EUVD-2024-0184

Malicious code in bioql PyPI...

EUVD-2024-0183

Malicious code in bioql PyPI...

CVE-2024-32646

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the slice builtin can result in a double eval vulnerability when the buffer argument is either msg.data, self.code or .code and either the start or length arguments have side-effects...

CVE-2024-24559

Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the IR for sha364. Concretely, the height variable is miscalculated. The vulnerability can't be triggered without writing the IR by hand that is, it cannot be triggered from regular...

Insufficient Control Flow Management

Vyper is vulnerable to Insufficient Control Flow Management. The vulnerability is due to the Vyper compiler skipping evaluation of the start argument in the slice function when length is 0 and the source is a special location like msg.data or .code, allows an attacker to suppress execution of...

Insufficient Control Flow Management

Vyper is vulnerable to Insufficient Control Flow Management. The vulnerability is due to a fastpath optimization in the concat function that skips evaluating argument expressions when their length is zero, allowing the omission of side effects and potentially leading to unintended logic behavior ...

2vyper (=0.3.0), ape-dasy (=0.1.0) +39 more potentially affected by CVE-2025-47774 via vyper (>=0.1.0b12 <=0.4.1)

vyper PYPI version =0.1.0b12, =0.6.0, =0.7.1, =0.1.0, =0.0.1, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.1.0, =0.7.2, =0.0.1, =0.3.2 and more Source cves: CVE-2025-47774 Source advisory: OSV:GHSA-3VCG-J39X-CWFM...

2vyper (=0.3.0), ape-dasy (=0.1.0) +39 more potentially affected by CVE-2025-47774 via vyper (>=0.1.0b12 <=0.4.1)

vyper PYPI version =0.1.0b12, =0.6.0, =0.7.1, =0.1.0, =0.0.1, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.1.0, =0.7.2, =0.0.1, =0.3.2 and more Source cves: CVE-2025-47774 Source advisory: SNYK:PYTHON-VYPER-10183409...

ape-dasy (=0.1.0), ape-safe (>=0.7.0 <=0.7.1) +19 more potentially affected by CVE-2025-47285 via vyper (>=0.3.9 <=0.4.1)

vyper PYPI version =0.3.9, =0.7.0, =0.0.1, =0.5.5.post5, =0.5.5.post4, =0.1.1, =0.1.0, =0.9.0, =0.0.1, =0.0.1, =1.20.7, =0.0.1, =0.0.1, =0.3.4, =0.3.4b5 and more Source cves: CVE-2025-47285 Source advisory: SNYK:PYTHON-VYPER-10183408...

2vyper (=0.3.0), ape-dasy (=0.1.0) +39 more potentially affected by CVE-2025-47285 via vyper (>=0.1.0b12 <=0.4.1)

vyper PYPI version =0.1.0b12, =0.6.0, =0.7.1, =0.1.0, =0.0.1, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.1.0, =0.7.2, =0.0.1, =0.3.2 and more Source cves: CVE-2025-47285 Source advisory: OSV:GHSA-QHR6-MGQR-MCHM...

Vyper 安全漏洞

Vyper is a Pythonic smart contract language for EVM open sourced by vyperlang. A security vulnerability exists in Vyper 0.4.2rc1 and earlier versions, which stems from concat potentially skipping side-effect evaluation when the parameter length is zero...

Vyper 安全漏洞

Vyper is a Pythonic smart contract language for EVM open sourced by vyperlang. A security vulnerability exists in Vyper 0.4.2rc1 and earlier versions, which stems from a slice function that may skip side-effect evaluation when the output length is zero...

PT-2025-21347 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions up to and including 0.4.2rc1 Description: The issue arises from the concat function potentially skipping the evaluation of side effects when the length of an argument is zero. This is due to a fastpath in the implementation tha...

Incorrect Calculation

Vyper is vulnerable to Incorrect Calculation. The vulnerability is due to improper handling of oscillating final states due to the sqrt builtin incorrectly rounding up results when using the Babylonian method for square root calculation...

Out-of-bounds Write

Vyper is vulnerable to Out-of-bounds Write. The vulnerability is due to improper bounds validation due to the caching of the target location in an AugAssign statement, which prevents re-evaluating the bounds check when modifying a DynArray...

2vyper (=0.3.0), ape-dasy (=0.1.0) +30 more potentially affected by CVE-2025-27105 via vyper (>=0.1.0b12 <=0.4.0)

vyper PYPI version =0.1.0b12, =0.6.0, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =1.20.7 and more Source cves: CVE-2025-27105 Source advisory: SNYK:PYTHON-VYPER-8743937...

2vyper (=0.3.0), ape-dasy (=0.1.0) +30 more potentially affected by CVE-2025-26622 via vyper (>=0.1.0b12 <=0.4.0)

vyper PYPI version =0.1.0b12, =0.6.0, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =1.20.7 and more Source cves: CVE-2025-26622 Source advisory: SNYK:PYTHON-VYPER-8743938...

2vyper (=0.3.0), ape-dasy (=0.1.0) +30 more potentially affected by CVE-2025-26622 via vyper (>=0.1.0b12 <=0.4.0)

vyper PYPI version =0.1.0b12, =0.6.0, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =1.20.7 and more Source cves: CVE-2025-26622 Source advisory: OSV:PYSEC-2025-29...

2vyper (=0.3.0), ape-dasy (=0.1.0) +30 more potentially affected by CVE-2025-27104 via vyper (>=0.1.0b12 <=0.4.0)

vyper PYPI version =0.1.0b12, =0.6.0, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =1.20.7 and more Source cves: CVE-2025-27104 Source advisory: OSV:PYSEC-2025-30...

CVE-2025-27105

vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, in the case when target is an access to a DynArray and the rhs modifies the array, the cached target will evaluate first, and the...