{"url":"http://public2.vulnerablecode.io/api/packages/44390?format=json","purl":"pkg:pypi/vllm@0.7.2","type":"pypi","namespace":"","name":"vllm","version":"0.7.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.20.0","latest_non_vulnerable_version":"0.20.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47957?format=json","vulnerability_id":"VCID-4e3e-evbg-skcu","summary":"vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class\nA Server-Side Request Forgery (SSRF) vulnerability exists in the `MediaConnector` class within the vLLM project's multimodal feature set. The `load_from_url` and `load_from_url_async` methods fetch and process media from user-provided URLs without adequate restrictions on the target hosts. This allows an attacker to coerce the vLLM server into making arbitrary requests to internal network resources.\n\nThis vulnerability is particularly critical in containerized environments like `llm-d`, where a compromised vLLM pod could be used to scan the internal network, interact with other pods, and potentially cause denial of service or access sensitive data. For example, an attacker could make the vLLM pod send malicious requests to an internal `llm-d` management endpoint, leading to system instability by falsely reporting metrics like the KV cache state.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6242.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6242.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6242","reference_id":"","reference_type":"","scores":[{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16544","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6242"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2373716","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-07T19:55:28Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2373716"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://github.com/vllm-project/vllm/commit/9d9a2b77f19f68262d5e469c4e82c0f6365ad72d","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/commit/9d9a2b77f19f68262d5e469c4e82c0f6365ad72d"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3","reference_id":"cpe:/a:redhat:ai_inference_server:3","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux_ai:1","reference_id":"cpe:/a:redhat:enterprise_linux_ai:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux_ai:1"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-6242","reference_id":"CVE-2025-6242","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-07T19:55:28Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-6242"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6242","reference_id":"CVE-2025-6242","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6242"},{"reference_url":"https://github.com/advisories/GHSA-3f6c-7fw2-ppm4","reference_id":"GHSA-3f6c-7fw2-ppm4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3f6c-7fw2-ppm4"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-3f6c-7fw2-ppm4","reference_id":"GHSA-3f6c-7fw2-ppm4","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-3f6c-7fw2-ppm4"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23078","reference_id":"RHSA-2025:23078","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23079","reference_id":"RHSA-2025:23079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23080","reference_id":"RHSA-2025:23080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23080"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10184","reference_id":"RHSA-2026:10184","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10184"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19712","reference_id":"RHSA-2026:19712","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19712"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3461","reference_id":"RHSA-2026:3461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3462","reference_id":"RHSA-2026:3462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3713","reference_id":"RHSA-2026:3713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3713"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46990?format=json","purl":"pkg:pypi/vllm@0.