LOW 3.7 PyPI
GHSA-4hwq-4cpm-8vmx · CVE-2024-24564, PYSEC-2024-205 Vyper's `extract32` can ready dirty memory
Modified: 6/10/2026
package
PyPI / vyper
pkg:pypi/vyper
HIGH 7.1 PyPI
GHSA-4mrx-6fxm-8jpg · CVE-2022-24788, PYSEC-2022-197 Buffer Overflow in vyper
Modified: 11/19/2024
MEDIUM PyPI
GHSA-22wc-c9wj-6q2v VVE-2021-0001: Memory corruption using function calls within arrays
Modified: 12/2/2024
LOW PyPI
GHSA-2p94-8669-xg86 · CVE-2025-26622, PYSEC-2025-29 Vyper's sqrt doesn't define rounding behavior
Modified: 4/9/2025
HIGH 7.3 PyPI
GHSA-2q8v-3gqq-4f8p · CVE-2024-22419, PYSEC-2024-103 concat built-in can corrupt memory in vyper
Modified: 10/10/2024
LOW PyPI
GHSA-375m-5fvv-xq23 VVE-2021-0002: Incorrect `returndatasize` when using simple forwarder proxies deployed prior to EIP-1167 adoption
Modified: 12/2/2024
MEDIUM 5.3 PyPI
GHSA-3hg2-r75x-g69m · CVE-2023-42441, PYSEC-2023-305 Vyper has incorrect re-entrancy lock when key is empty string
Modified: 11/22/2024
HIGH 7.5 PyPI
GHSA-3p37-3636-q8wv · CVE-2023-31146, PYSEC-2023-77 Vyper vulnerable to OOB DynArray access when array is on both LHS and RHS of an assignment
Modified: 11/19/2024
LOW PyPI
GHSA-3vcg-j39x-cwfm · CVE-2025-47774 Vyper's `slice()` may elide side-effects when output length is 0
Modified: 5/16/2025
MEDIUM 5.3 PyPI
GHSA-3whq-64q2-qfj6 · CVE-2024-32647, PYSEC-2024-208 vyper performs double eval of raw_args in create_from_blueprint
Modified: 6/10/2026
MEDIUM 5.3 PyPI
GHSA-4hg4-9mf5-wxxq · CVE-2023-41052, PYSEC-2023-168 incorrect order of evaluation of side effects for some builtins
Modified: 11/19/2024
HIGH 7.5 PyPI
GHSA-4v9q-cgpw-cf38 · CVE-2022-29255, PYSEC-2022-43053 Multiple evaluation of contract address in call in vyper
Modified: 11/19/2024
LOW PyPI
GHSA-4w26-8p97-f4jp · CVE-2025-27105, PYSEC-2025-31 AugAssign evaluation order causing OOB write within the object in Vyper
Modified: 4/9/2025
CRITICAL 9.8 PyPI
GHSA-52xq-j7v9-v4v2 · CVE-2024-24563, PYSEC-2024-150 Vyper negative array index bounds checks
Modified: 11/22/2024
HIGH 8.7 PyPI
GHSA-5824-cm3x-3c38 · CVE-2023-39363, PYSEC-2023-142 Vyper has incorrectly allocated named re-entrancy locks
Modified: 10/14/2024
MEDIUM 5.3 PyPI
GHSA-5jrj-52x8-m64h · CVE-2024-32649, PYSEC-2024-209 vyper performs multiple eval of `sqrt()` argument built in
Modified: 6/10/2026
LOW 3.7 PyPI
GHSA-6845-xw22-ffxv · CVE-2024-24559, PYSEC-2024-147 Vyper sha3 codegen bug
