pkg:PyPI/vyper

All known vulnerabilities

• CRITICAL9.8CVE-2024-24563Vyper negative array index bounds checks
  from 0, < 0.4.0b1
• CRITICAL9.8CVE-2024-24563Vyper negative array index bounds checks
  from 0, < 0.4.0
• CRITICAL9.8CVE-2024-24561Vyper's bounds check on built-in `slice()` function can be overflowed
  from 0, < 0.4.0
• CRITICAL9.8Vyper's bounds check on built-in `slice()` function can be overflowed
  from 0, < 0.4.0b1
• HIGH8.8Integer bounds error in Vyper
  from 0, < 049dbdc647b2ce838fae7c188e6bb09cf16e470b | from 0, < 0.3.2
• HIGH8.8Integer bounds error in Vyper
  from 0, < 0.3.2
• HIGH8.7Vyper has incorrectly allocated named re-entrancy locks
  >= 0.2.15, < 0.3.1
• HIGH8.7Vyper has incorrectly allocated named re-entrancy locks
  from 0
• HIGH8.1Vyper vulnerable to memory corruption in certain builtins utilizing `msize`
  from 0, < 0.3.10
• HIGH8.1Vyper vulnerable to memory corruption in certain builtins utilizing `msize`
  >= 0.3.4, < 0.3.10
• HIGH7.5Vyper Does Not Check the Success of Certain Precompile Calls
  from 0
• HIGH7.5Vyper Does Not Check the Success of Certain Precompile Calls
  from 0, < 0.4.1
• HIGH7.5incorrect storage layout for contracts containing large arrays
  from 0, < 0bb7203b584e771b23536ba065a6efda457161bb | from 0, < 0.3.8
• HIGH7.5incorrect storage layout for contracts containing large arrays
  from 0, < 0.3.8
• HIGH7.5Vyper vulnerable to OOB DynArray access when array is on both LHS and RHS of an assignment
  from 0, < 0.3.8
• HIGH7.5Vyper vulnerable to OOB DynArray access when array is on both LHS and RHS of an assignment
  from 0, < 4f8289a81206f767df1900ac48f485d90fc87edb | from 0, < 0.3.8
• HIGH7.5Vyper vulnerable to integer overflow in loop
  from 0, < 3de1415ee77a9244eb04bdb695e249d3ec9ed868 | from 0, < 0.3.8
• HIGH7.5Vyper vulnerable to integer overflow in loop
  from 0, < 0.3.8
• HIGH7.5Vyper vulnerable to incorrect ordering of arguments for kwargs passed to internal calls
  from 0, < 0.3.8
• HIGH7.5Vyper vulnerable to incorrect ordering of arguments for kwargs passed to internal calls
  from 0, < c3e68c302aa6e1429946473769dd1232145822ac | from 0, < 0.3.8
• HIGH7.5vyper vulnerable to storage allocator overflow
  from 0, < 0bb7203b584e771b23536ba065a6efda457161bb | from 0, < 0.3.8
• HIGH7.5vyper vulnerable to storage allocator overflow
  from 0, < 0.3.8
• HIGH7.5Incorrect success value returned in vyper
  >= 0.3.1, < 0.3.8
• HIGH7.5Incorrect success value returned in vyper
  from 0, < 851f7a1b3aa2a36fd041e3d0ed38f9355a58c8ae | >= 0.3.1, < 0.3.8
• HIGH7.5Multiple evaluation of contract address in call in vyper
  from 0, < 0.3.4
• HIGH7.5Multiple evaluation of contract address in call in vyper
  from 0, < 6b4d8ff185de071252feaa1c319712b2d6577f8d | from 0, < 0.3.4
• HIGH7.5Incorrect Comparison in Vyper
  from 0, < 0.3.2
• HIGH7.5Incorrect Comparison in Vyper
  from 0, < 2c73f8352635c0a433423a5b94740de1a118e508 | from 0, < 0.3.2
• HIGH7.5Memory corruption when returning a literal struct with a private call inside of it
  from 0, < 0.3.0
• HIGH7.5Memory corruption when returning a literal struct with a private call inside of it
  from 0, < 0.3.0
• HIGH7.3concat built-in can corrupt memory in vyper
  from 0, < 55e18f6d128b2da8986adbbcccf1cd59a4b9ad6f | from 0, < 0.4.0b1
• HIGH7.3concat built-in can corrupt memory in vyper
  >= 0.3.0, < 0.4.0
• HIGH7.1Buffer Overflow in vyper
  from 0, < 049dbdc647b2ce838fae7c188e6bb09cf16e470b | from 0, < 0.3.2
• HIGH7.1Buffer Overflow in vyper
  from 0, < 0.3.2
• MEDIUM5.3vyper's range(start, start + N) reverts for negative numbers
  >= 0.3.8, < 0.4.0
• MEDIUM5.3vyper's range(start, start + N) reverts for negative numbers
  >= 0.3.8, < 0.4.0b1
• MEDIUM5.3vyper performs incorrect topic logging in raw_log
  from 0, < 0.4.0
• MEDIUM5.3vyper performs incorrect topic logging in raw_log