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6td1-mwvq-u7a6"},{"vulnerability":"VCID-b35p-p399-bqf7"},{"vulnerability":"VCID-f8nw-x5ug-kfh7"},{"vulnerability":"VCID-ffxe-muxd-p3b3"},{"vulnerability":"VCID-ggsq-9qgx-vyf6"},{"vulnerability":"VCID-jgbp-dwqq-dbdp"},{"vulnerability":"VCID-m432-9c3w-4qan"},{"vulnerability":"VCID-nctw-rz8h-f3af"},{"vulnerability":"VCID-nhwm-kq25-t3dt"},{"vulnerability":"VCID-q8jt-32dy-w7cp"},{"vulnerability":"VCID-reu9-dy33-z7ez"},{"vulnerability":"VCID-wa8k-r4vp-e7hk"},{"vulnerability":"VCID-z6u4-yvcm-gqhm"},{"vulnerability":"VCID-za3a-c9m1-jqgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.11.0"}],"aliases":["CVE-2025-6242","GHSA-3f6c-7fw2-ppm4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4e3e-evbg-skcu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57364?format=json","vulnerability_id":"VCID-54rz-whp1-kkhg","summary":"vLLM vulnerable to Regular Expression Denial of Service\nA recent review identified several regular expressions in the vllm codebase that are susceptible to Regular Expression Denial of Service (ReDoS) attacks. These patterns, if fed with crafted or malicious input, may cause severe performance degradation due to catastrophic backtracking.","references":[{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://github.com/vllm-project/vllm/commit/4fc1bf813ad80172c1db31264beaef7d93fe0601","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/commit/4fc1bf813ad80172c1db31264beaef7d93fe0601"},{"reference_url":"https://github.com/vllm-project/vllm/pull/18454","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/pull/18454"},{"reference_url":"https://github.com/advisories/GHSA-j828-28rj-hfhp","reference_id":"GHSA-j828-28rj-hfhp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j828-28rj-hfhp"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-j828-28rj-hfhp","reference_id":"GHSA-j828-28rj-hfhp","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-j828-28rj-hfhp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45283?format=json","purl":"pkg:pypi/vllm@0.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e3e-evbg-skcu"},{"vulnerability":"VCID-5dbv-fmn5-qydp"},{"vulnerability":"VCID-8eu5-rcfy-2ygn"},{"vulnerability":"VCID-f8nw-x5ug-kfh7"},{"vulnerability":"VCID-ffxe-muxd-p3b3"},{"vulnerability":"VCID-ggsq-9qgx-vyf6"},{"vulnerability":"VCID-jgbp-dwqq-dbdp"},{"vulnerability":"VCID-nctw-rz8h-f3af"},{"vulnerability":"VCID-nhwm-kq25-t3dt"},{"vulnerability":"VCID-q8jt-32dy-w7cp"},{"vulnerability":"VCID-reu9-dy33-z7ez"},{"vulnerability":"VCID-ut69-5v6z-dyd9"},{"vulnerability":"VCID-wa8k-r4vp-e7hk"},{"vulnerability":"VCID-za3a-c9m1-jqgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.9.0"}],"aliases":["GHSA-j828-28rj-hfhp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-54rz-whp1-kkhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57136?format=json","vulnerability_id":"VCID-5c5b-q5we-mfdu","summary":"vLLM vulnerable to Denial of Service by abusing xgrammar cache\nThis report is to highlight a vulnerability in XGrammar, a library used by the structured output feature in vLLM. The XGrammar advisory is here: https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-389x-67px-mjg3\n\nThe [xgrammar](https://xgrammar.mlc.ai/docs/) library is the default backend used by vLLM to support structured output (a.k.a. guided decoding). Xgrammar provides a required, built-in cache for its compiled grammars stored in RAM. xgrammar is available by default through the OpenAI compatible API server with both the V0 and V1 engines.\n\nA malicious user can send a stream of very short decoding requests with unique schemas, resulting in an addition to the cache for each request. This can result in a Denial of Service by consuming all of the system's RAM.\n\nNote that even if vLLM was configured to use a different backend by default, it is still possible to choose xgrammar on a per-request basis using the `guided_decoding_backend` key of the `extra_body` field of the request with the V0 engine. This per-request choice is not available when using the V1 engine.","references":[{"reference_url":"https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-389x-67px-mjg3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-389x-67px-mjg3"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://github.com/vllm-project/vllm/commit/cb84e45ac75b42ba6795145923e8eb323bb825ad","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/commit/cb84e45ac75b42ba6795145923e8eb323bb825ad"},{"reference_url":"https://github.com/vllm-project/vllm/pull/16283","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/pull/16283"},{"reference_url":"https://github.com/advisories/GHSA-hf3c-wxg2-49q9","reference_id":"GHSA-hf3c-wxg2-49q9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hf3c-wxg2-49q9"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-hf3c-wxg2-49q9","reference_id":"GHSA-hf3c-wxg2-49q9","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-hf3c-wxg2-49q9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45032?format=json","purl":"pkg:pypi/vllm@0.