Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/37179?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37179?format=api", "vulnerability_id": "VCID-nctw-rz8h-f3af", "summary": "vLLM is an inference and serving engine for large language models (LLMs). In versions from 0.6.4 to before 0.12.0, users can crash the vLLM engine serving multimodal models that use the Idefics3 vision model implementation by sending a specially crafted 1x1 pixel image. This causes a tensor dimension mismatch that results in an unhandled runtime error, leading to complete server termination. This issue has been patched in version 0.12.0.", "aliases": [ { "alias": "CVE-2026-22773" }, { "alias": "GHSA-grg2-63fw-f2qr" }, { "alias": "PYSEC-2026-143" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46993?format=api", "purl": "pkg:pypi/vllm@0.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.12.0" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/44380?format=api", "purl": "pkg:pypi/vllm@0.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-737m-tpkz-qffm" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-k1qz-xe9c-2bg3" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-w9kt-yaqy-47fb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/44381?format=api", "purl": "pkg:pypi/vllm@0.6.4.post1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-737m-tpkz-qffm" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-k1qz-xe9c-2bg3" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-w9kt-yaqy-47fb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.6.4.post1" }, { "url": "http://public2.vulnerablecode.io/api/packages/44382?format=api", "purl": "pkg:pypi/vllm@0.6.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-737m-tpkz-qffm" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-k1qz-xe9c-2bg3" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-u659-sd9h-tkf3" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-w9kt-yaqy-47fb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.6.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/44383?format=api", "purl": "pkg:pypi/vllm@0.6.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-737m-tpkz-qffm" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-k1qz-xe9c-2bg3" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-u659-sd9h-tkf3" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-w9kt-yaqy-47fb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.6.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/44384?format=api", "purl": "pkg:pypi/vllm@0.6.6.post1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-737m-tpkz-qffm" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-k1qz-xe9c-2bg3" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-u659-sd9h-tkf3" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-w9kt-yaqy-47fb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.6.6.post1" }, { "url": "http://public2.vulnerablecode.io/api/packages/44385?format=api", "purl": "pkg:pypi/vllm@0.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-737m-tpkz-qffm" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-k1qz-xe9c-2bg3" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-u659-sd9h-tkf3" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/44389?format=api", "purl": "pkg:pypi/vllm@0.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-737m-tpkz-qffm" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-k1qz-xe9c-2bg3" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-u659-sd9h-tkf3" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/44390?format=api", "purl": "pkg:pypi/vllm@0.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-k1qz-xe9c-2bg3" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-u659-sd9h-tkf3" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/44633?format=api", "purl": "pkg:pypi/vllm@0.7.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-k1qz-xe9c-2bg3" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-u659-sd9h-tkf3" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.7.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/44634?format=api", "purl": "pkg:pypi/vllm@0.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ec1-1h6d-tuaq" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-qake-z4ec-wkdu" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/45029?format=api", "purl": "pkg:pypi/vllm@0.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ec1-1h6d-tuaq" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-qake-z4ec-wkdu" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/45030?format=api", "purl": "pkg:pypi/vllm@0.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ec1-1h6d-tuaq" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-qake-z4ec-wkdu" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/45031?format=api", "purl": "pkg:pypi/vllm@0.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ec1-1h6d-tuaq" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-q8jt-32dy-w7cp" }, { "vulnerability": "VCID-qake-z4ec-wkdu" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/45032?format=api", "purl": "pkg:pypi/vllm@0.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ec1-1h6d-tuaq" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-qake-z4ec-wkdu" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/45033?format=api", "purl": "pkg:pypi/vllm@0.8.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ec1-1h6d-tuaq" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-qake-z4ec-wkdu" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/45282?format=api", "purl": "pkg:pypi/vllm@0.8.5.post1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ec1-1h6d-tuaq" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-qake-z4ec-wkdu" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.5.post1" }, { "url": "http://public2.vulnerablecode.io/api/packages/45283?format=api", "purl": "pkg:pypi/vllm@0.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.9.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/46983?format=api", "purl": "pkg:pypi/vllm@0.9.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.9.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/46984?format=api", "purl": "pkg:pypi/vllm@0.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.9.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/46985?format=api", "purl": "pkg:pypi/vllm@0.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.9.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/46986?format=api", "purl": "pkg:pypi/vllm@0.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.10.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/46987?format=api", "purl": "pkg:pypi/vllm@0.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b35p-p399-bqf7" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.10.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/46988?format=api", "purl": "pkg:pypi/vllm@0.10.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.10.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/46989?format=api", "purl": "pkg:pypi/vllm@0.10.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-m432-9c3w-4qan" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-z6u4-yvcm-gqhm" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.10.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/46990?format=api", "purl": "pkg:pypi/vllm@0.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.11.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/46991?format=api", "purl": "pkg:pypi/vllm@0.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/46992?format=api", "purl": "pkg:pypi/vllm@0.11.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.11.2" } ], "references": [ { "reference_url": "https://github.com/vllm-project/vllm", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/vllm-project/vllm" }, { "reference_url": "https://github.com/vllm-project/vllm/commit/0ec84221718d920c3f46da879cc354f94b8fb59e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/vllm-project/vllm/commit/0ec84221718d920c3f46da879cc354f94b8fb59e" }, { "reference_url": "https://github.com/vllm-project/vllm/pull/29881", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/vllm-project/vllm/pull/29881" }, { "reference_url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-grg2-63fw-f2qr", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-grg2-63fw-f2qr" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22773", "reference_id": "CVE-2026-22773", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22773" }, { "reference_url": "https://github.com/advisories/GHSA-grg2-63fw-f2qr", "reference_id": "GHSA-grg2-63fw-f2qr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-grg2-63fw-f2qr" } ], "weaknesses": [ { "cwe_id": 770, "name": "Allocation of Resources Without Limits or Throttling", "description": "The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "7.5 - 7.5", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nctw-rz8h-f3af" }