  from 0, < 0.4.0
• MEDIUM5.3vyper performs double eval of the slice start/length args in certain cases
  from 0, < 0.4.0
• MEDIUM5.3vyper performs double eval of the slice start/length args in certain cases
  from 0, < 0.4.0
• MEDIUM5.3vyper performs double eval of raw_args in create_from_blueprint
  from 0, < 0.4.0
• MEDIUM5.3vyper performs double eval of raw_args in create_from_blueprint
  from 0, < 0.4.0
• MEDIUM5.3vyper default functions don't respect nonreentrancy keys
  from 0, < 93287e5ac184b53b395c907d40701f721daf8177, < 93287e5ac184b53b395c907d40701f721daf8177 | from 0, < 0.3.0
• MEDIUM5.3vyper default functions don't respect nonreentrancy keys
  from 0, < 0.3.0
• MEDIUM5.3vyper performs multiple eval of `sqrt()` argument built in
  from 0, < 0.4.0
• MEDIUM5.3vyper performs multiple eval of `sqrt()` argument built in
  from 0, < 0.4.0
• MEDIUM5.3Vyper's `_abi_decode` input not validated in complex expressions
  >= 0.3.4, < 0.3.10
• MEDIUM5.3Vyper's `_abi_decode` input not validated in complex expressions
  >= 0.3.4, < 0.3.10
• MEDIUM5.3Vyper has incorrect re-entrancy lock when key is empty string
  >= 0.2.9, < 0.3.10
• MEDIUM5.3Vyper has incorrect re-entrancy lock when key is empty string
  from 0, < 0b740280c1e3c5528a20d47b29831948ddcc6d83 | >= 0.2.9, < 0.3.10
• MEDIUM5.3incorrect order of evaluation of side effects for some builtins
  from 0, < 0.3.10rc1
• MEDIUM5.3incorrect order of evaluation of side effects for some builtins
  from 0, < 0.3.10rc1
• MEDIUM5.3Vyper: reversed order of side effects for some operations
  from 0, < 0.3.10rc1
• MEDIUM5.3Vyper: reversed order of side effects for some operations
  from 0, <= 0.4.2
• MEDIUM5.3ecrecover can return undefined data if signature does not verify
  from 0, < 019a37ab98ff53f04fecfadf602b6cd5ac748f7f | from 0, < 0.3.9
• MEDIUM5.3ecrecover can return undefined data if signature does not verify
  from 0, < 0.3.10
• MEDIUM4.8Vyper's raw_call `value=` kwargs not disabled for static and delegate calls
  from 0, < 0.4.0b1
• MEDIUM4.8Vyper's raw_call `value=` kwargs not disabled for static and delegate calls
  from 0, < 0.4.0
• MEDIUM4.3missing clamps for decimal args in external functions
  from 0, < 0.3.0
• MEDIUM4.3missing clamps for decimal args in external functions
  from 0, < 0.3.0
• LOW3.7Vyper's `extract32` can ready dirty memory
  from 0, < 0.4.0
• LOW3.7Vyper's `extract32` can ready dirty memory
  from 0, < 3d9c537142fb99b2672f21e2057f5f202cde194f | from 0, < 0.4.0
• LOW3.7Vyper's `_abi_decode` vulnerable to Memory Overflow
  from 0, < 0.4.0
• LOW3.7Vyper's `_abi_decode` vulnerable to Memory Overflow
  from 0, < 0.4.0b1
• LOW3.7Vyper sha3 codegen bug
  from 0, < 0.4.0b1
• LOW3.7Vyper sha3 codegen bug
  from 0, < 0.4.0
• LOW3.7Vyper's external calls can overflow return data to return input buffer
  from 0, < 0.4.0b1
• LOW3.7Vyper's external calls can overflow return data to return input buffer
  from 0, < 0.4.0
• LOW3.7Vyper's nonpayable default functions are sometimes payable
  from 0, < 02339dfda0f3caabad142060d511d10bfe93c520. | from 0, < 0.3.8
• LOW3.7Vyper's nonpayable default functions are sometimes payable
  from 0, < 0.3.8
• —Vyper's `slice()` may elide side-effects when output length is 0
  from 0, <= 0.4.2rc1
• —Vyper's `concat()` builtin may elide side-effects for zero-length arguments
  from 0, <= 0.4.2rc1
• —Vyper has a double eval in For List Iter
  from 0, < 0.4.1
• —Vyper has a double eval in For List Iter
  from 0, < 0.4.1
• —AugAssign evaluation order causing OOB write within the object in Vyper
  from 0, < 0.4.1
• —AugAssign evaluation order causing OOB write within the object in Vyper
  from 0, < 0.4.1
• —Vyper's sqrt doesn't define rounding behavior
  from 0, < 0.4.1
• —Vyper's sqrt doesn't define rounding behavior
  from 0, < 0.4.1