Vulnerabilities in vyperlang
40 resultsCVE-2023-42460MEDIUM_abi_decode input not validated in complex expressions in VyperEPSS 0.6%CVE-2023-32675LOWNonpayable default functions are sometimes payable in vyperEPSS 0.6%CVE-2024-26149LOWVyper _abi_decode Memory OverflowEPSS 0.5%CVE-2024-24560LOWVyper external calls can overflow return data to return input bufferEPSS 0.5%CVE-2025-27105LOWAugAssign evaluation order causing OOB write within the object in VyperEPSS 0.5%CVE-2023-37902MEDIUMVyper's ecrecover can return undefined data if signature does not verifyEPSS 0.5%CVE-2024-24567MEDIUMraw_call `value=` kwargs not disabled for static and delegate callsEPSS 0.5%CVE-2023-41052LOWVyper: incorrect order of evaluation of side effects for some builtinsEPSS 0.5%CVE-2024-32645MEDIUMvyper performs incorrect topic logging in raw_logEPSS 0.5%CVE-2024-32646MEDIUMvyper performs double eval of the slice args when buffer from adhoc locationsEPSS 0.5%CVE-2024-32647MEDIUMvyper performs double eval of raw_args in create_from_blueprintEPSS 0.5%CVE-2024-32649MEDIUMvyper performs double eval of the argument of sqrtEPSS 0.5%CVE-2023-42441MEDIUMVyper has incorrect re-entrancy lock when key is empty stringEPSS 0.4%CVE-2023-40015LOWVyper: reversed order of side effects for some operationsEPSS 0.4%CVE-2024-32648MEDIUMvyper default functions don't respect nonreentrancy keysEPSS 0.4%CVE-2025-27104LOWdouble eval in For List Iter in VyperEPSS 0.4%CVE-2025-47774LOWVyper's `slice()` may elide side-effects when output length is 0EPSS 0.4%CVE-2025-47285LOWVyper's `concat()` builtin may elide side-effects for zero-length argumentsEPSS 0.4%CVE-2025-26622LOWsqrt doesn't define rounding behavior in VyperEPSS 0.3%CVE-2024-24559LOWVyper SHA3 code generation bugEPSS 0.3%