Home/Product/vyperlang vyper
Product

vyperlang vyper

38 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-27105
< 0.4.1
vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by first caching the target location t
9.1CRITICAL
 CVE-2025-27104
< 0.4.1
vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expression is possible in the iterator ta
7.5HIGH
 CVE-2025-26622
< 0.4.1
vyper is a Pythonic Smart Contract Language for the EVM. Vyper sqrt() builtin uses the babylonian method to calculate square roo
7.5HIGH
 CVE-2025-21607
< 0.4.1
Vyper is a Pythonic Smart Contract Language for the EVM. When the Vyper Compiler uses the precompiles EcRecover (0x1) and Identity
7.5HIGH
 CVE-2024-32649
< 0.4.0
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the sqrt built
5.3MEDIUM
 CVE-2024-32648
< 0.3.0
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Prior to version 0.3.0, default functions don't resp
5.3MEDIUM
 CVE-2024-32647
< 0.4.0
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `create_from
5.3MEDIUM
 CVE-2024-32646
< 0.4.0
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the slice buil
5.3MEDIUM
 CVE-2024-32645
< 0.4.0
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, incorrect values can b
5.3MEDIUM
 CVE-2024-32481
>= 0.3.8 and <= 0.3.10
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in version 0.3.8 and prior to version 0.4.0
5.3MEDIUM
 CVE-2024-26149
<= 0.3.10
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. If an excessively large value is specified as the st
3.7LOW
 CVE-2024-24564
< 0.4.0
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in extract32(b, start), if th
3.7LOW
 CVE-2024-24563
<= 0.3.10
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they
9.8CRITICAL
 CVE-2024-24559
<= 0.3.10
Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the IR for `sh
3.7LOW
 CVE-2024-24560
<= 0.3.10
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. When calls to external contracts are made, we write
3.7LOW
 CVE-2024-24561
<= 0.3.10
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.10 and earlier, the bounds check for
9.8CRITICAL
 CVE-2024-24567
<= 0.3.10
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin raw
4.8MEDIUM
 CVE-2024-22419
<= 0.3.10
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The concat built-in can write over the bounds of t
7.3HIGH
 CVE-2023-46247
< 0.3.8
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Contracts containing large arrays might undera
7.5HIGH
 CVE-2023-42460
>= 0.3.4 and < 0.3.10
Vyper is a Pythonic Smart Contract Language for the EVM. The _abi_decode() function does not validate input when it is nested in
5.3MEDIUM
 CVE-2023-42443
< 0.3.10
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In version 0.3.9 and prior, under certain cond
8.1HIGH
 CVE-2023-42441
>= 0.2.9 and < 0.3.10
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Starting in version 0.2.9 and prior to version
5.3MEDIUM
 CVE-2023-41052
<= 0.3.9
Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin function
3.7LOW
 CVE-2023-40015
<= 0.3.9
Vyper is a Pythonic Smart Contract Language. For the following (probably non-exhaustive) list of expressions, the compiler evaluat
3.7LOW
 CVE-2023-39363
all versions
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In versions 0.2.15, 0.2.16 and 0.3.0, named re
5.9MEDIUM
 CVE-2023-37902
< 0.3.9
Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine (EVM). Prior to version 0.3.10, the ecrecover p
5.3MEDIUM
 CVE-2023-32675
< 0.3.8
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In contracts with more than one regular nonpayable f
3.7LOW
 CVE-2023-32059
< 0.3.8
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default
7.5HIGH
 CVE-2023-32058
< 0.3.8
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow chec
7.5HIGH
 CVE-2023-31146
< 0.3.8
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length w
7.5HIGH
 CVE-2023-30837
< 0.3.8
Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in vers
7.5HIGH
 CVE-2023-30629
>= 0.3.1 and < 0.3.8
Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler
7.5HIGH
 CVE-2022-29255
< 0.3.4
Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions prior to 0.3.4 when a calling an externa
8.2HIGH
 CVE-2022-24845
< 0.3.2
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In affected versions, the return of `<iface>.returns
8.8HIGH
 CVE-2022-24788
< 0.3.2
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a poten
7.1HIGH
 CVE-2022-24787
<= 0.3.1
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dir
7.5HIGH
 CVE-2021-41121
< 0.3.0
Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions when performing a function call inside a literal str
7.5HIGH
 CVE-2021-41122
< 0.3.0
Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bou
4.3MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin