Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

vyper — Vulnerabilities & Security Advisories 40

All 40 CVE vulnerabilities found in vyper, with AI-generated Chinese analysis, references, and POCs.

This page documents Common Weakness Enumerations associated with the Vyper smart contract language. It aggregates security issues specifically affecting contracts written in Vyper, distinguishing them from those in other Solidity-based languages. The collection includes vulnerabilities identified through independent security audits, bug bounty program disclosures, and post-deployment exploit analysis. The time range covered spans from the initial release of Vyper 0.1.0 in late 2018 through to recent patches issued in 2024, ensuring comprehensive coverage of the language’s historical security landscape. Here, you can discover detailed insights into how specific coding patterns in Vyper have led to critical security flaws over time. By reviewing this aggregation, you can track a vendor’s or core team’s advisories regarding language-level vulnerabilities and understand the evolving nature of weakness classes within the Ethereum Virtual Machine ecosystem. Researchers and developers can look up a product’s vulnerability history to identify recurring issues such as improper input validation, reentrancy risks specific to Vyper’s execution model, or compiler bugs that miscompile certain code structures. This resource serves as a centralized reference for understanding the security posture of Vyper-based applications, enabling better risk assessment and more robust code review practices. It does not endorse any specific project but rather provides a factual record of reported weaknesses to aid in the development of safer decentralized finance and non-fungible token infrastructure.

Vendor: vyperlang

CVE IDTitleCVSSSeverityPublished
CVE-2025-47774 Vyper's `slice()` may elide side-effects when output length is 0 CWE-691 9.1AICriticalAI2025-05-15
CVE-2025-47285 Vyper's `concat()` builtin may elide side-effects for zero-length arguments CWE-691 8.2AIHighAI2025-05-15
CVE-2025-26622 sqrt doesn't define rounding behavior in Vyper CWE-682--2025-02-21
CVE-2025-27104 double eval in For List Iter in Vyper CWE-662 8.8 -2025-02-21
CVE-2025-27105 AugAssign evaluation order causing OOB write within the object in Vyper CWE-787 6.5 -2025-02-21
CVE-2025-21607 Success of Certain Precompile Calls not Checked in Vyper CWE-670 7.1 -2025-01-14
CVE-2024-32649 vyper performs double eval of the argument of sqrt CWE-95 5.3 Medium2024-04-25
CVE-2024-32648 vyper default functions don't respect nonreentrancy keys CWE-667 5.3 Medium2024-04-25
CVE-2024-32647 vyper performs double eval of raw_args in create_from_blueprint CWE-95 5.3 Medium2024-04-25
CVE-2024-32646 vyper performs double eval of the slice args when buffer from adhoc locations CWE-20 5.3 Medium2024-04-25
CVE-2024-32645 vyper performs incorrect topic logging in raw_log CWE-20 5.3 Medium2024-04-25
CVE-2024-32481 vyper's range(start, start + N) reverts for negative numbers CWE-681 5.3 Medium2024-04-25
CVE-2024-24564 Vyper extract32 can ready dirty memory CWE-125 3.7 Low2024-02-26
CVE-2024-26149 Vyper _abi_decode Memory Overflow CWE-119 3.7 Low2024-02-26
CVE-2024-24563 Vyper array negative index vulnerability CWE-129 9.8 Critical2024-02-07
CVE-2024-24559 Vyper SHA3 code generation bug CWE-327 3.7 Low2024-02-05
CVE-2024-24560 Vyper external calls can overflow return data to return input buffer CWE-119 3.7 Low2024-02-02
CVE-2024-24561 Vyper bounds check on built-in `slice()` function can be overflowed CWE-119 9.8 Critical2024-02-01
CVE-2024-24567 raw_call `value=` kwargs not disabled for static and delegate calls CWE-754 4.8 Medium2024-01-30
CVE-2024-22419 concat built-in can corrupt memory in vyper CWE-120 7.3 High2024-01-18
CVE-2023-46247 Vyper has incorrect storage layout for contracts containing large arrays CWE-193 7.5 High2023-12-13
CVE-2023-42460 _abi_decode input not validated in complex expressions in Vyper CWE-682 5.3 Medium2023-09-26
CVE-2023-42443 Vyper vulnerable to memory corruption in certain builtins utilizing `msize` CWE-787 8.1 High2023-09-18
CVE-2023-42441 Vyper has incorrect re-entrancy lock when key is empty string CWE-833 5.3 Medium2023-09-18
CVE-2023-40015 Vyper: reversed order of side effects for some operations CWE-670 3.7 Low2023-09-04
CVE-2023-41052 Vyper: incorrect order of evaluation of side effects for some builtins CWE-670 3.7 Low2023-09-04
CVE-2023-39363 Vyper incorrectly allocated named re-entrancy locks CWE-863 9.1 -2023-08-07
CVE-2023-37902 Vyper's ecrecover can return undefined data if signature does not verify CWE-252 5.3 Medium2023-07-25
CVE-2023-32675 Nonpayable default functions are sometimes payable in vyper CWE-670 3.7 Low2023-05-19
CVE-2023-32059 Vyper vulnerable to incorrect ordering of arguments for kwargs passed to internal calls CWE-683 7.5 High2023-05-11

All 40 known CVE vulnerabilities affecting vyper with full Chinese analysis, references, and POCs where available.