VYPR

Rs Soroban SDK

by Stellar

Source repositories

CVEs (3)

  • CVE-2026-32322Mar 12, 2026
    risk 0.00cvss epss 0.00

    soroban-sdk is a Rust SDK for Soroban contracts. Prior to 22.0.11, 23.5.3, and 25.3.0, The Fr (scalar field) types for BN254 and BLS12-381 in soroban-sdk compared values using their raw U256 representation without first reducing modulo the field modulus r. This caused…

  • CVE-2026-26267Feb 19, 2026
    risk 0.00cvss epss 0.00

    soroban-sdk is a Rust SDK for Soroban contracts. Prior to versions 22.0.10, 23.5.2, and 25.1.1, the `#[contractimpl]` macro contains a bug in how it wires up function calls. `#[contractimpl]` generates code that uses `MyContract::value()` style calls even when it's processing…

  • CVE-2026-24889Jan 28, 2026
    risk 0.00cvss epss 0.00

    soroban-sdk is a Rust SDK for Soroban contracts. Arithmetic overflow can be triggered in the `Bytes::slice`, `Vec::slice`, and `Prng::gen_range` (for `u64`) methods in the `soroban-sdk` in versions up to and including `25.0.1`, `23.5.1`, and `25.0.2`. Contracts that pass…