Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-pq5c-rjhq-qp7p
  • PyPI/vllm
 vLLM: Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing 6 days ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-pf3h-qjgv-vcpr
  • PyPI/vllm
 vLLM: Server-Side Request Forgery (SSRF) in `download_bytes_from_url ` 6 days ago
  • Fix available
  • Severity - 5.4 (Medium)
GHSA-3mwp-wvh9-7528
  • PyPI/vllm
 vLLM: Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server 6 days ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-7972-pg2x-xr59
  • PyPI/vllm
 vLLM has Hardcoded Trust Override in Model Files Enables RCE Despite Explicit User Opt-Out 27 Mar
  • Fix available
  • Severity - 8.8 (High)
GHSA-v359-jj2v-j536
  • PyPI/vllm
 vLLM has SSRF Protection Bypass 09 Mar
  • Fix available
  • Severity - 5.4 (Medium)
MAL-2026-844
  • PyPI/vllm-plugins
 Malicious code in vllm-plugins (PyPI) 10 Feb
  • No fix available
GHSA-4r2x-xpjr-7cvv
  • PyPI/vllm
 vLLM has RCE In Video Processing 02 Feb
  • Fix available
  • Severity - 9.8 (Critical)
GHSA-qh4c-xf7m-gxfc
  • PyPI/vllm
 vLLM vulnerable to Server-Side Request Forgery (SSRF) through MediaConnector 28 Jan
  • Fix available
  • Severity - 7.1 (High)
GHSA-2pc9-4j83-qjmr
  • PyPI/vllm
 vLLM affected by RCE via auto_map dynamic module loading during model initialization 21 Jan
  • Fix available
  • Severity - 8.8 (High)
GHSA-grg2-63fw-f2qr
  • PyPI/vllm
 vLLM is vulnerable to DoS in Idefics3 vision models via image payload with ambiguous dimensions 13 Jan
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-mcmc-2m55-j8jj
  • PyPI/vllm
 vLLM introduced enhanced protection for CVE-2025-62164 08 Jan
  • Fix available
  • Severity - 8.8 (High)
GHSA-8fr4-5q9j-m8gm
  • PyPI/vllm
 vLLM vulnerable to remote code execution via transformers_utils/get_config 02 Dec 2025
  • Fix available
  • Severity - 7.1 (High)
GHSA-69j4-grxj-j64p
  • PyPI/vllm
 vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs` 20 Nov 2025
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-pmqf-x6x8-p7qw
  • PyPI/vllm
 vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs 20 Nov 2025
  • Fix available
  • Severity - 8.3 (High)
GHSA-mrw7-hf4f-83pf
  • PyPI/vllm
 vLLM deserialization vulnerability leading to DoS and potential RCE 20 Nov 2025
  • Fix available
  • Severity - 8.8 (High)
GHSA-3f6c-7fw2-ppm4
  • PyPI/vllm
 vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class 07 Oct 2025
  • Fix available
  • Severity - 7.1 (High)
Load more...(3 pages left)