Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-hvwj-8w5g-28rg
  • PyPI/sglang
 SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization 12 Mar
  • Fix available
  • Severity - 7.8 (High)
GHSA-jx93-g359-86wm
  • PyPI/sglang
 SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module 12 Mar
  • Fix available
  • Severity - 9.8 (Critical)
GHSA-rgq9-fqf5-fv58
  • PyPI/sglang
 SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker 12 Mar
  • Fix available
  • Severity - 9.8 (Critical)
GHSA-9w53-xr52-mwgj
  • PyPI/sglang
 SGLang Remote Code Execution Vulnerability via Unsafe Deserialization in update_weights_from_tensor 09 Sep 2025
  • Fix available
  • Severity - 5.5 (Medium)