Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/44390?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/44390?format=api", "purl": "pkg:pypi/vllm@0.7.2", "type": "pypi", "namespace": "", "name": "vllm", "version": "0.7.2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "0.20.0", "latest_non_vulnerable_version": "0.20.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47957?format=api", "vulnerability_id": "VCID-4e3e-evbg-skcu", "summary": "vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class\nA Server-Side Request Forgery (SSRF) vulnerability exists in the `MediaConnector` class within the vLLM project's multimodal feature set. The `load_from_url` and `load_from_url_async` methods fetch and process media from user-provided URLs without adequate restrictions on the target hosts. This allows an attacker to coerce the vLLM server into making arbitrary requests to internal network resources.\n\nThis vulnerability is particularly critical in containerized environments like `llm-d`, where a compromised vLLM pod could be used to scan the internal network, interact with other pods, and potentially cause denial of service or access sensitive data. For example, an attacker could make the vLLM pod send malicious requests to an internal `llm-d` management endpoint, leading to system instability by falsely reporting metrics like the KV cache state.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6242.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6242.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6242", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16544", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6242" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373716", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-07T19:55:28Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373716" }, { "reference_url": "https://github.com/vllm-project/vllm", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm" }, { "reference_url": "https://github.com/vllm-project/vllm/commit/9d9a2b77f19f68262d5e469c4e82c0f6365ad72d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm/commit/9d9a2b77f19f68262d5e469c4e82c0f6365ad72d" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3", "reference_id": "cpe:/a:redhat:ai_inference_server:3", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux_ai:1", "reference_id": "cpe:/a:redhat:enterprise_linux_ai:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux_ai:1" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-6242", "reference_id": "CVE-2025-6242", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-07T19:55:28Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-6242" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6242", "reference_id": "CVE-2025-6242", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6242" }, { "reference_url": "https://github.com/advisories/GHSA-3f6c-7fw2-ppm4", "reference_id": "GHSA-3f6c-7fw2-ppm4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3f6c-7fw2-ppm4" }, { "reference_url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-3f6c-7fw2-ppm4", "reference_id": "GHSA-3f6c-7fw2-ppm4", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-3f6c-7fw2-ppm4" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23078", "reference_id": "RHSA-2025:23078", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23078" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23079", "reference_id": "RHSA-2025:23079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23080", "reference_id": "RHSA-2025:23080", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23080" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10184", "reference_id": "RHSA-2026:10184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19712", "reference_id": "RHSA-2026:19712", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:19712" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3461", "reference_id": "RHSA-2026:3461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3462", "reference_id": "RHSA-2026:3462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3713", "reference_id": "RHSA-2026:3713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3713" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46990?format=api", "purl": "pkg:pypi/vllm@0.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6td1-mwvq-u7a6" }, { "vulnerability": "VCID-b35p-p399-bqf7" }, { "vulnerability": "VCID-f8nw-x5ug-kfh7" }, { "vulnerability": "VCID-ffxe-muxd-p3b3" }, { "vulnerability": "VCID-ggsq-9qgx-vyf6" }, { "vulnerability": "VCID-jgbp-dwqq-dbdp" }, { "vulnerability": "VCID-m432-9c3w-4qan" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-nhwm-kq25-t3dt" }, { "vulnerability": "VCID-q8jt-32dy-w7cp" }, { "vulnerability": "VCID-reu9-dy33-z7ez" }, { "vulnerability": "VCID-wa8k-r4vp-e7hk" }, { "vulnerability": "VCID-z6u4-yvcm-gqhm" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.11.0" } ], "aliases": [ "CVE-2025-6242", "GHSA-3f6c-7fw2-ppm4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4e3e-evbg-skcu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57364?format=api", "vulnerability_id": "VCID-54rz-whp1-kkhg", "summary": "vLLM vulnerable to Regular Expression Denial of Service\nA recent review identified several regular expressions in the vllm codebase that are susceptible to Regular Expression Denial of Service (ReDoS) attacks. These patterns, if fed with crafted or malicious input, may cause severe performance degradation due to catastrophic backtracking.", "references": [ { "reference_url": "https://github.com/vllm-project/vllm", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm" }, { "reference_url": "https://github.com/vllm-project/vllm/commit/4fc1bf813ad80172c1db31264beaef7d93fe0601", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm/commit/4fc1bf813ad80172c1db31264beaef7d93fe0601" }, { "reference_url": "https://github.com/vllm-project/vllm/pull/18454", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm/pull/18454" }, { "reference_url": "https://github.com/advisories/GHSA-j828-28rj-hfhp", "reference_id": "GHSA-j828-28rj-hfhp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j828-28rj-hfhp" }, { "reference_url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-j828-28rj-hfhp", "reference_id": "GHSA-j828-28rj-hfhp", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-j828-28rj-hfhp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/45283?format=api", "purl": "pkg:pypi/vllm@0.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e3e-evbg-skcu" }, { "vulnerability": "VCID-5dbv-fmn5-qydp" }, { "vulnerability": "VCID-8eu5-rcfy-2ygn" }, { "vulnerability": "VCID-f8nw-x5ug-kfh7" }, { "vulnerability": "VCID-ffxe-muxd-p3b3" }, { "vulnerability": "VCID-ggsq-9qgx-vyf6" }, { "vulnerability": "VCID-jgbp-dwqq-dbdp" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-nhwm-kq25-t3dt" }, { "vulnerability": "VCID-q8jt-32dy-w7cp" }, { "vulnerability": "VCID-reu9-dy33-z7ez" }, { "vulnerability": "VCID-ut69-5v6z-dyd9" }, { "vulnerability": "VCID-wa8k-r4vp-e7hk" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.9.0" } ], "aliases": [ "GHSA-j828-28rj-hfhp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-54rz-whp1-kkhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57136?format=api", "vulnerability_id": "VCID-5c5b-q5we-mfdu", "summary": "vLLM vulnerable to Denial of Service by abusing xgrammar cache\nThis report is to highlight a vulnerability in XGrammar, a library used by the structured output feature in vLLM. The XGrammar advisory is here: https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-389x-67px-mjg3\n\nThe [xgrammar](https://xgrammar.mlc.ai/docs/) library is the default backend used by vLLM to support structured output (a.k.a. guided decoding). Xgrammar provides a required, built-in cache for its compiled grammars stored in RAM. xgrammar is available by default through the OpenAI compatible API server with both the V0 and V1 engines.\n\nA malicious user can send a stream of very short decoding requests with unique schemas, resulting in an addition to the cache for each request. This can result in a Denial of Service by consuming all of the system's RAM.\n\nNote that even if vLLM was configured to use a different backend by default, it is still possible to choose xgrammar on a per-request basis using the `guided_decoding_backend` key of the `extra_body` field of the request with the V0 engine. This per-request choice is not available when using the V1 engine.", "references": [ { "reference_url": "https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-389x-67px-mjg3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-389x-67px-mjg3" }, { "reference_url": "https://github.com/vllm-project/vllm", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm" }, { "reference_url": "https://github.com/vllm-project/vllm/commit/cb84e45ac75b42ba6795145923e8eb323bb825ad", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm/commit/cb84e45ac75b42ba6795145923e8eb323bb825ad" }, { "reference_url": "https://github.com/vllm-project/vllm/pull/16283", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm/pull/16283" }, { "reference_url": "https://github.com/advisories/GHSA-hf3c-wxg2-49q9", "reference_id": "GHSA-hf3c-wxg2-49q9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hf3c-wxg2-49q9" }, { "reference_url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-hf3c-wxg2-49q9", "reference_id": "GHSA-hf3c-wxg2-49q9", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-hf3c-wxg2-49q9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/45032?format=api", "purl": "pkg:pypi/vllm@0.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e3e-evbg-skcu" }, { "vulnerability": "VCID-54rz-whp1-kkhg" }, { "vulnerability": "VCID-5dbv-fmn5-qydp" }, { "vulnerability": "VCID-5ec1-1h6d-tuaq" }, { "vulnerability": "VCID-8eu5-rcfy-2ygn" }, { "vulnerability": "VCID-acke-grhk-37bc" }, { "vulnerability": "VCID-c8r5-ks1q-ekcu" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-f8nw-x5ug-kfh7" }, { "vulnerability": "VCID-ffxe-muxd-p3b3" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-ggsq-9qgx-vyf6" }, { "vulnerability": "VCID-jgbp-dwqq-dbdp" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-nhwm-kq25-t3dt" }, { "vulnerability": "VCID-q5vf-2w1m-4fb1" }, { "vulnerability": "VCID-q8jt-32dy-w7cp" }, { "vulnerability": "VCID-qake-z4ec-wkdu" }, { "vulnerability": "VCID-reu9-dy33-z7ez" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-tcng-tr33-zqaa" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-ut69-5v6z-dyd9" }, { "vulnerability": "VCID-wa8k-r4vp-e7hk" }, { "vulnerability": "VCID-wgcp-nzu8-47dr" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.4" } ], "aliases": [ "GHSA-hf3c-wxg2-49q9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5c5b-q5we-mfdu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47960?format=api", "vulnerability_id": "VCID-5dbv-fmn5-qydp", "summary": "vLLM is vulnerable to timing attack at bearer auth\nThe API key support in vLLM performed validation using a method that was vulnerable to a timing attack. This could potentially allow an attacker to discover a valid API key using an approach more efficient than brute force.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59425.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59425.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59425", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53554", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59425" }, { "reference_url": "https://github.com/vllm-project/vllm", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm" }, { "reference_url": "https://github.com/vllm-project/vllm/blob/4b946d693e0af15740e9ca9c0e059d5f333b1083/vllm/entrypoints/openai/api_server.py#L1270-L1274", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T14:32:10Z/" } ], "url": "https://github.com/vllm-project/vllm/blob/4b946d693e0af15740e9ca9c0e059d5f333b1083/vllm/entrypoints/openai/api_server.py#L1270-L1274" }, { "reference_url": "https://github.com/vllm-project/vllm/commit/ee10d7e6ff5875386c7f136ce8b5f525c8fcef48", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T14:32:10Z/" } ], "url": "https://github.com/vllm-project/vllm/commit/ee10d7e6ff5875386c7f136ce8b5f525c8fcef48" }, { "reference_url": "https://github.com/vllm-project/vllm/releases/tag/v0.11.