Every CVE whose affected-product data names Vyperlang Vyper, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (38)
CVE-2024-24563 — CVSS 9.8 (critical): Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are…
CVE-2024-24561 — CVSS 9.8 (critical): Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.10 and earlier, the bounds check for slices…
CVE-2025-27105 — CVSS 9.1 (critical): vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by first caching the target location to avoid…
CVE-2022-24845 — CVSS 8.8 (high): Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In affected versions, the return of `<iface>.returns_int128()`…
CVE-2022-29255 — CVSS 8.2 (high): Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions prior to 0.3.4 when a calling an external…
CVE-2023-42443 — CVSS 8.1 (high): Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In version 0.3.9 and prior, under certain conditions…
CVE-2023-32059 — CVSS 7.5 (high): Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments…
CVE-2023-46247 — CVSS 7.5 (high): Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Contracts containing large arrays might underallocate…
CVE-2022-24787 — CVSS 7.5 (high): Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes…
CVE-2023-30629 — CVSS 7.5 (high): Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates…
CVE-2023-30837 — CVSS 7.5 (high): Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions…
CVE-2023-31146 — CVSS 7.5 (high): Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a…
CVE-2023-32058 — CVSS 7.5 (high): Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for…
CVE-2021-41121 — CVSS 7.5 (high): Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions when performing a function call inside a literal struct…
CVE-2025-21607 — CVSS 7.5 (high): Vyper is a Pythonic Smart Contract Language for the EVM. When the Vyper Compiler uses the precompiles EcRecover (0x1) and Identity (0x4)…
CVE-2025-26622 — CVSS 7.5 (high): vyper is a Pythonic Smart Contract Language for the EVM. Vyper `sqrt()` builtin uses the babylonian method to calculate square roots of…
CVE-2025-27104 — CVSS 7.5 (high): vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expression is possible in the iterator target of a…
CVE-2024-22419 — CVSS 7.3 (high): Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The `concat` built-in can write over the bounds of the memory…
CVE-2022-24788 — CVSS 7.1 (high): Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential…
CVE-2023-39363 — CVSS 5.9 (medium): Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy…
CVE-2023-37902 — CVSS 5.3 (medium): Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine (EVM). Prior to version 0.3.10, the ecrecover precompile…
CVE-2023-42460 — CVSS 5.3 (medium): Vyper is a Pythonic Smart Contract Language for the EVM. The `_abi_decode()` function does not validate input when it is nested in an…
CVE-2024-32481 — CVSS 5.3 (medium): Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in version 0.3.8 and prior to version 0.4.0b1, when…
CVE-2024-32645 — CVSS 5.3 (medium): Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, incorrect values can be logged…
CVE-2024-32646 — CVSS 5.3 (medium): Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `slice` builtin can…
CVE-2024-32647 — CVSS 5.3 (medium): Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the…
CVE-2024-32648 — CVSS 5.3 (medium): Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Prior to version 0.3.0, default functions don't respect…
CVE-2024-32649 — CVSS 5.3 (medium): Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `sqrt` builtin can…
CVE-2023-42441 — CVSS 5.3 (medium): Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Starting in version 0.2.9 and prior to version 0.3.10…
CVE-2024-24567 — CVSS 4.8 (medium): Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin raw_call…
CVE-2021-41122 — CVSS 4.3 (medium): Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of…
CVE-2024-24560 — CVSS 3.7 (low): Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. When calls to external contracts are made, we write the input…
CVE-2023-32675 — CVSS 3.7 (low): Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In contracts with more than one regular nonpayable function…
CVE-2023-40015 — CVSS 3.7 (low): Vyper is a Pythonic Smart Contract Language. For the following (probably non-exhaustive) list of expressions, the compiler evaluates the…
CVE-2024-24564 — CVSS 3.7 (low): Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in `extract32(b, start)`, if the `start`…
CVE-2024-26149 — CVSS 3.7 (low): Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. If an excessively large value is specified as the starting…
CVE-2024-24559 — CVSS 3.7 (low): Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the `IR` for `sha3_64`…
CVE-2023-41052 — CVSS 3.7 (low): Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions…