Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

vyperlang — Vulnerabilities & Security Advisories 40

Browse all 40 CVE security advisories affecting vyperlang. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Vyperlang is a statically typed, Pythonic programming language designed for writing smart contracts on the Ethereum blockchain, prioritizing security and simplicity over flexibility. Its primary use case involves creating decentralized applications where code immutability and auditability are critical. Historically, vulnerabilities in Vyperlang implementations have frequently stemmed from logic errors rather than traditional web-based exploits like XSS or RCE, though improper handling of external calls has led to reentrancy issues. The codebase has recorded 40 CVEs, many involving integer overflows or unchecked return values from external contracts. Notable incidents include exploits where attackers manipulated state variables due to insufficient access controls, highlighting the importance of rigorous formal verification. While the language itself aims to mitigate common Solidity pitfalls, implementation flaws in deployed contracts remain the primary vector for security breaches, necessitating strict adherence to best practices in contract development and auditing.

Found 40 results / 40Clear Filters
Top products by vyperlang: vyper
CVE IDTitleCVSSSeverityPublished
CVE-2025-47774 Vyper's `slice()` may elide side-effects when output length is 0 — vyperCWE-691 9.1AICriticalAI2025-05-15
CVE-2025-47285 Vyper's `concat()` builtin may elide side-effects for zero-length arguments — vyperCWE-691 8.2AIHighAI2025-05-15
CVE-2025-26622 sqrt doesn't define rounding behavior in Vyper — vyperCWE-682--2025-02-21
CVE-2025-27104 double eval in For List Iter in Vyper — vyperCWE-662 8.8 -2025-02-21
CVE-2025-27105 AugAssign evaluation order causing OOB write within the object in Vyper — vyperCWE-787 6.5 -2025-02-21
CVE-2025-21607 Success of Certain Precompile Calls not Checked in Vyper — vyperCWE-670 7.1 -2025-01-14
CVE-2024-32649 vyper performs double eval of the argument of sqrt — vyperCWE-95 5.3 Medium2024-04-25
CVE-2024-32648 vyper default functions don't respect nonreentrancy keys — vyperCWE-667 5.3 Medium2024-04-25
CVE-2024-32647 vyper performs double eval of raw_args in create_from_blueprint — vyperCWE-95 5.3 Medium2024-04-25
CVE-2024-32646 vyper performs double eval of the slice args when buffer from adhoc locations — vyperCWE-20 5.3 Medium2024-04-25
CVE-2024-32645 vyper performs incorrect topic logging in raw_log — vyperCWE-20 5.3 Medium2024-04-25
CVE-2024-32481 vyper's range(start, start + N) reverts for negative numbers — vyperCWE-681 5.3 Medium2024-04-25
CVE-2024-24564 Vyper extract32 can ready dirty memory — vyperCWE-125 3.7 Low2024-02-26
CVE-2024-26149 Vyper _abi_decode Memory Overflow — vyperCWE-119 3.7 Low2024-02-26
CVE-2024-24563 Vyper array negative index vulnerability — vyperCWE-129 9.8 Critical2024-02-07
CVE-2024-24559 Vyper SHA3 code generation bug — vyperCWE-327 3.7 Low2024-02-05
CVE-2024-24560 Vyper external calls can overflow return data to return input buffer — vyperCWE-119 3.7 Low2024-02-02
CVE-2024-24561 Vyper bounds check on built-in `slice()` function can be overflowed — vyperCWE-119 9.8 Critical2024-02-01
CVE-2024-24567 raw_call `value=` kwargs not disabled for static and delegate calls — vyperCWE-754 4.8 Medium2024-01-30
CVE-2024-22419 concat built-in can corrupt memory in vyper — vyperCWE-120 7.3 High2024-01-18
CVE-2023-46247 Vyper has incorrect storage layout for contracts containing large arrays — vyperCWE-193 7.5 High2023-12-13
CVE-2023-42460 _abi_decode input not validated in complex expressions in Vyper — vyperCWE-682 5.3 Medium2023-09-26
CVE-2023-42443 Vyper vulnerable to memory corruption in certain builtins utilizing `msize` — vyperCWE-787 8.1 High2023-09-18
CVE-2023-42441 Vyper has incorrect re-entrancy lock when key is empty string — vyperCWE-833 5.3 Medium2023-09-18
CVE-2023-40015 Vyper: reversed order of side effects for some operations — vyperCWE-670 3.7 Low2023-09-04
CVE-2023-41052 Vyper: incorrect order of evaluation of side effects for some builtins — vyperCWE-670 3.7 Low2023-09-04
CVE-2023-39363 Vyper incorrectly allocated named re-entrancy locks — vyperCWE-863 9.1 -2023-08-07
CVE-2023-37902 Vyper's ecrecover can return undefined data if signature does not verify — vyperCWE-252 5.3 Medium2023-07-25
CVE-2023-32675 Nonpayable default functions are sometimes payable in vyper — vyperCWE-670 3.7 Low2023-05-19
CVE-2023-32059 Vyper vulnerable to incorrect ordering of arguments for kwargs passed to internal calls — vyperCWE-683 7.5 High2023-05-11

This page lists every published CVE security advisory associated with vyperlang. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.