-2024-32481 vyper's range(start, start + N) reverts for negative numbers CWE-681 5.3 Medium2024-04-25
CVE-2024-24564 Vyper extract32 can ready dirty memory CWE-125 3.7 Low2024-02-26
CVE-2024-26149 Vyper _abi_decode Memory Overflow CWE-119 3.7 Low2024-02-26
CVE-2024-24563 Vyper array negative index vulnerability CWE-129 9.8 Critical2024-02-07
CVE-2024-24559 Vyper SHA3 code generation bug CWE-327 3.7 Low2024-02-05
CVE-2024-24560 Vyper external calls can overflow return data to return input buffer CWE-119 3.7 Low2024-02-02
CVE-2024-24561 Vyper bounds check on built-in `slice()` function can be overflowed CWE-119 9.8 Critical2024-02-01
CVE-2024-24567 raw_call `value=` kwargs not disabled for static and delegate calls CWE-754 4.8 Medium2024-01-30
CVE-2024-22419 concat built-in can corrupt memory in vyper CWE-120 7.3 High2024-01-18
CVE-2023-46247 Vyper has incorrect storage layout for contracts containing large arrays CWE-193 7.5 High2023-12-13
CVE-2023-42460 _abi_decode input not validated in complex expressions in Vyper CWE-682 5.3 Medium2023-09-26
CVE-2023-42443 Vyper vulnerable to memory corruption in certain builtins utilizing `msize` CWE-787 8.1 High2023-09-18
CVE-2023-42441 Vyper has incorrect re-entrancy lock when key is empty string CWE-833 5.3 Medium2023-09-18
CVE-2023-40015 Vyper: reversed order of side effects for some operations CWE-670 3.7 Low2023-09-04
CVE-2023-41052 Vyper: incorrect order of evaluation of side effects for some builtins CWE-670 3.7 Low2023-09-04
CVE-2023-39363 Vyper incorrectly allocated named re-entrancy locks CWE-863 9.1 -2023-08-07
CVE-2023-37902 Vyper's ecrecover can return undefined data if signature does not verify CWE-252 5.3 Medium2023-07-25
CVE-2023-32675 Nonpayable default functions are sometimes payable in vyper CWE-670 3.7 Low2023-05-19
CVE-2023-32059 Vyper vulnerable to incorrect ordering of arguments for kwargs passed to internal calls CWE-683 7.5 High2023-05-11

All 40 known CVE vulnerabilities affecting vyper with full Chinese analysis, references, and POCs where available.