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e3e-evbg-skcu"},{"vulnerability":"VCID-54rz-whp1-kkhg"},{"vulnerability":"VCID-5dbv-fmn5-qydp"},{"vulnerability":"VCID-5ec1-1h6d-tuaq"},{"vulnerability":"VCID-8eu5-rcfy-2ygn"},{"vulnerability":"VCID-acke-grhk-37bc"},{"vulnerability":"VCID-c8r5-ks1q-ekcu"},{"vulnerability":"VCID-e8w2-9rwg-u7ba"},{"vulnerability":"VCID-f8nw-x5ug-kfh7"},{"vulnerability":"VCID-ffxe-muxd-p3b3"},{"vulnerability":"VCID-fxgs-s1vm-8bez"},{"vulnerability":"VCID-ggsq-9qgx-vyf6"},{"vulnerability":"VCID-jgbp-dwqq-dbdp"},{"vulnerability":"VCID-nctw-rz8h-f3af"},{"vulnerability":"VCID-nhwm-kq25-t3dt"},{"vulnerability":"VCID-q5vf-2w1m-4fb1"},{"vulnerability":"VCID-q8jt-32dy-w7cp"},{"vulnerability":"VCID-qake-z4ec-wkdu"},{"vulnerability":"VCID-reu9-dy33-z7ez"},{"vulnerability":"VCID-svzy-7pke-2bdr"},{"vulnerability":"VCID-tcng-tr33-zqaa"},{"vulnerability":"VCID-ugds-eqgw-fbbz"},{"vulnerability":"VCID-ut69-5v6z-dyd9"},{"vulnerability":"VCID-wa8k-r4vp-e7hk"},{"vulnerability":"VCID-wgcp-nzu8-47dr"},{"vulnerability":"VCID-za3a-c9m1-jqgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.4"}],"aliases":["GHSA-hf3c-wxg2-49q9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5c5b-q5we-mfdu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47960?format=json","vulnerability_id":"VCID-5dbv-fmn5-qydp","summary":"vLLM is vulnerable to timing attack at bearer auth\nThe API key support in vLLM performed validation using a method that was vulnerable to a timing attack. This could potentially allow an attacker to discover a valid API key using an approach more efficient than brute force.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59425.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59425.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59425","reference_id":"","reference_type":"","scores":[{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53554","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59425"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://github.com/vllm-project/vllm/blob/4b946d693e0af15740e9ca9c0e059d5f333b1083/vllm/entrypoints/openai/api_server.py#L1270-L1274","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T14:32:10Z/"}],"url":"https://github.com/vllm-project/vllm/blob/4b946d693e0af15740e9ca9c0e059d5f333b1083/vllm/entrypoints/openai/api_server.py#L1270-L1274"},{"reference_url":"https://github.com/vllm-project/vllm/commit/ee10d7e6ff5875386c7f136ce8b5f525c8fcef48","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T14:32:10Z/"}],"url":"https://github.com/vllm-project/vllm/commit/ee10d7e6ff5875386c7f136ce8b5f525c8fcef48"},{"reference_url":"https://github.com/vllm-project/vllm/releases/tag/v0.11.0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T14:32:10Z/"}],"url":"https://github.com/vllm-project/vllm/releases/tag/v0.11.0"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2397234","reference_id":"2397234","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2397234"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59425","reference_id":"CVE-2025-59425","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59425"},{"reference_url":"https://github.com/advisories/GHSA-wr9h-g72x-mwhm","reference_id":"GHSA-wr9h-g72x-mwhm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wr9h-g72x-mwhm"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-wr9h-g72x-mwhm","reference_id":"GHSA-wr9h-g72x-mwhm","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T14:32:10Z/"}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-wr9h-g72x-mwhm"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23078","reference_id":"RHSA-2025:23078","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23079","reference_id":"RHSA-2025:23079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23080","reference_id":"RHSA-2025:23080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23080"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3461","reference_id":"RHSA-2026:3461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3462","reference_id":"RHSA-2026:3462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3713","reference_id":"RHSA-2026:3713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3782","reference_id":"RHSA-2026:3782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3782"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46990?format=json","purl":"pkg:pypi/vllm@0.