CVE/GHSA advisory issued against protocol

Yearn Finance's assessment for RD-F-178 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No CVE, GHSA, or equivalent public advisory found issued against Yearn Finance core vault contracts. Yearn's own yearn-security GitHub repo uses a proprietary disclosure format (disclosures/ directory) rather than GHSA. Incidents are documented through rekt.news and internal disclosure files, not through formal vulnerability databases. No NVD CVE entries found for yearn-finance in available sources. Threshold: green = no advisory or all patched; yellow = advisory exists and patched; red = advisory exists and unpatched in current deploy.

Sources #

URL
Yearn Security GitHub — disclosuresYearn Security GitHub — disclosures directory uses proprietary format, not GHSAretrieved 2026-05-16
URL
rekt.news — Yearn rekt4rekt.news Yearn coverage — incidents documented through rekt.news, not CVE/GHSA systemsretrieved 2026-05-16

Methodology #

Determine whether a CVE, GHSA, or equivalent public advisory has been issued against this protocol or its code.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol yearn-finance factor RD-F-178 score green collected_at 2026-05-16 08:34:32