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T14:32:10Z/" } ], "url": "https://github.com/vllm-project/vllm/releases/tag/v0.11.0" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397234", "reference_id": "2397234", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397234" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59425", "reference_id": "CVE-2025-59425", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59425" }, { "reference_url": "https://github.com/advisories/GHSA-wr9h-g72x-mwhm", "reference_id": "GHSA-wr9h-g72x-mwhm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wr9h-g72x-mwhm" }, { "reference_url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-wr9h-g72x-mwhm", "reference_id": "GHSA-wr9h-g72x-mwhm", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T14:32:10Z/" } ], "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-wr9h-g72x-mwhm" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23078", "reference_id": "RHSA-2025:23078", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23078" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23079", "reference_id": "RHSA-2025:23079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23080", "reference_id": "RHSA-2025:23080", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23080" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3461", "reference_id": "RHSA-2026:3461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3462", "reference_id": "RHSA-2026:3462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3713", "reference_id": "RHSA-2026:3713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3713" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3782", "reference_id": "RHSA-2026:3782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3782" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46990?format=api", "purl": "pkg:pypi/vllm@0.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6td1-mwvq-u7a6" }, { "vulnerability": "VCID-b35p-p399-bqf7" }, { "vulnerability": "VCID-f8nw-x5ug-kfh7" }, { "vulnerability": "VCID-ffxe-muxd-p3b3" }, { "vulnerability": "VCID-ggsq-9qgx-vyf6" }, { "vulnerability": "VCID-jgbp-dwqq-dbdp" }, { "vulnerability": "VCID-m432-9c3w-4qan" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-nhwm-kq25-t3dt" }, { "vulnerability": "VCID-q8jt-32dy-w7cp" }, { "vulnerability": "VCID-reu9-dy33-z7ez" }, { "vulnerability": "VCID-wa8k-r4vp-e7hk" }, { "vulnerability": "VCID-z6u4-yvcm-gqhm" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.11.0" } ], "aliases": [ "CVE-2025-59425", "GHSA-wr9h-g72x-mwhm" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5dbv-fmn5-qydp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47955?format=api", "vulnerability_id": "VCID-8eu5-rcfy-2ygn", "summary": "vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server\nA resource-exhaustion (denial-of-service) vulnerability exists in multiple endpoints of the OpenAI-Compatible Server due to the ability to specify Jinja templates via the `chat_template` and `chat_template_kwargs` parameters. If an attacker can supply these parameters to the API, they can cause a service outage by exhausting CPU and/or memory resources.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61620.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61620.json" }, { "reference_url": "https://github.com/vllm-project/vllm", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm" }, { "reference_url": "https://github.com/vllm-project/vllm/commit/7977e5027c2250a4abc1f474c5619c40b4e5682f", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm/commit/7977e5027c2250a4abc1f474c5619c40b4e5682f" }, { "reference_url": "https://github.com/vllm-project/vllm/pull/25794", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm/pull/25794" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401761", "reference_id": "2401761", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401761" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61620", "reference_id": "CVE-2025-61620", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61620" }, { "reference_url": "https://github.com/advisories/GHSA-6fvq-23cw-5628", "reference_id": "GHSA-6fvq-23cw-5628", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6fvq-23cw-5628" }, { "reference_url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-6fvq-23cw-5628", "reference_id": "GHSA-6fvq-23cw-5628", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-6fvq-23cw-5628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3461", "reference_id": "RHSA-2026:3461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3462", "reference_id": "RHSA-2026:3462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3462" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46990?format=api", "purl": "pkg:pypi/vllm@0.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6td1-mwvq-u7a6" }, { "vulnerability": "VCID-b35p-p399-bqf7" }, { "vulnerability": "VCID-f8nw-x5ug-kfh7" }, { "vulnerability": "VCID-ffxe-muxd-p3b3" }, { "vulnerability": "VCID-ggsq-9qgx-vyf6" }, { "vulnerability": "VCID-jgbp-dwqq-dbdp" }, { "vulnerability": "VCID-m432-9c3w-4qan" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-nhwm-kq25-t3dt" }, { "vulnerability": "VCID-q8jt-32dy-w7cp" }, { "vulnerability": "VCID-reu9-dy33-z7ez" }, { "vulnerability": "VCID-wa8k-r4vp-e7hk" }, { "vulnerability": "VCID-z6u4-yvcm-gqhm" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.11.0" } ], "aliases": [ "CVE-2025-61620", "GHSA-6fvq-23cw-5628" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8eu5-rcfy-2ygn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57327?format=api", "vulnerability_id": "VCID-acke-grhk-37bc", "summary": "vLLM Allows Remote Code Execution via PyNcclPipe Communication Service\nvLLM supports the use of the `PyNcclPipe` class to establish a peer-to-peer communication domain for data transmission between distributed nodes. The GPU-side KV-Cache transmission is implemented through the `PyNcclCommunicator` class, while CPU-side control message passing is handled via the `send_obj` and `recv_obj` methods on the CPU side.\n\nA remote code execution vulnerability exists in the `PyNcclPipe` service. Attackers can exploit this by sending malicious serialized data to gain server control privileges.\n\nThe intention was that this interface should only be exposed to a private network using the IP address specified by the `--kv-ip` CLI parameter. The vLLM documentation covers how this must be limited to a secured network: https://docs.vllm.ai/en/latest/deployment/security.html\n\nUnfortunately, the default behavior from PyTorch is that the `TCPStore` interface will listen on ALL interfaces, regardless of what IP address is provided. The IP address given was only used as a client-side address to use. vLLM was fixed to use a workaround to force the `TCPStore` instance to bind its socket to a specified private interface.\n\nThis issue was reported privately to PyTorch and they determined that this behavior was intentional.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47277.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47277.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00865", "scoring_system": "epss", "scoring_elements": "0.75502", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47277" }, { "reference_url": "https://docs.vllm.ai/en/latest/deployment/security.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-20T17:52:22Z/" } ], "url": "https://docs.vllm.ai/en/latest/deployment/security.html" }, { "reference_url": "https://github.com/vllm-project/vllm", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm" }, { "reference_url": "https://github.com/vllm-project/vllm/commit/0d6e187e88874c39cda7409cf673f9e6546893e7", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-20T17:52:22Z/" } ], "url": "https://github.com/vllm-project/vllm/commit/0d6e187e88874c39cda7409cf673f9e6546893e7" }, { "reference_url": "https://github.com/vllm-project/vllm/pull/15988", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-20T17:52:22Z/" } ], "url": "https://github.com/vllm-project/vllm/pull/15988" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367605", "reference_id": "2367605", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367605" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47277", "reference_id": "CVE-2025-47277", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47277" }, { "reference_url": "https://github.com/advisories/GHSA-hjq4-87xh-g4fv", "reference_id": "GHSA-hjq4-87xh-g4fv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hjq4-87xh-g4fv" }, { "reference_url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-hjq4-87xh-g4fv", "reference_id": "GHSA-hjq4-87xh-g4fv", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-20T17:52:22Z/" } ], "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-hjq4-87xh-g4fv" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10403", "reference_id": "RHSA-2025:10403", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10403" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10404", "reference_id": "RHSA-2025:10404", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10404" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15832", "reference_id": "RHSA-2025:15832", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15832" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15836", "reference_id": "RHSA-2025:15836", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15836" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15837", "reference_id": "RHSA-2025:15837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15838", "reference_id": "RHSA-2025:15838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15839", "reference_id": "RHSA-2025:15839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15840", "reference_id": "RHSA-2025:15840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15841", "reference_id": "RHSA-2025:15841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15842", "reference_id": "RHSA-2025:15842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15843", "reference_id": "RHSA-2025:15843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15867", "reference_id": "RHSA-2025:15867", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15867" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/45033?format=api", "purl": "pkg:pypi/vllm@0.8.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e3e-evbg-skcu" }, { "vulnerability": "VCID-54rz-whp1-kkhg" }, { "vulnerability": "VCID-5dbv-fmn5-qydp" }, { "vulnerability": "VCID-5ec1-1h6d-tuaq" }, { "vulnerability": "VCID-8eu5-rcfy-2ygn" }, { "vulnerability": "VCID-c8r5-ks1q-ekcu" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-f8nw-x5ug-kfh7" }, { "vulnerability": "VCID-ffxe-muxd-p3b3" }, { "vulnerability": "VCID-ggsq-9qgx-vyf6" }, { "vulnerability": "VCID-jgbp-dwqq-dbdp" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-nhwm-kq25-t3dt" }, { "vulnerability": "VCID-q8jt-32dy-w7cp" }, { "vulnerability": "VCID-qake-z4ec-wkdu" }, { "vulnerability": "VCID-reu9-dy33-z7ez" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-ut69-5v6z-dyd9" }, { "vulnerability": "VCID-wa8k-r4vp-e7hk" }, { "vulnerability": "VCID-wgcp-nzu8-47dr" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.5" } ], "aliases": [ "CVE-2025-47277", "GHSA-hjq4-87xh-g4fv" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-acke-grhk-37bc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56906?format=api", "vulnerability_id": "VCID-dng6-6nw2-vkgt", "summary": "vLLM deserialization vulnerability in vllm.distributed.GroupCoordinator.recv_object\nvllm-project vllm version 0.6.0 contains a vulnerability in the distributed training API. The function vllm.distributed.GroupCoordinator.recv_object() deserializes received object bytes using pickle.loads() without sanitization, leading to a remote code execution vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9052.