VIR Vulnerability Intelligence Relay

Package impact

python PyPI / vllm

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-44222 high 7.5 7.5 16d ago vLLM Vulnerable to Remote DoS via Special-Token Placeholders python
CVE-2026-44223 medium 6.5 6.5 16d ago vLLM is an inference and serving engine for large language models (LLMs). From to before 0.20.0, the extract_hidden_states speculative decoding proposer in vLLM returns a tensor with an incorrect sh… python
CVE-2026-7141 medium 5.6 5.6 1mo ago vLLM makes Use of Uninitialized Resource python
CVE-2026-34755 unknown 2mo ago vLLM is an inference and serving engine for large language models (LLMs). From 0.7.0 to before 0.19.0, the VideoMediaIO.load_base64() method at vllm/multimodal/media/video.py splits video/jpeg data U… python
CVE-2026-34753 unknown 2mo ago vLLM: Server-Side Request Forgery (SSRF) in `download_bytes_from_url ` python
CVE-2026-34756 unknown 2mo ago vLLM: Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server python
CVE-2026-27893 unknown 2mo ago vLLM has Hardcoded Trust Override in Model Files Enables RCE Despite Explicit User Opt-Out python
CVE-2026-25960 unknown 3mo ago vLLM has SSRF Protection Bypass python
CVE-2026-22778 unknown 4mo ago vLLM has RCE In Video Processing python
CVE-2026-24779 unknown 4mo ago vLLM vulnerable to Server-Side Request Forgery (SSRF) through MediaConnector python
CVE-2026-22807 unknown 4mo ago vLLM affected by RCE via auto_map dynamic module loading during model initialization python
CVE-2026-22773 unknown 5mo ago vLLM is an inference and serving engine for large language models (LLMs). In versions from 0.6.4 to before 0.12.0, users can crash the vLLM engine serving multimodal models that use the Idefics3 visi… python
CVE-2025-66448 unknown 6mo ago vLLM vulnerable to remote code execution via transformers_utils/get_config python
CVE-2025-62426 unknown 6mo ago vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs` python
CVE-2025-62372 unknown 6mo ago vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs python
CVE-2025-62164 unknown 6mo ago vLLM deserialization vulnerability leading to DoS and potential RCE python
CVE-2025-6242 unknown 8mo ago vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class python
CVE-2025-61620 unknown 8mo ago vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server python
CVE-2025-59425 unknown 8mo ago vLLM is vulnerable to timing attack at bearer auth python
CVE-2025-9141 unknown 9mo ago vLLM has remote code execution vulnerability in the tool call parser for Qwen3-Coder python
CVE-2025-48956 unknown 9mo ago vllm API endpoints vulnerable to Denial of Service Attacks python
CVE-2025-48944 unknown 1y ago vLLM Tool Schema allows DoS via Malformed pattern and type Fields python
CVE-2025-48943 unknown 1y ago vLLM is an inference and serving engine for large language models (LLMs). Version 0.8.0 up to but excluding 0.9.0 have a Denial of Service (ReDoS) that causes the vLLM server to crash if an invalid r… python
CVE-2025-48942 unknown 1y ago vLLM is an inference and serving engine for large language models (LLMs). In versions 0.8.0 up to but excluding 0.9.0, hitting the /v1/completions API with a invalid json_schema as a Guided Param ki… python
CVE-2025-46722 unknown 1y ago vLLM is an inference and serving engine for large language models (LLMs). In versions starting from 0.7.0 to before 0.9.0, in the file vllm/multimodal/hasher.py, the MultiModalHasher class has a secu… python
CVE-2025-46570 unknown 1y ago vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.9.0, when a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the pre… python
CVE-2025-48887 unknown 1y ago vLLM, an inference and serving engine for large language models (LLMs), has a Regular Expression Denial of Service (ReDoS) vulnerability in the file `vllm/entrypoints/openai/tool_parsers/pythonic_too… python
CVE-2025-47277 unknown 1y ago vLLM Allows Remote Code Execution via PyNcclPipe Communication Service python
CVE-2025-30165 unknown 1y ago Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration python
CVE-2025-46560 unknown 1y ago phi4mm: Quadratic Time Complexity in Input Token Processing​ leads to denial of service python
CVE-2025-32444 unknown 1y ago vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration with mooncake, are vulnerable to remote … python
CVE-2025-30202 unknown 1y ago Data exposure via ZeroMQ on multi-node vLLM deployment python
CVE-2024-9052 unknown 1y ago vLLM deserialization vulnerability in vllm.distributed.GroupCoordinator.recv_object python
CVE-2024-9053 unknown 1y ago vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer() RPC server entrypoints. The core functionality run_server_loop() calls the function _make_handler_coro(), which … python
CVE-2024-11041 unknown 1y ago vLLM Deserialization of Untrusted Data vulnerability python
CVE-2025-29783 unknown 1y ago vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. When vLLM is configured to use Mooncake, unsafe deserialization exposed directly over ZMQ/TCP on all network inte… python
CVE-2025-29770 unknown 1y ago vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. The outlines library is one of the backends used by vLLM to support structured output (a.k.a. guided decoding). O… python
CVE-2025-25183 unknown 1y ago vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere wit… python
CVE-2025-24357 unknown 1y ago vLLM is a library for LLM inference and serving. vllm/model_executor/weight_utils.py implements hf_model_weights_iterator to load the model checkpoint, which is downloaded from huggingface. It uses t… python
CVE-2024-8939 unknown 2y ago vLLM Denial of Service via the best_of parameter python
CVE-2024-8768 unknown 2y ago vLLM denial of service vulnerability python