{"package":"vyper","ecosystem":"pypi","latest_version":"0.4.3","description":"Vyper: the Pythonic Programming Language for the EVM","license":"Apache License 2.0","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://github.com/vyperlang/vyper","repository":"https://github.com/vyperlang/vyper","downloads_weekly":0,"health":{"score":50,"risk":"high","breakdown":{"maintenance":10,"popularity":0,"security":23,"maturity":15,"community":2},"deprecated":false,"max_score":100},"vulnerabilities":{"count":2,"critical":0,"high":0,"medium":1,"low":1,"details":[{"vuln_id":"CVE-2025-21607","severity":"low","summary":"Vyper Does Not Check the Success of Certain Precompile Calls","affected_versions":"=0.1.0b1|=0.1.0b10|=0.1.0b11|=0.1.0b12|=0.1.0b13|=0.1.0b14|=0.1.0b15|=0.1.0b16|=0.1.0b17|=0.1.0b2|=0.1.0b3|=0.1.0b4|=0.1.0b5|=0.1.0b6|=0.1.0b7|=0.1.0b8|=0.1.0b9|=0.2.1|=0.2.10|=0.2.11|=0.2.12|=0.2.13|=0.2.14|=0.2.15|=0.2.16|=0.2.2|=0.2.3|=0.2.4|=0.2.5|=0.2.6|=0.2.7|=0.2.8|=0.2.9|=0.3.0|=0.3.1|=0.3.10|=0.3.10rc1|=0.3.10rc2|=0.3.10rc3|=0.3.10rc4|=0.3.10rc5|=0.3.2|=0.3.3|=0.3.4|=0.3.5|=0.3.6|=0.3.7|=0.3.8|=0.3.9|=0.4.0|=0.4.0b1|=0.4.0b2|=0.4.0b3|=0.4.0b4|=0.4.0b5|=0.4.0b6|=0.4.0rc1|=0.4.0rc2|=0.4.0rc3|=0.4.0rc4|=0.4.0rc5|=0.4.0rc6|=0.4.1|=0.4.1b1|=0.4.1b2|=0.4.1b3|=0.4.1b4|=0.4.1rc1|=0.4.1rc2|=0.4.1rc3|=0.4.2|=0.4.2rc1|=0.4.3|=0.4.3rc1","fixed_version":null,"source":"osv","published_at":"2025-01-14T16:34:20Z","in_kev":false,"epss_prob":0.00776,"epss_percentile":0.73697,"threat_tier":"theoretical"},{"vuln_id":"CVE-2023-39363","severity":"medium","summary":"Vyer is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in contracts compiled with the susceptible versions. A specific set of conditions is required to result in misbehavior of affected contracts, specifically: a `.vy` contract compiled with `vyper` versions `","affected_versions":"=0.1.0b1|=0.1.0b10|=0.1.0b11|=0.1.0b12|=0.1.0b13|=0.1.0b14|=0.1.0b15|=0.1.0b16|=0.1.0b17|=0.1.0b2|=0.1.0b3|=0.1.0b4|=0.1.0b5|=0.1.0b6|=0.1.0b7|=0.1.0b8|=0.1.0b9|=0.2.1|=0.2.10|=0.2.11|=0.2.12|=0.2.13|=0.2.14|=0.2.15|=0.2.16|=0.2.2|=0.2.3|=0.2.4|=0.2.5|=0.2.6|=0.2.7|=0.2.8|=0.2.9|=0.3.0|=0.3.1|=0.3.2|=0.3.3|=0.3.4|=0.3.5|=0.3.6|=0.3.7|=0.3.8|=0.3.9|=0.3.10|=0.3.10rc1|=0.3.10rc2|=0.3.10rc3|=0.3.10rc4|=0.3.10rc5|=0.4.0|=0.4.0b1|=0.4.0b2|=0.4.0b3|=0.4.0b4|=0.4.0b5|=0.4.0b6|=0.4.0rc1|=0.4.0rc2|=0.4.0rc3|=0.4.0rc4|=0.4.0rc5|=0.4.0rc6|=0.4.1|=0.4.1b1|=0.4.1b2|=0.4.1b3|=0.4.1b4|=0.4.1rc1|=0.4.1rc2|=0.4.1rc3|=0.4.2|=0.4.2rc1|=0.4.3|=0.4.3rc1","fixed_version":null,"source":"osv","published_at":"2023-08-07T19:15:00Z","in_kev":false,"epss_prob":0.00072,"epss_percentile":