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9052.json" }, { "reference_url": "https://github.com/github/advisory-database/pull/5444", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/github/advisory-database/pull/5444" }, { "reference_url": "https://github.com/vllm-project/vllm", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm" }, { "reference_url": "https://github.com/vllm-project/vllm/blob/32e7db25365415841ebc7c4215851743fbb1bad1/vllm/distributed/parallel_state.py#L480", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm/blob/32e7db25365415841ebc7c4215851743fbb1bad1/vllm/distributed/parallel_state.py#L480" }, { "reference_url": "https://github.com/vllm-project/vllm/blob/v0.8.1/vllm/distributed/parallel_state.py#L457", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm/blob/v0.8.1/vllm/distributed/parallel_state.py#L457" }, { "reference_url": "https://huntr.com/bounties/ea75728f-4efe-4a3d-9f53-33f2c908e9f8", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.com/bounties/ea75728f-4efe-4a3d-9f53-33f2c908e9f8" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353764", "reference_id": "2353764", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353764" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9052", "reference_id": "CVE-2024-9052", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9052" }, { "reference_url": "https://github.com/advisories/GHSA-pgr7-mhp5-fgjp", "reference_id": "GHSA-pgr7-mhp5-fgjp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-pgr7-mhp5-fgjp" } ], "fixed_packages": [], "aliases": [ "CVE-2024-9052", "GHSA-pgr7-mhp5-fgjp" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dng6-6nw2-vkgt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37072?format=api", "vulnerability_id": "VCID-e8w2-9rwg-u7ba", "summary": "vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.9.0, when a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the prefill process speeds up, which is reflected in the TTFT (Time to First Token). These timing differences caused by matching chunks are significant enough to be recognized and exploited. This issue has been patched in version 0.9.0.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46570.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46570.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-46570", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39006", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-46570" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2025-53.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2025-53.yaml" }, { "reference_url": "https://github.com/vllm-project/vllm", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm" }, { "reference_url": "https://github.com/vllm-project/vllm/commit/77073c77bc2006eb80ea6d5128f076f5e6c6f54f", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T18:04:57Z/" } ], "url": "https://github.com/vllm-project/vllm/commit/77073c77bc2006eb80ea6d5128f076f5e6c6f54f" }, { "reference_url": "https://github.com/vllm-project/vllm/pull/17045", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T18:04:57Z/" } ], "url": "https://github.com/vllm-project/vllm/pull/17045" }, { "reference_url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-4qjh-9fv9-r85r", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T18:04:57Z/" } ], "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-4qjh-9fv9-r85r" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369223", "reference_id": "2369223", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369223" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46570", "reference_id": "CVE-2025-46570", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46570" }, { "reference_url": "https://github.com/advisories/GHSA-4qjh-9fv9-r85r", "reference_id": "GHSA-4qjh-9fv9-r85r", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4qjh-9fv9-r85r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/45283?format=api", "purl": "pkg:pypi/vllm@0.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e3e-evbg-skcu" }, { "vulnerability": "VCID-5dbv-fmn5-qydp" }, { "vulnerability": "VCID-8eu5-rcfy-2ygn" }, { "vulnerability": "VCID-f8nw-x5ug-kfh7" }, { "vulnerability": "VCID-ffxe-muxd-p3b3" }, { "vulnerability": "VCID-ggsq-9qgx-vyf6" }, { "vulnerability": "VCID-jgbp-dwqq-dbdp" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-nhwm-kq25-t3dt" }, { "vulnerability": "VCID-q8jt-32dy-w7cp" }, { "vulnerability": "VCID-reu9-dy33-z7ez" }, { "vulnerability": "VCID-ut69-5v6z-dyd9" }, { "vulnerability": "VCID-wa8k-r4vp-e7hk" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.9.0" } ], "aliases": [ "CVE-2025-46570", "GHSA-4qjh-9fv9-r85r", "PYSEC-2025-53" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e8w2-9rwg-u7ba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48422?format=api", "vulnerability_id": "VCID-f8nw-x5ug-kfh7", "summary": "vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs\nUsers can crash the vLLM engine serving multimodal models by passing multimodal embedding inputs with correct `ndim` but incorrect `shape` (e.g. hidden dimension is wrong), regardless of whether the model is intended to support such inputs (as defined in the Supported Models page).\n\nThe issue has existed ever since we added support for image embedding inputs, i.e. #6613 (released in v0.5.5)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62372.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62372.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62372", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25424", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62372" }, { "reference_url": "https://github.com/vllm-project/vllm", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm" }, { "reference_url": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T17:07:55Z/" } ], "url": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b" }, { "reference_url": "https://github.com/vllm-project/vllm/pull/27204", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T17:07:55Z/" } ], "url": "https://github.com/vllm-project/vllm/pull/27204" }, { "reference_url": "https://github.com/vllm-project/vllm/pull/6613", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T17:07:55Z/" } ], "url": "https://github.com/vllm-project/vllm/pull/6613" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416280", "reference_id": "2416280", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416280" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62372", "reference_id": "CVE-2025-62372", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62372" }, { "reference_url": "https://github.com/advisories/GHSA-pmqf-x6x8-p7qw", "reference_id": "GHSA-pmqf-x6x8-p7qw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pmqf-x6x8-p7qw" }, { "reference_url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw", "reference_id": "GHSA-pmqf-x6x8-p7qw", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T17:07:55Z/" } ], "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23204", "reference_id": "RHSA-2025:23204", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23204" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23205", "reference_id": "RHSA-2025:23205", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23205" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23209", "reference_id": "RHSA-2025:23209", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23209" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23449", "reference_id": "RHSA-2025:23449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3461", "reference_id": "RHSA-2026:3461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3462", "reference_id": "RHSA-2026:3462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3462" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46991?format=api", "purl": "pkg:pypi/vllm@0.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6td1-mwvq-u7a6" }, { "vulnerability": "VCID-b35p-p399-bqf7" }, { "vulnerability": "VCID-ffxe-muxd-p3b3" }, { "vulnerability": "VCID-ggsq-9qgx-vyf6" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-q8jt-32dy-w7cp" }, { "vulnerability": "VCID-reu9-dy33-z7ez" }, { "vulnerability": "VCID-wa8k-r4vp-e7hk" }, { "vulnerability": "VCID-z6u4-yvcm-gqhm" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.11.1" } ], "aliases": [ "CVE-2025-62372", "GHSA-pmqf-x6x8-p7qw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f8nw-x5ug-kfh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63583?format=api", "vulnerability_id": "VCID-ffxe-muxd-p3b3", "summary": "vllm: vLLM: Denial of Service via excessively large 'n' parameter in OpenAI-compatible API", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34756.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34756.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34756", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.1564", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34756" }, { "reference_url": "https://github.com/vllm-project/vllm", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm" }, { "reference_url": "https://github.com/vllm-project/vllm/commit/b111f8a61f100fdca08706f41f29ef3548de7380", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:16:25Z/" } ], "url": "https://github.com/vllm-project/vllm/commit/b111f8a61f100fdca08706f41f29ef3548de7380" }, { "reference_url": "https://github.com/vllm-project/vllm/pull/37952", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:16:25Z/" } ], "url": "https://github.com/vllm-project/vllm/pull/37952" }, { "reference_url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-3mwp-wvh9-7528", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:16:25Z/" } ], "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-3mwp-wvh9-7528" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34756", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34756" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455425", "reference_id": "2455425", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455425" }, { "reference_url": "https://github.com/advisories/GHSA-3mwp-wvh9-7528", "reference_id": "GHSA-3mwp-wvh9-7528", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3mwp-wvh9-7528" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/49120?format=api", "purl": "pkg:pypi/vllm@0.19.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jzjy-kj6h-4bas" }, { "vulnerability": "VCID-reu9-dy33-z7ez" }, { "vulnerability": "VCID-wa8k-r4vp-e7hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.19.0" } ], "aliases": [ "CVE-2026-34756", "GHSA-3mwp-wvh9-7528" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ffxe-muxd-p3b3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37051?format=api", "vulnerability_id": "VCID-fxgs-s1vm-8bez", "summary": "vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration with mooncake, are vulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerable sockets were set to listen on all network interfaces, increasing the likelihood that an attacker is able to reach the vulnerable ZeroMQ sockets to carry out an attack. vLLM instances that do not make use of the mooncake integration are not vulnerable. This issue has been patched in version 0.8.5.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32444.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32444.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32444", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85579", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32444" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2025-42.