Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/37074?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37074?format=api", "vulnerability_id": "VCID-ugds-eqgw-fbbz", "summary": "vLLM, an inference and serving engine for large language models (LLMs), has a Regular Expression Denial of Service (ReDoS) vulnerability in the file `vllm/entrypoints/openai/tool_parsers/pythonic_tool_parser.py` of versions 0.6.4 up to but excluding 0.9.0. The root cause is the use of a highly complex and nested regular expression for tool call detection, which can be exploited by an attacker to cause severe performance degradation or make the service unavailable. The pattern contains multiple nested quantifiers, optional groups, and inner repetitions which make it vulnerable to catastrophic backtracking. Version 0.9.0 contains a patch for the issue.", "aliases": [ { "alias": "CVE-2025-48887" }, { "alias": "PYSEC-2025-50" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/45283?format=api", "purl": "pkg:pypi/vllm@0.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.9.0" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/44380?format=api", "purl": "pkg:pypi/vllm@0.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-737m-tpkz-qffm" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-k1qz-xe9c-2bg3" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-w9kt-yaqy-47fb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/44381?format=api", "purl": "pkg:pypi/vllm@0.6.4.post1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-737m-tpkz-qffm" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-k1qz-xe9c-2bg3" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-w9kt-yaqy-47fb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.6.4.post1" }, { "url": "http://public2.vulnerablecode.io/api/packages/44382?format=api", "purl": "pkg:pypi/vllm@0.6.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-737m-tpkz-qffm" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-k1qz-xe9c-2bg3" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-u659-sd9h-tkf3" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-w9kt-yaqy-47fb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.6.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/44383?format=api", "purl": "pkg:pypi/vllm@0.6.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-737m-tpkz-qffm" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-k1qz-xe9c-2bg3" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-u659-sd9h-tkf3" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-w9kt-yaqy-47fb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.6.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/44384?format=api", "purl": "pkg:pypi/vllm@0.6.6.post1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-737m-tpkz-qffm" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-k1qz-xe9c-2bg3" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-u659-sd9h-tkf3" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-w9kt-yaqy-47fb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.6.6.post1" }, { "url": "http://public2.vulnerablecode.io/api/packages/44385?format=api", "purl": "pkg:pypi/vllm@0.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-737m-tpkz-qffm" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-k1qz-xe9c-2bg3" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-u659-sd9h-tkf3" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/44389?format=api", "purl": "pkg:pypi/vllm@0.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-737m-tpkz-qffm" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-k1qz-xe9c-2bg3" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-u659-sd9h-tkf3" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/44390?format=api", "purl": "pkg:pypi/vllm@0.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-k1qz-xe9c-2bg3" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-u659-sd9h-tkf3" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/44633?format=api", "purl": "pkg:pypi/vllm@0.7.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-k1qz-xe9c-2bg3" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-u659-sd9h-tkf3" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.7.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/44634?format=api", "purl": "pkg:pypi/vllm@0.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ec1-1h6d-tuaq" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-qake-z4ec-wkdu" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/45029?format=api", "purl": "pkg:pypi/vllm@0.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ec1-1h6d-tuaq" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-qake-z4ec-wkdu" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/45030?format=api", "purl": "pkg:pypi/vllm@0.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ec1-1h6d-tuaq" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-qake-z4ec-wkdu" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/45031?format=api", "purl": "pkg:pypi/vllm@0.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ec1-1h6d-tuaq" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-q8jt-32dy-w7cp" }, { "vulnerability": "VCID-qake-z4ec-wkdu" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/45032?format=api", "purl": "pkg:pypi/vllm@0.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ec1-1h6d-tuaq" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-qake-z4ec-wkdu" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/45033?format=api", "purl": "pkg:pypi/vllm@0.8.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ec1-1h6d-tuaq" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-qake-z4ec-wkdu" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/45282?format=api", "purl": "pkg:pypi/vllm@0.8.5.post1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ec1-1h6d-tuaq" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-qake-z4ec-wkdu" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.5.post1" } ], "references": [ { "reference_url": "https://github.com/vllm-project/vllm/commit/4fc1bf813ad80172c1db31264beaef7d93fe0601", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/vllm-project/vllm/commit/4fc1bf813ad80172c1db31264beaef7d93fe0601" }, { "reference_url": "https://github.com/vllm-project/vllm/pull/18454", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/vllm-project/vllm/pull/18454" }, { "reference_url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-w6q7-j642-7c25", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-w6q7-j642-7c25" } ], "weaknesses": [], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ugds-eqgw-fbbz" }