226 matches found
Malicious code in side-effects-package (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 82b6dc5cf513223d6d09a04e6a0a1291c7ac2be14c46381e61d023f39c00b8c2 Any computer that has this package installed or running should be considered...
MAL-2025-5307 Malicious code in side-effects-package (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 82b6dc5cf513223d6d09a04e6a0a1291c7ac2be14c46381e61d023f39c00b8c2 Any computer that has this package installed or running should be considered...
CVE-2024-32647
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the createfromblueprint builtin can result in a double eval vulnerability when rawargs=True and the args argument has side-effects. It can be seen that the buildcreateIR function of t...
CVE-2023-41052
Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions uint256addmod, uint256mulmod, ecadd and ecmul does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side...
GHSA-3VCG-J39X-CWFM Vyper's `slice()` may elide side-effects when output length is 0
Impact the slice builtin can elide side effects when the output length is 0, and the source bytestring is a builtin msg.data or .code. the reason is that for these source locations, the check that length = 1 is skipped:...
Insufficient Control Flow Management
Overview vyper is a Pythonic Smart Contract Language for the EVM. Affected versions of this package are vulnerable to Insufficient Control Flow Management through the slice function. An attacker can bypass the evaluation of side effects in the start argument when the length argument is set to 0,...
Vyper's `slice()` may elide side-effects when output length is 0
Impact the slice builtin can elide side effects when the output length is 0, and the source bytestring is a builtin msg.data or .code. the reason is that for these source locations, the check that length = 1 is skipped:...
Insufficient Control Flow Management
Overview vyper is a Pythonic Smart Contract Language for the EVM. Affected versions of this package are vulnerable to Insufficient Control Flow Management through optimization in the concat function. An attacker can skip evaluation of side effects when the length of an argument provided to the...
GHSA-QHR6-MGQR-MCHM Vyper's `concat()` builtin may elide side-effects for zero-length arguments
Impact concat may skip evaluation of side effects when the length of an argument is zero. this is due to a fastpath in the implementation which skips evaluation of argument expressions when their length is zero:...
Vyper's `concat()` builtin may elide side-effects for zero-length arguments
Impact concat may skip evaluation of side effects when the length of an argument is zero. this is due to a fastpath in the implementation which skips evaluation of argument expressions when their length is zero:...
CVE-2025-47285
Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, concat may skip evaluation of side effects when the length of an argument is zero. This is due to a fastpath in the implementation which skips evaluation of argument expressions...
CVE-2025-47774
Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, the slice builtin can elide side effects when the output length is 0, and the source bytestring is a builtin msg.data or .code. The reason is that for these source locations, the...
CVE-2025-47774 Vyper's `slice()` may elide side-effects when output length is 0
Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, the slice builtin can elide side effects when the output length is 0, and the source bytestring is a builtin msg.data or .code. The reason is that for these source locations, the...
CVE-2025-47774 Vyper's `slice()` may elide side-effects when output length is 0
Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, the slice builtin can elide side effects when the output length is 0, and the source bytestring is a builtin msg.data or .code. The reason is that for these source locations, the...
CVE-2025-47774 Vyper's `slice()` may elide side-effects when output length is 0
Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, the slice builtin can elide side effects when the output length is 0, and the source bytestring is a builtin msg.data or .code. The reason is that for these source locations, the...
CVE-2025-47774
CVE-2025-47774 relates to Vyper (Pythonic language for the EVM). The issue affects Vyper versions up to and including 0.4.2rc1 where slice() can elide side effects when length is 0 for certain source bytestrings (e.g., msg.data or .code). The root cause is that the length >= 1 check is skipped...
CVE-2025-47285 Vyper's `concat()` builtin may elide side-effects for zero-length arguments
Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, concat may skip evaluation of side effects when the length of an argument is zero. This is due to a fastpath in the implementation which skips evaluation of argument expressions...
CVE-2025-47285 Vyper's `concat()` builtin may elide side-effects for zero-length arguments
Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, concat may skip evaluation of side effects when the length of an argument is zero. This is due to a fastpath in the implementation which skips evaluation of argument expressions...
CVE-2025-47285 Vyper's `concat()` builtin may elide side-effects for zero-length arguments
Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, concat may skip evaluation of side effects when the length of an argument is zero. This is due to a fastpath in the implementation which skips evaluation of argument expressions...
CVE-2025-47285
CVE-2025-47285 affects Vyper up to and including 0.4.2rc1, where the built-in concat() may skip evaluation of side effects when an argument has zero length due to a fastpath in the implementation. The issue arises because argument expressions with zero length may bypass evaluation, which could su...