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2025-42.yaml" }, { "reference_url": "https://github.com/vllm-project/vllm", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm" }, { "reference_url": "https://github.com/vllm-project/vllm/blob/32b14baf8a1f7195ca09484de3008063569b43c5/vllm/distributed/kv_transfer/kv_pipe/mooncake_pipe.py#L179", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:08:21Z/" } ], "url": "https://github.com/vllm-project/vllm/blob/32b14baf8a1f7195ca09484de3008063569b43c5/vllm/distributed/kv_transfer/kv_pipe/mooncake_pipe.py#L179" }, { "reference_url": "https://github.com/vllm-project/vllm/commit/a5450f11c95847cf51a17207af9a3ca5ab569b2c", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:08:21Z/" } ], "url": "https://github.com/vllm-project/vllm/commit/a5450f11c95847cf51a17207af9a3ca5ab569b2c" }, { "reference_url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-hj4w-hm2g-p6w5", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:08:21Z/" } ], "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-hj4w-hm2g-p6w5" }, { "reference_url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-x3m8-f7g5-qhm7", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:08:21Z/" } ], "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-x3m8-f7g5-qhm7" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363024", "reference_id": "2363024", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363024" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32444", "reference_id": "CVE-2025-32444", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32444" }, { "reference_url": "https://github.com/advisories/GHSA-hj4w-hm2g-p6w5", "reference_id": "GHSA-hj4w-hm2g-p6w5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hj4w-hm2g-p6w5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/45033?format=api", "purl": "pkg:pypi/vllm@0.8.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e3e-evbg-skcu" }, { "vulnerability": "VCID-54rz-whp1-kkhg" }, { "vulnerability": "VCID-5dbv-fmn5-qydp" }, { "vulnerability": "VCID-5ec1-1h6d-tuaq" }, { "vulnerability": "VCID-8eu5-rcfy-2ygn" }, { "vulnerability": "VCID-c8r5-ks1q-ekcu" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-f8nw-x5ug-kfh7" }, { "vulnerability": "VCID-ffxe-muxd-p3b3" }, { "vulnerability": "VCID-ggsq-9qgx-vyf6" }, { "vulnerability": "VCID-jgbp-dwqq-dbdp" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-nhwm-kq25-t3dt" }, { "vulnerability": "VCID-q8jt-32dy-w7cp" }, { "vulnerability": "VCID-qake-z4ec-wkdu" }, { "vulnerability": "VCID-reu9-dy33-z7ez" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-ut69-5v6z-dyd9" }, { "vulnerability": "VCID-wa8k-r4vp-e7hk" }, { "vulnerability": "VCID-wgcp-nzu8-47dr" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.5" } ], "aliases": [ "CVE-2025-32444", "GHSA-hj4w-hm2g-p6w5", "PYSEC-2025-42" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fxgs-s1vm-8bez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49873?format=api", "vulnerability_id": "VCID-ggsq-9qgx-vyf6", "summary": "vLLM vulnerable to Server-Side Request Forgery (SSRF) through MediaConnector\nA Server-Side Request Forgery (SSRF) vulnerability exists in the `MediaConnector` class within the vLLM project's multimodal feature set. The load_from_url and load_from_url_async methods obtain and process media from URLs provided by users, using different Python parsing libraries when restricting the target host. These two parsing libraries have different interpretations of backslashes, which allows the host name restriction to be bypassed. This allows an attacker to coerce the vLLM server into making arbitrary requests to internal network resources.\n\nThis vulnerability is particularly critical in containerized environments like `llm-d`, where a compromised vLLM pod could be used to scan the internal network, interact with other pods, and potentially cause Denial of Service or access sensitive data. For example, an attacker could make the vLLM pod send malicious requests to an internal `llm-d` management endpoint, leading to system instability by falsely reporting metrics like the KV cache state.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24779.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24779.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24779", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11693", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24779" }, { "reference_url": "https://github.com/vllm-project/vllm", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm" }, { "reference_url": "https://github.com/vllm-project/vllm/commit/f46d576c54fb8aeec5fc70560e850bed38ef17d7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-28T21:10:30Z/" } ], "url": "https://github.com/vllm-project/vllm/commit/f46d576c54fb8aeec5fc70560e850bed38ef17d7" }, { "reference_url": "https://github.com/vllm-project/vllm/pull/32746", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-28T21:10:30Z/" } ], "url": "https://github.com/vllm-project/vllm/pull/32746" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433624", "reference_id": "2433624", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433624" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24779", "reference_id": "CVE-2026-24779", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24779" }, { "reference_url": "https://github.com/advisories/GHSA-qh4c-xf7m-gxfc", "reference_id": "GHSA-qh4c-xf7m-gxfc", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qh4c-xf7m-gxfc" }, { "reference_url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-qh4c-xf7m-gxfc", "reference_id": "GHSA-qh4c-xf7m-gxfc", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-28T21:10:30Z/" } ], "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-qh4c-xf7m-gxfc" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10184", "reference_id": "RHSA-2026:10184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19712", "reference_id": "RHSA-2026:19712", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:19712" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3461", "reference_id": "RHSA-2026:3461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3462", "reference_id": "RHSA-2026:3462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3782", "reference_id": "RHSA-2026:3782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3782" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/49112?format=api", "purl": "pkg:pypi/vllm@0.14.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6td1-mwvq-u7a6" }, { "vulnerability": "VCID-ffxe-muxd-p3b3" }, { "vulnerability": "VCID-reu9-dy33-z7ez" }, { "vulnerability": "VCID-wa8k-r4vp-e7hk" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.14.1" } ], "aliases": [ "CVE-2026-24779", "GHSA-qh4c-xf7m-gxfc" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ggsq-9qgx-vyf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49316?format=api", "vulnerability_id": "VCID-jgbp-dwqq-dbdp", "summary": "vLLM vulnerable to remote code execution via transformers_utils/get_config\n`vllm` has a critical remote code execution vector in a config class named `Nemotron_Nano_VL_Config`. When `vllm` loads a model config that contains an `auto_map` entry, the config class resolves that mapping with `get_class_from_dynamic_module(...)` and immediately instantiates the returned class. This fetches and executes Python from the remote repository referenced in the `auto_map` string. Crucially, this happens even when the caller explicitly sets `trust_remote_code=False` in `vllm.transformers_utils.config.get_config`. In practice, an attacker can publish a benign-looking frontend repo whose `config.json` points via `auto_map` to a separate malicious backend repo; loading the frontend will silently run the backend’s code on the victim host.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66448.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66448.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66448", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.14241", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66448" }, { "reference_url": "https://github.com/vllm-project/vllm", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm" }, { "reference_url": "https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-02T14:14:49Z/" } ], "url": "https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86" }, { "reference_url": "https://github.com/vllm-project/vllm/pull/28126", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-02T14:14:49Z/" } ], "url": "https://github.com/vllm-project/vllm/pull/28126" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418152", "reference_id": "2418152", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418152" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66448", "reference_id": "CVE-2025-66448", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66448" }, { "reference_url": "https://github.com/advisories/GHSA-8fr4-5q9j-m8gm", "reference_id": "GHSA-8fr4-5q9j-m8gm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8fr4-5q9j-m8gm" }, { "reference_url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm", "reference_id": "GHSA-8fr4-5q9j-m8gm", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-02T14:14:49Z/" } ], "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23078", "reference_id": "RHSA-2025:23078", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23078" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23079", "reference_id": "RHSA-2025:23079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23080", "reference_id": "RHSA-2025:23080", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23080" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23204", "reference_id": "RHSA-2025:23204", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23204" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23205", "reference_id": "RHSA-2025:23205", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23205" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23209", "reference_id": "RHSA-2025:23209", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23209" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23449", "reference_id": "RHSA-2025:23449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19712", "reference_id": "RHSA-2026:19712", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:19712" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3461", "reference_id": "RHSA-2026:3461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3462", "reference_id": "RHSA-2026:3462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3713", "reference_id": "RHSA-2026:3713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3713" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3782", "reference_id": "RHSA-2026:3782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3782" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46991?format=api", "purl": "pkg:pypi/vllm@0.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6td1-mwvq-u7a6" }, { "vulnerability": "VCID-b35p-p399-bqf7" }, { "vulnerability": "VCID-ffxe-muxd-p3b3" }, { "vulnerability": "VCID-ggsq-9qgx-vyf6" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-q8jt-32dy-w7cp" }, { "vulnerability": "VCID-reu9-dy33-z7ez" }, { "vulnerability": "VCID-wa8k-r4vp-e7hk" }, { "vulnerability": "VCID-z6u4-yvcm-gqhm" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.11.1" } ], "aliases": [ "CVE-2025-66448", "GHSA-8fr4-5q9j-m8gm" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jgbp-dwqq-dbdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36994?format=api", "vulnerability_id": "VCID-k1qz-xe9c-2bg3", "summary": "vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. The outlines library is one of the backends used by vLLM to support structured output (a.k.a. guided decoding). Outlines provides an optional cache for its compiled grammars on the local filesystem. This cache has been on by default in vLLM. Outlines is also available by default through the OpenAI compatible API server. The affected code in vLLM is vllm/model_executor/guided_decoding/outlines_logits_processors.py, which unconditionally uses the cache from outlines. A malicious user can send a stream of very short decoding requests with unique schemas, resulting in an addition to the cache for each request. This can result in a Denial of Service if the filesystem runs out of space. Note that even if vLLM was configured to use a different backend by default, it is still possible to choose outlines on a per-request basis using the guided_decoding_backend key of the extra_body field of the request. This issue applies only to the V0 engine and is fixed in 0.8.0.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-29770.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-29770.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-29770", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00658", "scoring_system": "epss", "scoring_elements": "0.71497", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-29770" }, { "reference_url": "https://github.com/vllm-project/vllm", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm" }, { "reference_url": "https://github.com/vllm-project/vllm/blob/53be4a863486d02bd96a59c674bbec23eec508f6/vllm/model_executor/guided_decoding/outlines_logits_processors.py", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T20:14:04Z/" } ], "url": "https://github.com/vllm-project/vllm/blob/53be4a863486d02bd96a59c674bbec23eec508f6/vllm/model_executor/guided_decoding/outlines_logits_processors.py" }, { "reference_url": "https://github.com/vllm-project/vllm/pull/14837", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T20:14:04Z/" } ], "url": "https://github.com/vllm-project/vllm/pull/14837" }, { "reference_url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-mgrm-fgjv-mhv8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T20:14:04Z/" } ], "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-mgrm-fgjv-mhv8" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353368", "reference_id": "2353368", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353368" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29770", "reference_id": "CVE-2025-29770", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29770" }, { "reference_url": "https://github.com/advisories/GHSA-mgrm-fgjv-mhv8", "reference_id": "GHSA-mgrm-fgjv-mhv8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mgrm-fgjv-mhv8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/44634?format=api", "purl": "pkg:pypi/vllm@0.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e3e-evbg-skcu" }, { "vulnerability": "VCID-54rz-whp1-kkhg" }, { "vulnerability": "VCID-5c5b-q5we-mfdu" }, { "vulnerability": "VCID-5dbv-fmn5-qydp" }, { "vulnerability": "VCID-5ec1-1h6d-tuaq" }, { "vulnerability": "VCID-8eu5-rcfy-2ygn" }, { "vulnerability": "VCID-acke-grhk-37bc" }, { "vulnerability": "VCID-c8r5-ks1q-ekcu" }, { "vulnerability": "VCID-dng6-6nw2-vkgt" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-f8nw-x5ug-kfh7" }, { "vulnerability": "VCID-ffxe-muxd-p3b3" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-ggsq-9qgx-vyf6" }, { "vulnerability": "VCID-jgbp-dwqq-dbdp" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-nhwm-kq25-t3dt" }, { "vulnerability": "VCID-q5vf-2w1m-4fb1" }, { "vulnerability": "VCID-qake-z4ec-wkdu" }, { "vulnerability": "VCID-reu9-dy33-z7ez" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-tcng-tr33-zqaa" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-ut69-5v6z-dyd9" }, { "vulnerability": "VCID-wa8k-r4vp-e7hk" }, { "vulnerability": "VCID-wgcp-nzu8-47dr" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.0" } ], "aliases": [ "CVE-2025-29770", "GHSA-mgrm-fgjv-mhv8", "PYSEC-2025-223" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k1qz-xe9c-2bg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37179?format=api", "vulnerability_id": "VCID-nctw-rz8h-f3af", "summary": "vLLM is an inference and serving engine for large language models (LLMs). In versions from 0.6.4 to before 0.12.0, users can crash the vLLM engine serving multimodal models that use the Idefics3 vision model implementation by sending a specially crafted 1x1 pixel image. This causes a tensor dimension mismatch that results in an unhandled runtime error, leading to complete server termination. This issue has been patched in version 0.12.0.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22773.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22773.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22773", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07112", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22773" }, { "reference_url": "https://github.com/vllm-project/vllm", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm" }, { "reference_url": "https://github.com/vllm-project/vllm/commit/0ec84221718d920c3f46da879cc354f94b8fb59e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm/commit/0ec84221718d920c3f46da879cc354f94b8fb59e" }, { "reference_url": "https://github.com/vllm-project/vllm/pull/29881", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm/pull/29881" }, { "reference_url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-grg2-63fw-f2qr", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-12T13:22:42Z/" } ], "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-grg2-63fw-f2qr" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428443", "reference_id": "2428443", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428443" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22773", "reference_id": "CVE-2026-22773", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22773" }, { "reference_url": "https://github.com/advisories/GHSA-grg2-63fw-f2qr", "reference_id": "GHSA-grg2-63fw-f2qr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-grg2-63fw-f2qr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10184", "reference_id": "RHSA-2026:10184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3461", "reference_id": "RHSA-2026:3461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3462", "reference_id": "RHSA-2026:3462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3462" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46993?format=api", "purl": "pkg:pypi/vllm@0.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6td1-mwvq-u7a6" }, { "vulnerability": "VCID-b35p-p399-bqf7" }, { "vulnerability": "VCID-ffxe-muxd-p3b3" }, { "vulnerability": "VCID-ggsq-9qgx-vyf6" }, { "vulnerability": "VCID-q8jt-32dy-w7cp" }, { "vulnerability": "VCID-reu9-dy33-z7ez" }, { "vulnerability": "VCID-wa8k-r4vp-e7hk" }, { "vulnerability": "VCID-z6u4-yvcm-gqhm" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.12.0" } ], "aliases": [ "CVE-2026-22773", "GHSA-grg2-63fw-f2qr", "PYSEC-2026-143" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nctw-rz8h-f3af" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48434?format=api", "vulnerability_id": "VCID-nhwm-kq25-t3dt", "summary": "vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`\nThe /v1/chat/completions and /tokenize endpoints allow a `chat_template_kwargs` request parameter that is used in the code before it is properly validated against the chat template. With the right `chat_template_kwargs` parameters, it is possible to block processing of the API server for long periods of time, delaying all other requests", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62426.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62426.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62426", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25429", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62426" }, { "reference_url": "https://github.com/vllm-project/vllm", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm" }, { "reference_url": "https://github.com/vllm-project/vllm/blob/2a6dc67eb520ddb9c4138d8b35ed6fe6226997fb/vllm/entrypoints/chat_utils.py#L1602-L1610", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T17:12:00Z/" } ], "url": "https://github.com/vllm-project/vllm/blob/2a6dc67eb520ddb9c4138d8b35ed6fe6226997fb/vllm/entrypoints/chat_utils.py#L1602-L1610" }, { "reference_url": "https://github.com/vllm-project/vllm/blob/2a6dc67eb520ddb9c4138d8b35ed6fe6226997fb/vllm/entrypoints/openai/serving_engine.py#L809-L814", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T17:12:00Z/" } ], "url": "https://github.com/vllm-project/vllm/blob/2a6dc67eb520ddb9c4138d8b35ed6fe6226997fb/vllm/entrypoints/openai/serving_engine.py#L809-L814" }, { "reference_url": "https://github.com/vllm-project/vllm/commit/3ada34f9cb4d1af763fdfa3b481862a93eb6bd2b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T17:12:00Z/" } ], "url": "https://github.com/vllm-project/vllm/commit/3ada34f9cb4d1af763fdfa3b481862a93eb6bd2b" }, { "reference_url": "https://github.com/vllm-project/vllm/pull/27205", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T17:12:00Z/" } ], "url": "https://github.com/vllm-project/vllm/pull/27205" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416278", "reference_id": "2416278", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416278" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62426", "reference_id": "CVE-2025-62426", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62426" }, { "reference_url": "https://github.com/advisories/GHSA-69j4-grxj-j64p", "reference_id": "GHSA-69j4-grxj-j64p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-69j4-grxj-j64p" }, { "reference_url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-69j4-grxj-j64p", "reference_id": "GHSA-69j4-grxj-j64p", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T17:12:00Z/" } ], "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-69j4-grxj-j64p" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3461", "reference_id": "RHSA-2026:3461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3462", "reference_id": "RHSA-2026:3462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3462" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46991?format=api", "purl": "pkg:pypi/vllm@0.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6td1-mwvq-u7a6" }, { "vulnerability": "VCID-b35p-p399-bqf7" }, { "vulnerability": "VCID-ffxe-muxd-p3b3" }, { "vulnerability": "VCID-ggsq-9qgx-vyf6" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-q8jt-32dy-w7cp" }, { "vulnerability": "VCID-reu9-dy33-z7ez" }, { "vulnerability": "VCID-wa8k-r4vp-e7hk" }, { "vulnerability": "VCID-z6u4-yvcm-gqhm" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.11.1" } ], "aliases": [ "CVE-2025-62426", "GHSA-69j4-grxj-j64p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nhwm-kq25-t3dt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57173?format=api", "vulnerability_id": "VCID-prmn-2c4w-uuh5", "summary": "CVE-2025-24357 Malicious model remote code execution fix bypass with PyTorch < 2.6.0\nhttps://github.com/vllm-project/vllm/security/advisories/GHSA-rh4j-5rhw-hr54 reported a vulnerability where loading a malicious model could result in code execution on the vllm host. The fix applied to specify `weights_only=True` to calls to `torch.load()` did not solve the problem prior to PyTorch 2.6.0.\n\nPyTorch has issued a new CVE about this problem: https://github.com/advisories/GHSA-53q9-r3pm-6pq6\n\nThis means that versions of vLLM using PyTorch before 2.6.0 are vulnerable to this problem.", "references": [ { "reference_url": "https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6" }, { "reference_url": "https://github.com/vllm-project/vllm", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm" }, { "reference_url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-rh4j-5rhw-hr54", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-rh4j-5rhw-hr54" }, { "reference_url": "https://github.com/advisories/GHSA-ggpf-24jw-3fcw", "reference_id": "GHSA-ggpf-24jw-3fcw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-ggpf-24jw-3fcw" }, { "reference_url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-ggpf-24jw-3fcw", "reference_id": "GHSA-ggpf-24jw-3fcw", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-ggpf-24jw-3fcw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/44634?format=api", "purl": "pkg:pypi/vllm@0.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e3e-evbg-skcu" }, { "vulnerability": "VCID-54rz-whp1-kkhg" }, { "vulnerability": "VCID-5c5b-q5we-mfdu" }, { "vulnerability": "VCID-5dbv-fmn5-qydp" }, { "vulnerability": "VCID-5ec1-1h6d-tuaq" }, { "vulnerability": "VCID-8eu5-rcfy-2ygn" }, { "vulnerability": "VCID-acke-grhk-37bc" }, { "vulnerability": "VCID-c8r5-ks1q-ekcu" }, { "vulnerability": "VCID-dng6-6nw2-vkgt" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-f8nw-x5ug-kfh7" }, { "vulnerability": "VCID-ffxe-muxd-p3b3" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-ggsq-9qgx-vyf6" }, { "vulnerability": "VCID-jgbp-dwqq-dbdp" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-nhwm-kq25-t3dt" }, { "vulnerability": "VCID-q5vf-2w1m-4fb1" }, { "vulnerability": "VCID-qake-z4ec-wkdu" }, { "vulnerability": "VCID-reu9-dy33-z7ez" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-tcng-tr33-zqaa" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-ut69-5v6z-dyd9" }, { "vulnerability": "VCID-wa8k-r4vp-e7hk" }, { "vulnerability": "VCID-wgcp-nzu8-47dr" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.0" } ], "aliases": [ "GHSA-ggpf-24jw-3fcw" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-prmn-2c4w-uuh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57230?format=api", "vulnerability_id": "VCID-q5vf-2w1m-4fb1", "summary": "Data exposure via ZeroMQ on multi-node vLLM deployment\nIn a multi-node vLLM deployment, vLLM uses ZeroMQ for some multi-node communication purposes. The primary vLLM host opens an `XPUB` ZeroMQ socket and binds it to ALL interfaces. While the socket is always opened for a multi-node deployment, it is only used when doing tensor parallelism across multiple hosts.\n\nAny client with network access to this host can connect to this `XPUB` socket unless its port is blocked by a firewall. Once connected, these arbitrary clients will receive all of the same data broadcasted to all of the secondary vLLM hosts. This data is internal vLLM state information that is not useful to an attacker.\n\nBy potentially connecting to this socket many times and not reading data published to them, an attacker can also cause a denial of service by slowing down or potentially blocking the publisher.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30202.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30202.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30202", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.6385", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30202" }, { "reference_url": "https://github.com/vllm-project/vllm", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm" }, { "reference_url": "https://github.com/vllm-project/vllm/commit/a0304dc504c85f421d38ef47c64f83046a13641c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T13:16:29Z/" } ], "url": "https://github.com/vllm-project/vllm/commit/a0304dc504c85f421d38ef47c64f83046a13641c" }, { "reference_url": "https://github.com/vllm-project/vllm/pull/17197", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm/pull/17197" }, { "reference_url": "https://github.com/vllm-project/vllm/pull/6183", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T13:16:29Z/" } ], "url": "https://github.com/vllm-project/vllm/pull/6183" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355251", "reference_id": "2355251", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355251" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30202", "reference_id": "CVE-2025-30202", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30202" }, { "reference_url": "https://github.com/advisories/GHSA-9f8f-2vmf-885j", "reference_id": "GHSA-9f8f-2vmf-885j", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9f8f-2vmf-885j" }, { "reference_url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-9f8f-2vmf-885j", "reference_id": "GHSA-9f8f-2vmf-885j", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T13:16:29Z/" } ], "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-9f8f-2vmf-885j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/45033?format=api", "purl": "pkg:pypi/vllm@0.8.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e3e-evbg-skcu" }, { "vulnerability": "VCID-54rz-whp1-kkhg" }, { "vulnerability": "VCID-5dbv-fmn5-qydp" }, { "vulnerability": "VCID-5ec1-1h6d-tuaq" }, { "vulnerability": "VCID-8eu5-rcfy-2ygn" }, { "vulnerability": "VCID-c8r5-ks1q-ekcu" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-f8nw-x5ug-kfh7" }, { "vulnerability": "VCID-ffxe-muxd-p3b3" }, { "vulnerability": "VCID-ggsq-9qgx-vyf6" }, { "vulnerability": "VCID-jgbp-dwqq-dbdp" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-nhwm-kq25-t3dt" }, { "vulnerability": "VCID-q8jt-32dy-w7cp" }, { "vulnerability": "VCID-qake-z4ec-wkdu" }, { "vulnerability": "VCID-reu9-dy33-z7ez" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-ut69-5v6z-dyd9" }, { "vulnerability": "VCID-wa8k-r4vp-e7hk" }, { "vulnerability": "VCID-wgcp-nzu8-47dr" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.5" } ], "aliases": [ "CVE-2025-30202", "GHSA-9f8f-2vmf-885j" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q5vf-2w1m-4fb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61813?format=api", "vulnerability_id": "VCID-reu9-dy33-z7ez", "summary": "vllm: vllm: Uninitialized resource in KV Block Handler via has_mamba_layers function", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7141.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7141.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-7141", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22776", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-7141" }, { "reference_url": "https://github.com/AjAnubolu/vllm/commit/1ad67864c0c20f167929e64c875f5c28e1aad9fd", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T17:41:12Z/" } ], "url": "https://github.com/AjAnubolu/vllm/commit/1ad67864c0c20f167929e64c875f5c28e1aad9fd" }, { "reference_url": "https://github.com/vllm-project/vllm/issues/39146", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T17:41:12Z/" } ], "url": "https://github.com/vllm-project/vllm/issues/39146" }, { "reference_url": "https://github.com/vllm-project/vllm/issues/39146#issue-4215090365", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T17:41:12Z/" } ], "url": "https://github.com/vllm-project/vllm/issues/39146#issue-4215090365" }, { "reference_url": "https://github.com/vllm-project/vllm/pull/39283", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T17:41:12Z/" } ], "url": "https://github.com/vllm-project/vllm/pull/39283" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7141", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7141" }, { "reference_url": "https://vuldb.com/submit/801297", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T17:41:12Z/" } ], "url": "https://vuldb.com/submit/801297" }, { "reference_url": "https://vuldb.com/vuln/359740", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T17:41:12Z/" } ], "url": "https://vuldb.com/vuln/359740" }, { "reference_url": "https://vuldb.com/vuln/359740/cti", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T17:41:12Z/" } ], "url": "https://vuldb.com/vuln/359740/cti" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463365", "reference_id": "2463365", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463365" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-x368-4g9h-fvv4", "reference_id": "GHSA-x368-4g9h-fvv4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-x368-4g9h-fvv4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50314?format=api", "purl": "pkg:pypi/vllm@0.19.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jzjy-kj6h-4bas" }, { "vulnerability": "VCID-wa8k-r4vp-e7hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.19.1" } ], "aliases": [ "CVE-2026-7141", "GHSA-x368-4g9h-fvv4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-reu9-dy33-z7ez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37071?format=api", "vulnerability_id": "VCID-svzy-7pke-2bdr", "summary": "vLLM is an inference and serving engine for large language models (LLMs). In versions starting from 0.7.0 to before 0.9.0, in the file vllm/multimodal/hasher.py, the MultiModalHasher class has a security and data integrity issue in its image hashing method. Currently, it serializes PIL.Image.Image objects using only obj.tobytes(), which returns only the raw pixel data, without including metadata such as the image’s shape (width, height, mode). As a result, two images of different sizes (e.g., 30x100 and 100x30) with the same pixel byte sequence could generate the same hash value. This may lead to hash collisions, incorrect cache hits, and even data leakage or security risks. This issue has been patched in version 0.9.0.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46722.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46722.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-46722", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.46088", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-46722" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2025-43.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2025-43.yaml" }, { "reference_url": "https://github.com/vllm-project/vllm", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm" }, { "reference_url": "https://github.com/vllm-project/vllm/commit/99404f53c72965b41558aceb1bc2380875f5d848", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T18:12:29Z/" } ], "url": "https://github.com/vllm-project/vllm/commit/99404f53c72965b41558aceb1bc2380875f5d848" }, { "reference_url": "https://github.com/vllm-project/vllm/pull/17378", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T18:12:29Z/" } ], "url": "https://github.com/vllm-project/vllm/pull/17378" }, { "reference_url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-c65p-x677-fgj6", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T18:12:29Z/" } ], "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-c65p-x677-fgj6" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369221", "reference_id": "2369221", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369221" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46722", "reference_id": "CVE-2025-46722", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46722" }, { "reference_url": "https://github.com/advisories/GHSA-c65p-x677-fgj6", "reference_id": "GHSA-c65p-x677-fgj6", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-c65p-x677-fgj6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/45283?format=api", "purl": "pkg:pypi/vllm@0.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e3e-evbg-skcu" }, { "vulnerability": "VCID-5dbv-fmn5-qydp" }, { "vulnerability": "VCID-8eu5-rcfy-2ygn" }, { "vulnerability": "VCID-f8nw-x5ug-kfh7" }, { "vulnerability": "VCID-ffxe-muxd-p3b3" }, { "vulnerability": "VCID-ggsq-9qgx-vyf6" }, { "vulnerability": "VCID-jgbp-dwqq-dbdp" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-nhwm-kq25-t3dt" }, { "vulnerability": "VCID-q8jt-32dy-w7cp" }, { "vulnerability": "VCID-reu9-dy33-z7ez" }, { "vulnerability": "VCID-ut69-5v6z-dyd9" }, { "vulnerability": "VCID-wa8k-r4vp-e7hk" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.9.0" } ], "aliases": [ "CVE-2025-46722", "GHSA-c65p-x677-fgj6", "PYSEC-2025-43" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-svzy-7pke-2bdr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36995?format=api", "vulnerability_id": "VCID-u659-sd9h-tkf3", "summary": "vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. When vLLM is configured to use Mooncake, unsafe deserialization exposed directly over ZMQ/TCP on all network interfaces will allow attackers to execute remote code on distributed hosts. This is a remote code execution vulnerability impacting any deployments using Mooncake to distribute KV across distributed hosts. This vulnerability is fixed in 0.8.0.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-29783.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-29783.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-29783", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02122", "scoring_system": "epss", "scoring_elements": "0.84487", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-29783" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2025-63.