VYPR
Vendor

Stellar

Products
3
CVEs
6
Across products
6
Status
Private

Products

3

Recent CVEs

6
  • CVE-2026-32129HigMar 12, 2026
    risk 0.50cvss epss 0.00

    soroban-poseidon provides Poseidon and Poseidon2 cryptographic hash functions for Soroban smart contracts. Poseidon V1 (PoseidonSponge) accepts variable-length inputs without injective padding. When a caller provides fewer inputs than the sponge rate (inputs.len() < T - 1),…

  • CVE-2024-32985MedMay 14, 2024
    risk 0.31cvss 5.9epss 0.00

    Stellar-core is a reference implementation for the peer-to-peer agent that manages the Stellar network. Prior to 20.4.0, core nodes could be randomly crashed due to a race condition with a 3rd party library. The likelihood of affecting the network is low since crashed nodes come…

  • CVE-2026-32322Mar 12, 2026
    risk 0.00cvss epss 0.00

    soroban-sdk is a Rust SDK for Soroban contracts. Prior to 22.0.11, 23.5.3, and 25.3.0, The Fr (scalar field) types for BN254 and BLS12-381 in soroban-sdk compared values using their raw U256 representation without first reducing modulo the field modulus r. This caused…

  • CVE-2026-26267Feb 19, 2026
    risk 0.00cvss epss 0.00

    soroban-sdk is a Rust SDK for Soroban contracts. Prior to versions 22.0.10, 23.5.2, and 25.1.1, the `#[contractimpl]` macro contains a bug in how it wires up function calls. `#[contractimpl]` generates code that uses `MyContract::value()` style calls even when it's processing…

  • CVE-2026-24889Jan 28, 2026
    risk 0.00cvss epss 0.00

    soroban-sdk is a Rust SDK for Soroban contracts. Arithmetic overflow can be triggered in the `Bytes::slice`, `Vec::slice`, and `Prng::gen_range` (for `u64`) methods in the `soroban-sdk` in versions up to and including `25.0.1`, `23.5.1`, and `25.0.2`. Contracts that pass…

  • CVE-2023-40580Aug 25, 2023
    risk 0.00cvss epss 0.01

    Freighter is a Stellar chrome extension. It may be possible for a malicious website to access the recovery mnemonic phrase when the Freighter wallet is unlocked. This vulnerability impacts access control to the mnemonic recovery phrase. This issue was patched in version 5.3.1.