Modified: 11/22/2024
HIGH 7.5 PyPI
GHSA-6m97-7527-mh74 · CVE-2023-46247, PYSEC-2023-307 incorrect storage layout for contracts containing large arrays
Modified: 11/22/2024
HIGH 7.5 PyPI
GHSA-6r8q-pfpv-7cgj · CVE-2023-32058, PYSEC-2023-78 Vyper vulnerable to integer overflow in loop
Modified: 11/19/2024
HIGH PyPI
GHSA-7f92-rr6w-cq64 Storage corruption due to variables overwritten by re-entrancy locks
Modified: 12/2/2024
HIGH 7.5 PyPI
GHSA-7vrm-3jc8-5wwm · CVE-2022-24787, PYSEC-2022-196 Incorrect Comparison in Vyper
Modified: 12/5/2024
LOW 3.7 PyPI
GHSA-9p8r-4xp4-gw5w · CVE-2024-26149, PYSEC-2024-164 Vyper's `_abi_decode` vulnerable to Memory Overflow
Modified: 6/10/2026
CRITICAL 9.8 PyPI
GHSA-9x7f-gwxq-6f2c · CVE-2024-24561, PYSEC-2024-149 Vyper's bounds check on built-in `slice()` function can be overflowed
Modified: 11/22/2024
HIGH 8.1 PyPI
GHSA-c647-pxm2-c52w · CVE-2023-42443, PYSEC-2023-306 Vyper vulnerable to memory corruption in certain builtins utilizing `msize`
Modified: 11/22/2024
MEDIUM 4.3 PyPI
GHSA-c7pr-343r-5c46 · CVE-2021-41122, PYSEC-2021-366 missing clamps for decimal args in external functions
Modified: 3/13/2026
MEDIUM 5.3 PyPI
GHSA-cx2q-hfxr-rj97 · CVE-2023-42460, PYSEC-2023-191 Vyper's `_abi_decode` input not validated in complex expressions
Modified: 11/19/2024
MEDIUM 5.3 PyPI
GHSA-f5x6-7qgp-jhf3 · CVE-2023-37902, PYSEC-2023-133 ecrecover can return undefined data if signature does not verify
Modified: 11/19/2024
MEDIUM 5.3 PyPI
GHSA-g2xh-c426-v8mf · CVE-2023-40015, PYSEC-2023-167 Vyper: reversed order of side effects for some operations
Modified: 6/18/2025
LOW 3.7 PyPI
GHSA-gp3w-2v2m-p686 · CVE-2024-24560, PYSEC-2024-148 Vyper's external calls can overflow return data to return input buffer
Modified: 11/22/2024
LOW PyPI
GHSA-h33q-mhmp-8p67 · CVE-2025-27104, PYSEC-2025-30 Vyper has a double eval in For List Iter
Modified: 4/9/2025
HIGH 8.8 PyPI
GHSA-j2x6-9323-fp7h · CVE-2022-24845, PYSEC-2022-198 Integer bounds error in Vyper
Modified: 11/8/2023
MEDIUM 5.3 PyPI
GHSA-m2v9-w374-5hj9 · CVE-2024-32648, PYSEC-2024-163 vyper default functions don't respect nonreentrancy keys
Modified: 6/10/2026
HIGH 7.5 PyPI
GHSA-mgv8-gggw-mrg6 · CVE-2023-30837, PYSEC-2023-76 vyper vulnerable to storage allocator overflow
Modified: 11/19/2024
LOW PyPI
GHSA-mr6r-mvw4-736g Vyper interfaces returning integer types less than 256 bits can be manipulated if uint256 is used