0.21708,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"0.4.3","total_count":74,"recent":["0.4.0b6","0.4.0rc1","0.4.0rc2","0.4.0rc3","0.4.0rc4","0.4.0rc5","0.4.0rc6","0.4.0","0.4.1b1","0.4.1b2","0.4.1b3","0.4.1b4","0.4.1rc1","0.4.1rc2","0.4.1rc3","0.4.1","0.4.2rc1","0.4.2","0.4.3rc1","0.4.3"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":1,"first_published":null,"last_published":"2025-06-18T20:09:52.400542Z","dependencies_count":51,"dependencies":["cbor2<6,>=5.4.6","asttokens<4,>=2.0.5","pycryptodome<4,>=3.5.1","packaging>=23.1","lark<2,>=1.0.0","wheel","immutables","ipython; extra == \"dev\"","pre-commit; extra == \"dev\"","pyinstaller; extra == \"dev\"","twine; extra == \"dev\"","pytest<9.0,>=8.0; extra == \"dev\"","pytest-cov<5.0,>=4.1; extra == \"dev\"","pytest-instafail<1.0,>=0.4; extra == \"dev\"","pytest-xdist<3.4,>=3.0; extra == \"dev\"","pytest-split<1.0,>=0.7.0; extra == \"dev\"","eth-abi<6.0.0,>=5.0.0; extra == \"dev\"","py-evm>=0.12.1b1; extra == \"dev\"","lark==1.1.9; extra == \"dev\"","hypothesis[lark]<7.0,>=6.0; extra == \"dev\"","eth-stdlib==0.2.7; extra == \"dev\"","eth-account==0.12.2; extra == \"dev\"","setuptools; extra == \"dev\"","hexbytes>=1.2; extra == \"dev\"","pyrevm>=0.3.2; extra == \"dev\"","black==23.12.0; extra == \"dev\"","flake8==6.1.0; extra == \"dev\"","flake8-bugbear==23.12.2; extra == \"dev\"","flake8-use-fstring==1.4; extra == \"dev\"","isort==5.13.2; extra == \"dev\"","mypy==1.5; extra == \"dev\"","black==23.12.0; extra == \"lint\"","flake8==6.1.0; extra == \"lint\"","flake8-bugbear==23.12.2; extra == \"lint\"","flake8-use-fstring==1.4; extra == \"lint\"","isort==5.13.2; extra == \"lint\"","mypy==1.5; extra == \"lint\"","pytest<9.0,>=8.0; extra == \"test\"","pytest-cov<5.0,>=4.1; extra == \"test\"","pytest-instafail<1.0,>=0.4; extra == \"test\"","pytest-xdist<3.4,>=3.0; extra == \"test\"","pytest-split<1.0,>=0.7.0; extra == \"test\"","eth-abi<6.0.0,>=5.0.0; extra == \"test\"","py-evm>=0.12.1b1; extra == \"test\"","lark==1.1.9; extra == \"test\"","hypothesis[lark]<7.0,>=6.0; extra == \"test\"","eth-stdlib==0.2.7; extra == \"test\"","eth-account==0.12.2; extra == \"test\"","setuptools; extra == \"test\"","hexbytes>=1.2; extra == \"test\"","pyrevm>=0.3.2; extra == \"test\""]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"safe_to_use","issues":[],"use_version":"0.4.3","version_hint":null,"summary":"vyper@0.4.3 is safe to use (health: 50/100)"},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":20,"first_release_age_days":null,"last_release_days_ago":314,"avg_days_between_releases":null,"release_velocity":"moderate"}}