Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/37260?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37260?format=api", "vulnerability_id": "VCID-za3a-c9m1-jqgz", "summary": "vLLM is an inference and serving engine for large language models (LLMs). From 0.7.0 to before 0.19.0, the VideoMediaIO.load_base64() method at vllm/multimodal/media/video.py splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The num_frames parameter (default: 32), which is enforced by the load_bytes() code path, is completely bypassed in the video/jpeg base64 path. An attacker can send a single API request containing thousands of comma-separated base64-encoded JPEG frames, causing the server to decode all frames into memory and crash with OOM. This vulnerability is fixed in 0.19.0.", "aliases": [ { "alias": "CVE-2026-34755" }, { "alias": "GHSA-pq5c-rjhq-qp7p" }, { "alias": "PYSEC-2026-144" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/49120?format=api", "purl": "pkg:pypi/vllm@0.19.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jzjy-kj6h-4bas" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.19.0" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/44385?format=api", "purl": "pkg:pypi/vllm@0.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-737m-tpkz-qffm" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-k1qz-xe9c-2bg3" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-u659-sd9h-tkf3" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/44389?format=api", "purl": "pkg:pypi/vllm@0.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-737m-tpkz-qffm" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-k1qz-xe9c-2bg3" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-u659-sd9h-tkf3" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/44390?format=api", "purl": "pkg:pypi/vllm@0.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-k1qz-xe9c-2bg3" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-u659-sd9h-tkf3" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/44633?format=api", "purl": "pkg:pypi/vllm@0.7.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-k1qz-xe9c-2bg3" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-u659-sd9h-tkf3" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.7.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/44634?format=api", "purl": "pkg:pypi/vllm@0.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ec1-1h6d-tuaq" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-qake-z4ec-wkdu" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/45029?format=api", "purl": "pkg:pypi/vllm@0.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ec1-1h6d-tuaq" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-qake-z4ec-wkdu" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/45030?format=api", "purl": "pkg:pypi/vllm@0.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ec1-1h6d-tuaq" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-qake-z4ec-wkdu" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/45031?format=api", "purl": "pkg:pypi/vllm@0.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ec1-1h6d-tuaq" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-q8jt-32dy-w7cp" }, { "vulnerability": "VCID-qake-z4ec-wkdu" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/45032?format=api", "purl": "pkg:pypi/vllm@0.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ec1-1h6d-tuaq" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-fxgs-s1vm-8bez" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-qake-z4ec-wkdu" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/45033?format=api", "purl": "pkg:pypi/vllm@0.8.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ec1-1h6d-tuaq" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-qake-z4ec-wkdu" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/45282?format=api", "purl": "pkg:pypi/vllm@0.8.5.post1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ec1-1h6d-tuaq" }, { "vulnerability": "VCID-e8w2-9rwg-u7ba" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-qake-z4ec-wkdu" }, { "vulnerability": "VCID-svzy-7pke-2bdr" }, { "vulnerability": "VCID-ugds-eqgw-fbbz" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.5.post1" }, { "url": "http://public2.vulnerablecode.io/api/packages/45283?format=api", "purl": "pkg:pypi/vllm@0.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.9.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/46983?format=api", "purl": "pkg:pypi/vllm@0.9.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.9.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/46984?format=api", "purl": "pkg:pypi/vllm@0.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.9.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/46985?format=api", "purl": "pkg:pypi/vllm@0.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.9.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/46986?format=api", "purl": "pkg:pypi/vllm@0.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.10.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/46987?format=api", "purl": "pkg:pypi/vllm@0.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b35p-p399-bqf7" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.10.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/46988?format=api", "purl": "pkg:pypi/vllm@0.10.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.10.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/46989?format=api", "purl": "pkg:pypi/vllm@0.10.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-m432-9c3w-4qan" }, { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-z6u4-yvcm-gqhm" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.10.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/46990?format=api", "purl": "pkg:pypi/vllm@0.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.11.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/46991?format=api", "purl": "pkg:pypi/vllm@0.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/46992?format=api", "purl": "pkg:pypi/vllm@0.11.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nctw-rz8h-f3af" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.11.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/46993?format=api", "purl": "pkg:pypi/vllm@0.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.12.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/49110?format=api", "purl": "pkg:pypi/vllm@0.13.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.13.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/49111?format=api", "purl": "pkg:pypi/vllm@0.14.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.14.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/49112?format=api", "purl": "pkg:pypi/vllm@0.14.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.14.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/49113?format=api", "purl": "pkg:pypi/vllm@0.15.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.15.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/49114?format=api", "purl": "pkg:pypi/vllm@0.15.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e3eb-3bpf-h7gk" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.15.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/49115?format=api", "purl": "pkg:pypi/vllm@0.16.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.16.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/49116?format=api", "purl": "pkg:pypi/vllm@0.17.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.17.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/49117?format=api", "purl": "pkg:pypi/vllm@0.17.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.17.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/49118?format=api", "purl": "pkg:pypi/vllm@0.18.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jzjy-kj6h-4bas" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.18.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/49119?format=api", "purl": "pkg:pypi/vllm@0.18.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jzjy-kj6h-4bas" }, { "vulnerability": "VCID-za3a-c9m1-jqgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.18.1" } ], "references": [ { "reference_url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pq5c-rjhq-qp7p", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pq5c-rjhq-qp7p" } ], "weaknesses": [], "exploits": [], "severity_range_score": "6.5 - 6.5", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-za3a-c9m1-jqgz" }