Modified: 12/2/2024
HIGH 7.5 PyPI
GHSA-ph9x-4vc9-m39g · CVE-2023-32059, PYSEC-2023-79 Vyper vulnerable to incorrect ordering of arguments for kwargs passed to internal calls
Modified: 11/19/2024
MEDIUM 5.3 PyPI
GHSA-ppx5-q359-pvwj · CVE-2024-32481, PYSEC-2024-246 vyper's range(start, start + N) reverts for negative numbers
Modified: 6/10/2026
LOW PyPI
GHSA-qhr6-mgqr-mchm · CVE-2025-47285 Vyper's `concat()` builtin may elide side-effects for zero-length arguments
Modified: 5/16/2025
MEDIUM 5.3 PyPI
GHSA-r56x-j438-vw5m · CVE-2024-32646, PYSEC-2024-207 vyper performs double eval of the slice start/length args in certain cases
Modified: 6/10/2026
LOW PyPI
GHSA-vgf2-gvx8-xwc3 · CVE-2025-21607, PYSEC-2025-33 Vyper Does Not Check the Success of Certain Precompile Calls
Modified: 6/10/2026
LOW 3.7 PyPI
GHSA-vxmm-cwh2-q762 · CVE-2023-32675, PYSEC-2023-80 Vyper's nonpayable default functions are sometimes payable
Modified: 2/22/2026
HIGH 7.5 PyPI
GHSA-w9g2-3w7p-72g9 · CVE-2023-30629, PYSEC-2023-131 Incorrect success value returned in vyper
Modified: 11/19/2024
MEDIUM 4.8 PyPI
GHSA-x2c2-q32w-4w6m · CVE-2024-24567, PYSEC-2024-151 Vyper's raw_call `value=` kwargs not disabled for static and delegate calls
Modified: 11/22/2024
MEDIUM 5.3 PyPI
GHSA-xchq-w5r3-4wg3 · CVE-2024-32645, PYSEC-2024-206 vyper performs incorrect topic logging in raw_log
Modified: 6/10/2026
HIGH 7.5 PyPI
GHSA-xv8x-pr4h-73jv · CVE-2021-41121, PYSEC-2021-365 Memory corruption when returning a literal struct with a private call inside of it
Modified: 3/13/2026
— PyPI
PYSEC-2021-365 · CVE-2021-41121, GHSA-xv8x-pr4h-73jv Modified: 11/8/2023
— PyPI
PYSEC-2021-366 · CVE-2021-41122, GHSA-c7pr-343r-5c46 Modified: 11/8/2023
— PyPI
PYSEC-2022-196 · CVE-2022-24787, GHSA-7vrm-3jc8-5wwm Modified: 11/8/2023
— PyPI
PYSEC-2022-197 · CVE-2022-24788, GHSA-4mrx-6fxm-8jpg Modified: 11/8/2023
— PyPI
PYSEC-2022-198 · CVE-2022-24845, GHSA-j2x6-9323-fp7h Modified: 11/8/2023
HIGH 7.5 PyPI
PYSEC-2022-43053 · CVE-2022-29255, GHSA-4v9q-cgpw-cf38 Modified: 11/8/2023
HIGH 7.5 PyPI
PYSEC-2023-131 · CVE-2023-30629, GHSA-w9g2-3w7p-72g9 Modified: 11/8/2023
MEDIUM 5.3 PyPI
PYSEC-2023-133 · CVE-2023-37902, GHSA-f5x6-7qgp-jhf3 Modified: 11/8/2023
MEDIUM 5.9 PyPI
PYSEC-2023-142 · CVE-2023-39363, GHSA-5824-cm3x-3c38 Modified: 10/9/2025
MEDIUM 5.3 PyPI
PYSEC-2023-167 · CVE-2023-40015, GHSA-g2xh-c426-v8mf Modified: 11/8/2023
MEDIUM 5.3 PyPI
