Launch Week Day 1: Announcing Security Design Review
Start for Free
pypi

vyper

View on pypi registry
82 Total advisories
82 Vulnerabilities
0 Malware

Vulnerabilities

MEDIUM 5.3
PyPI

CVE-2024-32481

vyper's range(start, start + N) reverts for negative numbers
HIGH 7.5
PyPI

CVE-2025-21607

CVE-2025-21607
MEDIUM 5.3
PyPI

CVE-2024-32649

CVE-2024-32649
MEDIUM 5.3
PyPI

CVE-2024-32649

vyper performs multiple eval of `sqrt()` argument built in
MEDIUM 5.3
PyPI

CVE-2024-26149

CVE-2024-26149
UNKNOWN
PyPI

CVE-2025-21607

Vyper Does Not Check the Success of Certain Precompile Calls
MEDIUM 5.3
PyPI

CVE-2024-32646

vyper performs double eval of the slice start/length args in certain cases
MEDIUM 5.3
PyPI

CVE-2024-32645

CVE-2024-32645
MEDIUM 5.3
PyPI

CVE-2024-32647

vyper performs double eval of raw_args in create_from_blueprint
MEDIUM 5.3
PyPI

CVE-2024-32648

vyper default functions don't respect nonreentrancy keys
MEDIUM 5.3
PyPI

CVE-2024-32647

CVE-2024-32647
MEDIUM 5.3
PyPI

CVE-2024-32646

CVE-2024-32646
MEDIUM 5.3
PyPI

CVE-2024-32645

vyper performs incorrect topic logging in raw_log
MEDIUM 5.3
PyPI

CVE-2024-32648

CVE-2024-32648
MEDIUM 5.3
PyPI

CVE-2024-32481

CVE-2024-32481
MEDIUM 5.3
PyPI

CVE-2024-24564

CVE-2024-24564
LOW 3.7
PyPI

CVE-2024-24564

Vyper's `extract32` can ready dirty memory
LOW 3.7
PyPI

CVE-2024-26149

Vyper's `_abi_decode` vulnerable to Memory Overflow
HIGH 7.5
PyPI

CVE-2021-41121

Memory corruption when returning a literal struct with a private call inside of it
MEDIUM 4.3
PyPI

CVE-2021-41122

missing clamps for decimal args in external functions
LOW 3.7
PyPI

CVE-2023-32675

Vyper's nonpayable default functions are sometimes payable
UNKNOWN
PyPI

CVE-2023-32675

CVE-2023-32675
MEDIUM 5.9
PyPI

CVE-2023-39363

CVE-2023-39363
MEDIUM 5.3
PyPI

CVE-2023-40015

Vyper: reversed order of side effects for some operations
UNKNOWN
PyPI

CVE-2025-47774

Vyper's `slice()` may elide side-effects when output length is 0
UNKNOWN
PyPI

CVE-2025-47285

Vyper's `concat()` builtin may elide side-effects for zero-length arguments
UNKNOWN
PyPI

CVE-2025-26622

Vyper's sqrt doesn't define rounding behavior
UNKNOWN
PyPI

CVE-2025-27104

Vyper has a double eval in For List Iter
UNKNOWN
PyPI

CVE-2025-27105

AugAssign evaluation order causing OOB write within the object in Vyper
UNKNOWN
PyPI

CVE-2025-26622

CVE-2025-26622
UNKNOWN
PyPI

CVE-2025-27105

CVE-2025-27105
UNKNOWN
PyPI

CVE-2025-27104

CVE-2025-27104
HIGH 7.5
PyPI

CVE-2022-24787

Incorrect Comparison in Vyper
UNKNOWN
PyPI

GHSA-375m-5fvv-xq23

VVE-2021-0002: Incorrect `returndatasize` when using simple forwarder proxies deployed prior to EIP-1167 adoption
UNKNOWN
PyPI

GHSA-22wc-c9wj-6q2v

VVE-2021-0001: Memory corruption using function calls within arrays
UNKNOWN
PyPI

GHSA-7f92-rr6w-cq64

Storage corruption due to variables overwritten by re-entrancy locks
UNKNOWN
PyPI

GHSA-mr6r-mvw4-736g

Vyper interfaces returning integer types less than 256 bits can be manipulated if uint256 is used
LOW 3.7
PyPI

