Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

pypi

vllm

pypi · A high-throughput and memory-efficient inference and serving engine for LLMs · Repository · Package

Security Advisories for vllm in pypi

High
about 1 month ago

vLLM has remote code execution vulnerability in the tool call parser for Qwen3-Coder GSA_kwCzR0hTQS03OWo2LWcybTMtamdmd84ABLTx

pypi vllm
High
about 1 month ago

vllm API endpoints vulnerable to Denial of Service Attacks GSA_kwCzR0hTQS1yeGM0LTN3NnItNHY0N84ABLTs

pypi vllm
Moderate
4 months ago

vLLM Tool Schema allows DoS via Malformed pattern and type Fields GSA_kwCzR0hTQS12cnEzLXI4NzktN202Nc4ABIcm

pypi vllm
Moderate
4 months ago

vLLM allows clients to crash the openai server with invalid regex GSA_kwCzR0hTQS05aGNmLXY3bTQtNm0yas4ABIcl

pypi vllm
Moderate
4 months ago

vLLM DOS: Remotely kill vllm over http with invalid JSON schema GSA_kwCzR0hTQS02cWM5LXY0cjgtMjJ4Z84ABIck

pypi vllm
Moderate
4 months ago

vLLM has a Weakness in MultiModalHasher Image Hashing Implementation GSA_kwCzR0hTQS1jNjVwLXg2NzctZmdqNs4ABIby

pypi vllm
Low
4 months ago

Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching GSA_kwCzR0hTQS00cWpoLTlmdjktcjg1cs4ABIbx

pypi vllm
Moderate
4 months ago

vLLM vulnerable to Regular Expression Denial of Service GSA_kwCzR0hTQS1qODI4LTI4cmotaGZocM4ABIbw

pypi vllm
Moderate
4 months ago

vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pythonic_tool_parser.py` GSA_kwCzR0hTQS13NnE3LWo2NDItN2MyNc4ABIbv

pypi vllm
Critical
5 months ago

vLLM Allows Remote Code Execution via PyNcclPipe Communication Service GSA_kwCzR0hTQS1oanE0LTg3eGgtZzRmds4ABIIT

pypi vllm
High
5 months ago

Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration GSA_kwCzR0hTQS05cGNjLWd2eDUtcjV3bc4ABHiL

pypi vllm
Moderate
5 months ago

phi4mm: Quadratic Time Complexity in Input Token Processing​ leads to denial of service GSA_kwCzR0hTQS12YzZtLWhtNDktZzlxZ84ABHQt

pypi vllm
Critical
5 months ago

vLLM Vulnerable to Remote Code Execution via Mooncake Integration GSA_kwCzR0hTQS1oajR3LWhtMmctcDZ3Nc4ABHQT

pypi vllm
High
5 months ago

Data exposure via ZeroMQ on multi-node vLLM deployment GSA_kwCzR0hTQS05ZjhmLTJ2bWYtODg1as4ABHQS

pypi vllm
Critical
5 months ago

CVE-2025-24357 Malicious model remote code execution fix bypass with PyTorch < 2.6.0 GSA_kwCzR0hTQS1nZ3BmLTI0anctM2Zjd84ABHGV

pypi vllm
Moderate
6 months ago

vLLM vulnerable to Denial of Service by abusing xgrammar cache GSA_kwCzR0hTQS1oZjNjLXd4ZzItNDlxOc4ABGyu

pypi vllm
Critical
7 months ago

vLLM deserialization vulnerability in vllm.distributed.GroupCoordinator.recv_object GSA_kwCzR0hTQS1wZ3I3LW1ocDUtZmdqcM4ABFtr

pypi vllm
Critical
7 months ago

vLLM allows Remote Code Execution by Pickle Deserialization via AsyncEngineRPCServer() RPC server entrypoints GSA_kwCzR0hTQS1jajQ3LXFqNmcteDdyNM4ABFt3

pypi vllm
Critical
7 months ago

vLLM Deserialization of Untrusted Data vulnerability GSA_kwCzR0hTQS01dnFyLXdwcmMtY3BwN84ABFsD

pypi vllm
Critical
7 months ago

vLLM Allows Remote Code Execution via Mooncake Integration GSA_kwCzR0hTQS14M204LWY3ZzUtcWhtN84ABFpg

pypi vllm
Moderate
7 months ago

vLLM denial of service via outlines unbounded cache on disk GSA_kwCzR0hTQS1tZ3JtLWZnanYtbWh2OM4ABFpf

pypi vllm
Low
8 months ago

vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache GSA_kwCzR0hTQS1ybTc2LTRtcmYtdjlyOM4ABEMS

pypi vllm
High
8 months ago

vllm: Malicious model to RCE by torch.load in hf_model_weights_iterator GSA_kwCzR0hTQS1yaDRqLTVyaHctaHI1NM4ABD24

pypi vllm
Moderate
about 1 year ago

vLLM Denial of Service via the best_of parameter GSA_kwCzR0hTQS13YzM2LTk2OTQtZjlyZs4AA_mw

pypi vllm
High
about 1 year ago

vLLM denial of service vulnerability GSA_kwCzR0hTQS13MnI3LTk1NzktMjdoZs4AA_m0

pypi vllm

Filter by Severity

Moderate 10 Critical 7 High 6 Low 2