PYSEC-2023-168 · CVE-2023-41052, GHSA-4hg4-9mf5-wxxq Modified: 11/8/2023
HIGH 7.5 PyPI
PYSEC-2023-191 · CVE-2023-42460, GHSA-cx2q-hfxr-rj97 Modified: 11/8/2023
MEDIUM 5.3 PyPI
PYSEC-2023-305 · CVE-2023-42441, GHSA-3hg2-r75x-g69m Modified: 11/21/2024
HIGH 8.1 PyPI
PYSEC-2023-306 · CVE-2023-42443, GHSA-c647-pxm2-c52w Modified: 11/21/2024
HIGH 7.5 PyPI
PYSEC-2023-307 · CVE-2023-46247, GHSA-6m97-7527-mh74 Modified: 11/21/2024
— PyPI
PYSEC-2023-76 · CVE-2023-30837, GHSA-mgv8-gggw-mrg6 Modified: 11/8/2023
— PyPI
PYSEC-2023-77 · CVE-2023-31146, GHSA-3p37-3636-q8wv Modified: 11/8/2023
— PyPI
PYSEC-2023-78 · CVE-2023-32058, GHSA-6r8q-pfpv-7cgj Modified: 11/8/2023
— PyPI
PYSEC-2023-79 · CVE-2023-32059, GHSA-ph9x-4vc9-m39g Modified: 11/8/2023
— PyPI
PYSEC-2023-80 · CVE-2023-32675, GHSA-vxmm-cwh2-q762 Modified: 2/22/2026
CRITICAL 9.8 PyPI
PYSEC-2024-103 · CVE-2024-22419, GHSA-2q8v-3gqq-4f8p Modified: 10/9/2024
MEDIUM 5.3 PyPI
PYSEC-2024-147 · CVE-2024-24559, GHSA-6845-xw22-ffxv Modified: 11/21/2024
MEDIUM 5.3 PyPI
PYSEC-2024-148 · CVE-2024-24560, GHSA-gp3w-2v2m-p686 Modified: 11/21/2024
CRITICAL 9.8 PyPI
PYSEC-2024-149 · CVE-2024-24561, GHSA-9x7f-gwxq-6f2c Modified: 11/21/2024
CRITICAL 9.8 PyPI
PYSEC-2024-150 · CVE-2024-24563, GHSA-52xq-j7v9-v4v2 Modified: 11/21/2024
MEDIUM 5.3 PyPI
PYSEC-2024-151 · CVE-2024-24567, GHSA-x2c2-q32w-4w6m Modified: 11/21/2024
MEDIUM 5.3 PyPI
PYSEC-2024-163 · CVE-2024-32648, GHSA-m2v9-w374-5hj9 Modified: 6/10/2026
MEDIUM 5.3 PyPI
PYSEC-2024-164 · CVE-2024-26149, GHSA-9p8r-4xp4-gw5w Modified: 6/10/2026
MEDIUM 5.3 PyPI
PYSEC-2024-205 · CVE-2024-24564, GHSA-4hwq-4cpm-8vmx Modified: 6/10/2026
MEDIUM 5.3 PyPI
PYSEC-2024-206 · CVE-2024-32645, GHSA-xchq-w5r3-4wg3 Modified: 6/10/2026
MEDIUM 5.3 PyPI
PYSEC-2024-207 · CVE-2024-32646, GHSA-r56x-j438-vw5m Modified: 6/10/2026
MEDIUM 5.3 PyPI
PYSEC-2024-208 · CVE-2024-32647, GHSA-3whq-64q2-qfj6 Modified: 6/10/2026
MEDIUM 5.3 PyPI
PYSEC-2024-209 · CVE-2024-32649, GHSA-5jrj-52x8-m64h Modified: 6/10/2026
MEDIUM 5.3 PyPI
PYSEC-2024-246 · CVE-2024-32481, GHSA-ppx5-q359-pvwj Modified: 6/10/2026
— PyPI
PYSEC-2025-29 · CVE-2025-26622, GHSA-2p94-8669-xg86 Modified: 4/9/2025
— PyPI
PYSEC-2025-30 · CVE-2025-27104, GHSA-h33q-mhmp-8p67 Modified: 4/9/2025
— PyPI
PYSEC-2025-31 · CVE-2025-27105, GHSA-4w26-8p97-f4jp Modified: 4/9/2025
HIGH 7.5 PyPI
PYSEC-2025-33 · CVE-2025-21607, GHSA-vgf2-gvx8-xwc3 Modified: 6/10/2026