CVE-2024-24559

Vyper sha3 codegen bug
CRITICAL 9.8
PyPI

CVE-2024-24563

Vyper negative array index bounds checks
MEDIUM 4.8
PyPI

CVE-2024-24567

Vyper's raw_call `value=` kwargs not disabled for static and delegate calls
LOW 3.7
PyPI

CVE-2024-24560

Vyper's external calls can overflow return data to return input buffer
CRITICAL 9.8
PyPI

CVE-2024-24561

Vyper's bounds check on built-in `slice()` function can be overflowed
HIGH 7.5
PyPI

CVE-2023-46247

incorrect storage layout for contracts containing large arrays
MEDIUM 5.3
PyPI

CVE-2023-42441

Vyper has incorrect re-entrancy lock when key is empty string
HIGH 8.1
PyPI

CVE-2023-42443

Vyper vulnerable to memory corruption in certain builtins utilizing `msize`
HIGH 8.1
PyPI

CVE-2023-42443

CVE-2023-42443
HIGH 7.5
PyPI

CVE-2023-46247

CVE-2023-46247
MEDIUM 5.3
PyPI

CVE-2023-42441

CVE-2023-42441
CRITICAL 9.8
PyPI

CVE-2024-24563

CVE-2024-24563
MEDIUM 5.3
PyPI

CVE-2024-24567

CVE-2024-24567
MEDIUM 5.3
PyPI

CVE-2024-24560

CVE-2024-24560
MEDIUM 5.3
PyPI

CVE-2024-24559

CVE-2024-24559
CRITICAL 9.8
PyPI

CVE-2024-24561

CVE-2024-24561
MEDIUM 5.3
PyPI

CVE-2023-42460

Vyper's `_abi_decode` input not validated in complex expressions
MEDIUM 5.3
PyPI

CVE-2023-41052

incorrect order of evaluation of side effects for some builtins
MEDIUM 5.3
PyPI

CVE-2023-37902

ecrecover can return undefined data if signature does not verify
HIGH 7.5
PyPI

CVE-2023-32058

Vyper vulnerable to integer overflow in loop
HIGH 7.5
PyPI

CVE-2023-31146

Vyper vulnerable to OOB DynArray access when array is on both LHS and RHS of an assignment
HIGH 7.5
PyPI

CVE-2023-30837

vyper vulnerable to storage allocator overflow
HIGH 7.5
PyPI

CVE-2023-30629

Incorrect success value returned in vyper
HIGH 7.5
PyPI

CVE-2023-32059

Vyper vulnerable to incorrect ordering of arguments for kwargs passed to internal calls
HIGH 7.1
PyPI

CVE-2022-24788

Buffer Overflow in vyper
HIGH 7.5
PyPI

CVE-2022-29255

Multiple evaluation of contract address in call in vyper
HIGH 8.7
PyPI

CVE-2023-39363

Vyper has incorrectly allocated named re-entrancy locks
HIGH 7.3
PyPI

CVE-2024-22419

concat built-in can corrupt memory in vyper
CRITICAL 9.8
PyPI

CVE-2024-22419

CVE-2024-22419
HIGH 7.5
PyPI

CVE-2023-42460

CVE-2023-42460
MEDIUM 5.3
PyPI

CVE-2023-41052

CVE-2023-41052
MEDIUM 5.3
PyPI

CVE-2023-40015

CVE-2023-40015
MEDIUM 5.3
PyPI

CVE-2023-37902

CVE-2023-37902
UNKNOWN
PyPI

CVE-2023-32059

CVE-2023-32059
UNKNOWN
PyPI

CVE-2023-32058

CVE-2023-32058
UNKNOWN
PyPI

CVE-2023-31146

CVE-2023-31146
UNKNOWN
PyPI

CVE-2023-30837

CVE-2023-30837
HIGH 7.5
PyPI

CVE-2023-30629

CVE-2023-30629
HIGH 7.5
PyPI

CVE-2022-29255

CVE-2022-29255
UNKNOWN
PyPI

CVE-2022-24845

CVE-2022-24845
HIGH 8.8
PyPI

CVE-2022-24845

Integer bounds error in Vyper
UNKNOWN
PyPI

CVE-2022-24788

CVE-2022-24788
UNKNOWN
PyPI

CVE-2022-24787

CVE-2022-24787
UNKNOWN
PyPI

CVE-2021-41122

CVE-2021-41122
UNKNOWN
PyPI

CVE-2021-41121

CVE-2021-41121

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes