Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/36995?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36995?format=api", "vulnerability_id": "VCID-u659-sd9h-tkf3", "summary": "vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. When vLLM is configured to use Mooncake, unsafe deserialization exposed directly over ZMQ/TCP on all network interfaces will allow attackers to execute remote code on distributed hosts. This is a remote code execution vulnerability impacting any deployments using Mooncake to distribute KV across distributed hosts. This vulnerability is fixed in 0.8.0.", "aliases": [ { "alias": "CVE-2025-29783" }, { "alias": "GHSA-x3m8-f7g5-qhm7" }, { "alias": "PYSEC-2025-63" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/44634?format=api", "purl": "pkg:pypi/vllm@0.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ec1-1h6d-tuaq" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-qake-z4ec-wkdu" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.0" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/44382?format=api", "purl": "pkg:pypi/vllm@0.6.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-737m-tpkz-qffm" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-k1qz-xe9c-2bg3" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-u659-sd9h-tkf3" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-w9kt-yaqy-47fb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.6.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/44383?format=api", "purl": "pkg:pypi/vllm@0.6.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-737m-tpkz-qffm" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-k1qz-xe9c-2bg3" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-u659-sd9h-tkf3" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-w9kt-yaqy-47fb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.6.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/44384?format=api", "purl": "pkg:pypi/vllm@0.6.6.post1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-737m-tpkz-qffm" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-k1qz-xe9c-2bg3" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-u659-sd9h-tkf3" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-w9kt-yaqy-47fb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.6.6.post1" }, { "url": "http://public2.vulnerablecode.io/api/packages/44385?format=api", "purl": "pkg:pypi/vllm@0.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-737m-tpkz-qffm" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-k1qz-xe9c-2bg3" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-u659-sd9h-tkf3" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/44389?format=api", "purl": "pkg:pypi/vllm@0.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-737m-tpkz-qffm" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-k1qz-xe9c-2bg3" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-u659-sd9h-tkf3" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/44390?format=api", "purl": "pkg:pypi/vllm@0.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-k1qz-xe9c-2bg3" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-u659-sd9h-tkf3" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/44633?format=api", "purl": "pkg:pypi/vllm@0.7.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-k1qz-xe9c-2bg3" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-u659-sd9h-tkf3" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.7.3" } ], "references": [ { "reference_url": "https://github.com/vllm-project/vllm/commit/288ca110f68d23909728627d3100e5a8db820aa2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/vllm-project/vllm/commit/288ca110f68d23909728627d3100e5a8db820aa2" }, { "reference_url": "https://github.com/vllm-project/vllm/pull/14228", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/vllm-project/vllm/pull/14228" }, { "reference_url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-x3m8-f7g5-qhm7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-x3m8-f7g5-qhm7" } ], "weaknesses": [], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u659-sd9h-tkf3" }