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2025-63.yaml" }, { "reference_url": "https://github.com/vllm-project/vllm", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm" }, { "reference_url": "https://github.com/vllm-project/vllm/commit/288ca110f68d23909728627d3100e5a8db820aa2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-19T18:30:27Z/" } ], "url": "https://github.com/vllm-project/vllm/commit/288ca110f68d23909728627d3100e5a8db820aa2" }, { "reference_url": "https://github.com/vllm-project/vllm/pull/14228", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-19T18:30:27Z/" } ], "url": "https://github.com/vllm-project/vllm/pull/14228" }, { "reference_url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-x3m8-f7g5-qhm7", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-19T18:30:27Z/" } ], "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-x3m8-f7g5-qhm7" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353374", "reference_id": "2353374", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353374" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29783", "reference_id": "CVE-2025-29783", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29783" }, { "reference_url": "https://github.com/advisories/GHSA-x3m8-f7g5-qhm7", "reference_id": "GHSA-x3m8-f7g5-qhm7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-x3m8-f7g5-qhm7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/44634?format=api", "purl": "pkg:pypi/vllm@0.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e3e-evbg-skcu" }, { "vulnerability": "VCID-54rz-whp1-kkhg" }, { "vulnerability": "VCID-5c5b-q5we-mfdu" }, { "vulnerability": "VCID-5dbv-fmn5-qydp" }, { "vulnerability": "VCID-5ec1-1h6d-tuaq" }, { "vulnerability": "VCID-8eu5-rcfy-2ygn" }, { "vulnerability": "VCID-acke-grhk-37bc" }, { "vulnerability": "VCID-c8r5-ks1q-ekcu" }, { "vulnerability": "VCID-dng6-6nw2-vkgt" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-f8nw-x5ug-kfh7" }, { "vulnerability": "VCID-ffxe-muxd-p3b3" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-ggsq-9qgx-vyf6" }, { "vulnerability": "VCID-jgbp-dwqq-dbdp" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-nhwm-kq25-t3dt" }, { "vulnerability": "VCID-q5vf-2w1m-4fb1" }, { "vulnerability": "VCID-qake-z4ec-wkdu" }, { "vulnerability": "VCID-reu9-dy33-z7ez" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-tcng-tr33-zqaa" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-ut69-5v6z-dyd9" }, { "vulnerability": "VCID-wa8k-r4vp-e7hk" }, { "vulnerability": "VCID-wgcp-nzu8-47dr" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.0" } ], "aliases": [ "CVE-2025-29783", "GHSA-x3m8-f7g5-qhm7", "PYSEC-2025-63" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u659-sd9h-tkf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37074?format=api", "vulnerability_id": "VCID-ugds-eqgw-fbbz", "summary": "vLLM, an inference and serving engine for large language models (LLMs), has a Regular Expression Denial of Service (ReDoS) vulnerability in the file `vllm/entrypoints/openai/tool_parsers/pythonic_tool_parser.py` of versions 0.6.4 up to but excluding 0.9.0. The root cause is the use of a highly complex and nested regular expression for tool call detection, which can be exploited by an attacker to cause severe performance degradation or make the service unavailable. The pattern contains multiple nested quantifiers, optional groups, and inner repetitions which make it vulnerable to catastrophic backtracking. Version 0.9.0 contains a patch for the issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48887.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48887.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48887", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57367", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48887" }, { "reference_url": "https://github.com/vllm-project/vllm/commit/4fc1bf813ad80172c1db31264beaef7d93fe0601", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T17:58:00Z/" } ], "url": "https://github.com/vllm-project/vllm/commit/4fc1bf813ad80172c1db31264beaef7d93fe0601" }, { "reference_url": "https://github.com/vllm-project/vllm/pull/18454", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T17:58:00Z/" } ], "url": "https://github.com/vllm-project/vllm/pull/18454" }, { "reference_url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-w6q7-j642-7c25", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T17:58:00Z/" } ], "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-w6q7-j642-7c25" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369467", "reference_id": "2369467", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369467" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/45283?format=api", "purl": "pkg:pypi/vllm@0.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e3e-evbg-skcu" }, { "vulnerability": "VCID-5dbv-fmn5-qydp" }, { "vulnerability": "VCID-8eu5-rcfy-2ygn" }, { "vulnerability": "VCID-f8nw-x5ug-kfh7" }, { "vulnerability": "VCID-ffxe-muxd-p3b3" }, { "vulnerability": "VCID-ggsq-9qgx-vyf6" }, { "vulnerability": "VCID-jgbp-dwqq-dbdp" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-nhwm-kq25-t3dt" }, { "vulnerability": "VCID-q8jt-32dy-w7cp" }, { "vulnerability": "VCID-reu9-dy33-z7ez" }, { "vulnerability": "VCID-ut69-5v6z-dyd9" }, { "vulnerability": "VCID-wa8k-r4vp-e7hk" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.9.0" } ], "aliases": [ "CVE-2025-48887", "PYSEC-2025-50" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ugds-eqgw-fbbz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57927?format=api", "vulnerability_id": "VCID-ut69-5v6z-dyd9", "summary": "vllm API endpoints vulnerable to Denial of Service Attacks\nA Denial of Service (DoS) vulnerability can be triggered by sending a single HTTP GET request with an extremely large header to an HTTP endpoint. This results in server memory exhaustion, potentially leading to a crash or unresponsiveness. The attack does not require authentication, making it exploitable by any remote user.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48956.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48956.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48956", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54171", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48956" }, { "reference_url": "https://github.com/vllm-project/vllm", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm" }, { "reference_url": "https://github.com/vllm-project/vllm/commit/d8b736f913a59117803d6701521d2e4861701944", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-21T15:01:51Z/" } ], "url": "https://github.com/vllm-project/vllm/commit/d8b736f913a59117803d6701521d2e4861701944" }, { "reference_url": "https://github.com/vllm-project/vllm/pull/23267", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-21T15:01:51Z/" } ], "url": "https://github.com/vllm-project/vllm/pull/23267" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372522", "reference_id": "2372522", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372522" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48956", "reference_id": "CVE-2025-48956", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48956" }, { "reference_url": "https://github.com/advisories/GHSA-rxc4-3w6r-4v47", "reference_id": "GHSA-rxc4-3w6r-4v47", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rxc4-3w6r-4v47" }, { "reference_url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-rxc4-3w6r-4v47", "reference_id": "GHSA-rxc4-3w6r-4v47", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-21T15:01:51Z/" } ], "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-rxc4-3w6r-4v47" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19421", "reference_id": "RHSA-2025:19421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19422", "reference_id": "RHSA-2025:19422", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19422" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19423", "reference_id": "RHSA-2025:19423", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19423" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19424", "reference_id": "RHSA-2025:19424", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19424" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19425", "reference_id": "RHSA-2025:19425", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19425" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19426", "reference_id": "RHSA-2025:19426", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19426" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19427", "reference_id": "RHSA-2025:19427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19428", "reference_id": "RHSA-2025:19428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19429", "reference_id": "RHSA-2025:19429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19430", "reference_id": "RHSA-2025:19430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3713", "reference_id": "RHSA-2026:3713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3713" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46988?format=api", "purl": "pkg:pypi/vllm@0.10.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e3e-evbg-skcu" }, { "vulnerability": "VCID-5dbv-fmn5-qydp" }, { "vulnerability": "VCID-6td1-mwvq-u7a6" }, { "vulnerability": "VCID-8eu5-rcfy-2ygn" }, { "vulnerability": "VCID-b35p-p399-bqf7" }, { "vulnerability": "VCID-f8nw-x5ug-kfh7" }, { "vulnerability": "VCID-ffxe-muxd-p3b3" }, { "vulnerability": "VCID-ggsq-9qgx-vyf6" }, { "vulnerability": "VCID-jgbp-dwqq-dbdp" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-nhwm-kq25-t3dt" }, { "vulnerability": "VCID-q8jt-32dy-w7cp" }, { "vulnerability": "VCID-reu9-dy33-z7ez" }, { "vulnerability": "VCID-wa8k-r4vp-e7hk" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.10.1.1" } ], "aliases": [ "CVE-2025-48956", "GHSA-rxc4-3w6r-4v47" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ut69-5v6z-dyd9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95131?format=api", "vulnerability_id": "VCID-wa8k-r4vp-e7hk", "summary": "vLLM Vulnerable to Remote DoS via Special-Token Placeholders\n## Summary\nThis report explains a Token Injection vulnerability in vLLM’s multimodal processing. Unauthenticated, text-only prompts that spell special tokens are interpreted as control. Image and video placeholder sequences supplied without matching data cause vLLM to index into empty grids during input-position computation, raising an unhandled IndexError and terminating the worker or degrading availability. Multimodal paths that rely on `image_grid_thw`/`video_grid_thw` are affected. Severity: High (remote DoS). Reproduced on vLLM 0.10.0 with Qwen2.5-VL.\n\n## Details\n- Affected component: multimodal input position computation.\n- File/functions (paths are indicative):\n - vllm/model_executor/layers/rotary_embedding.py\n - get_input_positions_tensor(...)\n - _vl_get_input_positions_tensor(...)\n- Failure mechanism:\n - The code counts detected vision tokens and then indexes video_grid_thw/image_grid_thw accordingly.\n - When user input carries placeholder tokens but no actual multimodal payload, these grids are empty. The code does not bounds-check before indexing.\n\nRepresentative snippet (context):\n```python\n# vllm/model_executor/layers/rotary_embedding.py\n@classmethod\ndef _vl_get_input_positions_tensor(\n cls,\n input_tokens,\n hf_config,\n image_grid_thw,\n video_grid_thw,\n ...,\n):\n # detect video tokens\n video_nums = (vision_tokens == video_token_id).sum()\n # later in processing\n t, h, w = (\n video_grid_thw[video_index][0], # IndexError if no video data\n video_grid_thw[video_index][1],\n video_grid_thw[video_index][2],\n )\n```\n\nAbbreviated call path:\n```\nOpenAI API request\n → vllm.v1.engine.core: step/execute_model\n → vllm.v1.worker.gpu_model_runner: _update_states/execute_model\n → vllm.model_executor.layers.rotary_embedding: get_input_positions_tensor\n → _vl_get_input_positions_tensor\n → IndexError: list index out of range\n```\n\n## PoC\n### Environment\n- vLLM: 0.10.0\n- Model: Qwen/Qwen2.5-VL-3B-Instruct\n- Launch server:\n```bash\npython -m vllm.entrypoints.openai.api_server \\\n --model Qwen/Qwen2.5-VL-3B-Instruct \\\n --port 8000\n```\n\n### Request (text-only, no image/video data)\n```bash\ncat > request.json <<'JSON'\n{\n \"model\": \"Qwen/Qwen2.5-VL-3B-Instruct\",\n \"messages\": [\n {\n \"role\": \"user\",\n \"content\": [\n { \"type\": \"text\",\n \"text\": \"what's in picture <|vision_start|><|image_pad|><|vision_end|>\" }\n ]\n }\n ]\n}\nJSON\n\ncurl -s http://127.0.0.1:8000/v1/chat/completions \\\n -H 'Content-Type: application/json' \\\n --data @request.json\n```\n\n### Observed result\n- HTTP 500; logs show IndexError: list index out of range from _vl_get_input_positions_tensor(...).\n- In some deployments, the worker exits and capacity remains reduced until manual restart.\n\n## Impact\n- Type: Token Injection leading to Remote Denial of Service (unauthenticated). A single request can trigger the fault.\n- Scope: Any vLLM deployment that serves VLMs and accepts raw user text via OpenAI-compatible endpoints (self-hosted or proxied/managed fronts).\n- Effect: Request → unhandled exception in position computation → worker termination / service unavailability.\n\n## Fixes\n\n* Changes associated with https://github.com/vllm-project/vllm/issues/32656\n\n## Credits\nPengyu Ding (Infra Security, Ant Group) \nZiteng Xu (Infra Security, Ant Group)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44222", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02964", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44222" }, { "reference_url": "https://github.com/vllm-project/vllm", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm" }, { "reference_url": "https://github.com/vllm-project/vllm/issues/32656", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T12:24:39Z/" } ], "url": "https://github.com/vllm-project/vllm/issues/32656" }, { "reference_url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-hpv8-x276-m59f", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T12:24:39Z/" } ], "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-hpv8-x276-m59f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44222", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44222" }, { "reference_url": "https://github.com/advisories/GHSA-hpv8-x276-m59f", "reference_id": "GHSA-hpv8-x276-m59f", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hpv8-x276-m59f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50315?format=api", "purl": "pkg:pypi/vllm@0.20.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.20.0" } ], "aliases": [ "CVE-2026-44222", "GHSA-hpv8-x276-m59f" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wa8k-r4vp-e7hk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57262?format=api", "vulnerability_id": "VCID-wgcp-nzu8-47dr", "summary": "Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration\nIn a multi-node vLLM deployment using the V0 engine, vLLM uses ZeroMQ for some multi-node communication purposes. The secondary vLLM hosts open a `SUB` ZeroMQ socket and connect to an `XPUB` socket on the primary vLLM host.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30165.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30165.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30165", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.63023", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30165" }, { "reference_url": "https://github.com/vllm-project/vllm", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm" }, { "reference_url": "https://github.com/vllm-project/vllm/blob/c21b99b91241409c2fdf9f3f8c542e8748b317be/vllm/distributed/device_communicators/shm_broadcast.py#L295-L301", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-06T17:22:47Z/" } ], "url": "https://github.com/vllm-project/vllm/blob/c21b99b91241409c2fdf9f3f8c542e8748b317be/vllm/distributed/device_communicators/shm_broadcast.py#L295-L301" }, { "reference_url": "https://github.com/vllm-project/vllm/blob/c21b99b91241409c2fdf9f3f8c542e8748b317be/vllm/distributed/device_communicators/shm_broadcast.py#L468-L470", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-06T17:22:47Z/" } ], "url": "https://github.com/vllm-project/vllm/blob/c21b99b91241409c2fdf9f3f8c542e8748b317be/vllm/distributed/device_communicators/shm_broadcast.py#L468-L470" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355250", "reference_id": "2355250", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355250" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30165", "reference_id": "CVE-2025-30165", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30165" }, { "reference_url": "https://github.com/advisories/GHSA-9pcc-gvx5-r5wm", "reference_id": "GHSA-9pcc-gvx5-r5wm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9pcc-gvx5-r5wm" }, { "reference_url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-9pcc-gvx5-r5wm", "reference_id": "GHSA-9pcc-gvx5-r5wm", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-06T17:22:47Z/" } ], "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-9pcc-gvx5-r5wm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46986?format=api", "purl": "pkg:pypi/vllm@0.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e3e-evbg-skcu" }, { "vulnerability": "VCID-5dbv-fmn5-qydp" }, { "vulnerability": "VCID-8eu5-rcfy-2ygn" }, { "vulnerability": "VCID-f8nw-x5ug-kfh7" }, { "vulnerability": "VCID-ffxe-muxd-p3b3" }, { "vulnerability": "VCID-ggsq-9qgx-vyf6" }, { "vulnerability": "VCID-gusq-npjb-6qc5" }, { "vulnerability": "VCID-jgbp-dwqq-dbdp" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-nhwm-kq25-t3dt" }, { "vulnerability": "VCID-q8jt-32dy-w7cp" }, { "vulnerability": "VCID-reu9-dy33-z7ez" }, { "vulnerability": "VCID-ut69-5v6z-dyd9" }, { "vulnerability": "VCID-wa8k-r4vp-e7hk" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.10.0" } ], "aliases": [ "CVE-2025-30165", "GHSA-9pcc-gvx5-r5wm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wgcp-nzu8-47dr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37260?format=api", "vulnerability_id": "VCID-za3a-c9m1-jqgz", "summary": "vLLM is an inference and serving engine for large language models (LLMs). From 0.7.0 to before 0.19.0, the VideoMediaIO.load_base64() method at vllm/multimodal/media/video.py splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The num_frames parameter (default: 32), which is enforced by the load_bytes() code path, is completely bypassed in the video/jpeg base64 path. An attacker can send a single API request containing thousands of comma-separated base64-encoded JPEG frames, causing the server to decode all frames into memory and crash with OOM. This vulnerability is fixed in 0.19.0.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34755.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34755.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34755", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17216", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34755" }, { "reference_url": "https://github.com/vllm-project/vllm", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm" }, { "reference_url": "https://github.com/vllm-project/vllm/commit/58ee61422169ce17e08248f8efa1e9df434fe395", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm/commit/58ee61422169ce17e08248f8efa1e9df434fe395" }, { "reference_url": "https://github.com/vllm-project/vllm/pull/38636", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm/pull/38636" }, { "reference_url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pq5c-rjhq-qp7p", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T18:36:13Z/" } ], "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pq5c-rjhq-qp7p" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34755", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34755" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455403", "reference_id": "2455403", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455403" }, { "reference_url": "https://github.com/advisories/GHSA-pq5c-rjhq-qp7p", "reference_id": "GHSA-pq5c-rjhq-qp7p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-pq5c-rjhq-qp7p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/49120?format=api", "purl": "pkg:pypi/vllm@0.19.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jzjy-kj6h-4bas" }, { "vulnerability": "VCID-reu9-dy33-z7ez" }, { "vulnerability": "VCID-wa8k-r4vp-e7hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.19.0" } ], "aliases": [ "CVE-2026-34755", "GHSA-pq5c-rjhq-qp7p", "PYSEC-2026-144" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-za3a-c9m1-jqgz" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36972?format=api", "vulnerability_id": "VCID-737m-tpkz-qffm", "summary": "vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. Prefix caching makes use of Python's built-in hash() function. As of Python 3.12, the behavior of hash(None) has changed to be a predictable constant value. This makes it more feasible that someone could try exploit hash collisions. The impact of a collision would be using cache that was generated using different content. Given knowledge of prompts in use and predictable hashing behavior, someone could intentionally populate the cache using a prompt known to collide with another prompt in use. This issue has been addressed in version 0.7.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25183.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25183.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-25183", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55729", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-25183" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2025-62.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2025-62.yaml" }, { "reference_url": "https://github.com/python/cpython/commit/432117cd1f59c76d97da2eaff55a7d758301dbc7", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T20:33:57Z/" } ], "url": "https://github.com/python/cpython/commit/432117cd1f59c76d97da2eaff55a7d758301dbc7" }, { "reference_url": "https://github.com/python/cpython/pull/99541", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python/cpython/pull/99541" }, { "reference_url": "https://github.com/vllm-project/vllm", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm" }, { "reference_url": "https://github.com/vllm-project/vllm/commit/73b35cca7f3745d07d439c197768b25d88b6ab7f", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vllm-project/vllm/commit/73b35cca7f3745d07d439c197768b25d88b6ab7f" }, { "reference_url": "https://github.com/vllm-project/vllm/pull/12621", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T20:33:57Z/" } ], "url": "https://github.com/vllm-project/vllm/pull/12621" }, { "reference_url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-rm76-4mrf-v9r8", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T20:33:57Z/" } ], "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-rm76-4mrf-v9r8" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344292", "reference_id": "2344292", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344292" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25183", "reference_id": "CVE-2025-25183", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25183" }, { "reference_url": "https://github.com/advisories/GHSA-rm76-4mrf-v9r8", "reference_id": "GHSA-rm76-4mrf-v9r8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rm76-4mrf-v9r8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/44390?format=api", "purl": "pkg:pypi/vllm@0.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e3e-evbg-skcu" }, { "vulnerability": "VCID-54rz-whp1-kkhg" }, { "vulnerability": "VCID-5c5b-q5we-mfdu" }, { "vulnerability": "VCID-5dbv-fmn5-qydp" }, { "vulnerability": "VCID-8eu5-rcfy-2ygn" }, { "vulnerability": "VCID-acke-grhk-37bc" }, { "vulnerability": "VCID-dng6-6nw2-vkgt" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-f8nw-x5ug-kfh7" }, { "vulnerability": "VCID-ffxe-muxd-p3b3" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-ggsq-9qgx-vyf6" }, { "vulnerability": "VCID-jgbp-dwqq-dbdp" }, { "vulnerability": "VCID-k1qz-xe9c-2bg3" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-nhwm-kq25-t3dt" }, { "vulnerability": "VCID-prmn-2c4w-uuh5" }, { "vulnerability": "VCID-q5vf-2w1m-4fb1" }, { "vulnerability": "VCID-reu9-dy33-z7ez" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-u659-sd9h-tkf3" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-ut69-5v6z-dyd9" }, { "vulnerability": "VCID-wa8k-r4vp-e7hk" }, { "vulnerability": "VCID-wgcp-nzu8-47dr" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.7.2" } ], "aliases": [ "CVE-2025-25183", "GHSA-rm76-4mrf-v9r8", "PYSEC-2025-62" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-737m-tpkz-qffm" } ], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.7.2" }