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6td1-mwvq-u7a6"},{"vulnerability":"VCID-b35p-p399-bqf7"},{"vulnerability":"VCID-f8nw-x5ug-kfh7"},{"vulnerability":"VCID-ffxe-muxd-p3b3"},{"vulnerability":"VCID-ggsq-9qgx-vyf6"},{"vulnerability":"VCID-jgbp-dwqq-dbdp"},{"vulnerability":"VCID-m432-9c3w-4qan"},{"vulnerability":"VCID-nctw-rz8h-f3af"},{"vulnerability":"VCID-nhwm-kq25-t3dt"},{"vulnerability":"VCID-q8jt-32dy-w7cp"},{"vulnerability":"VCID-reu9-dy33-z7ez"},{"vulnerability":"VCID-wa8k-r4vp-e7hk"},{"vulnerability":"VCID-z6u4-yvcm-gqhm"},{"vulnerability":"VCID-za3a-c9m1-jqgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.11.0"}],"aliases":["CVE-2025-59425","GHSA-wr9h-g72x-mwhm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5dbv-fmn5-qydp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47955?format=json","vulnerability_id":"VCID-8eu5-rcfy-2ygn","summary":"vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server\nA resource-exhaustion (denial-of-service) vulnerability exists in multiple endpoints of the OpenAI-Compatible Server due to the ability to specify Jinja templates via the `chat_template` and `chat_template_kwargs` parameters. If an attacker can supply these parameters to the API, they can cause a service outage by exhausting CPU and/or memory resources.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61620.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61620.json"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://github.com/vllm-project/vllm/commit/7977e5027c2250a4abc1f474c5619c40b4e5682f","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/commit/7977e5027c2250a4abc1f474c5619c40b4e5682f"},{"reference_url":"https://github.com/vllm-project/vllm/pull/25794","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/pull/25794"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2401761","reference_id":"2401761","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2401761"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61620","reference_id":"CVE-2025-61620","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61620"},{"reference_url":"https://github.com/advisories/GHSA-6fvq-23cw-5628","reference_id":"GHSA-6fvq-23cw-5628","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6fvq-23cw-5628"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-6fvq-23cw-5628","reference_id":"GHSA-6fvq-23cw-5628","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-6fvq-23cw-5628"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3461","reference_id":"RHSA-2026:3461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3462","reference_id":"RHSA-2026:3462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3462"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46990?format=json","purl":"pkg:pypi/vllm@0.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6td1-mwvq-u7a6"},{"vulnerability":"VCID-b35p-p399-bqf7"},{"vulnerability":"VCID-f8nw-x5ug-kfh7"},{"vulnerability":"VCID-ffxe-muxd-p3b3"},{"vulnerability":"VCID-ggsq-9qgx-vyf6"},{"vulnerability":"VCID-jgbp-dwqq-dbdp"},{"vulnerability":"VCID-m432-9c3w-4qan"},{"vulnerability":"VCID-nctw-rz8h-f3af"},{"vulnerability":"VCID-nhwm-kq25-t3dt"},{"vulnerability":"VCID-q8jt-32dy-w7cp"},{"vulnerability":"VCID-reu9-dy33-z7ez"},{"vulnerability":"VCID-wa8k-r4vp-e7hk"},{"vulnerability":"VCID-z6u4-yvcm-gqhm"},{"vulnerability":"VCID-za3a-c9m1-jqgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.11.0"}],"aliases":["CVE-2025-61620","GHSA-6fvq-23cw-5628"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8eu5-rcfy-2ygn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57327?format=json","vulnerability_id":"VCID-acke-grhk-37bc","summary":"vLLM Allows Remote Code Execution via PyNcclPipe Communication Service\nvLLM supports the use of the `PyNcclPipe` class to establish a peer-to-peer communication domain for data transmission between distributed nodes. The GPU-side KV-Cache transmission is implemented through the `PyNcclCommunicator` class, while CPU-side control message passing is handled via the `send_obj` and `recv_obj` methods on the CPU side.​\n\nA remote code execution vulnerability exists in the `PyNcclPipe` service. Attackers can exploit this by sending malicious serialized data to gain server control privileges.\n\nThe intention was that this interface should only be exposed to a private network using the IP address specified by the `--kv-ip` CLI parameter. The vLLM documentation covers how this must be limited to a secured network: https://docs.vllm.ai/en/latest/deployment/security.html\n\nUnfortunately, the default behavior from PyTorch is that the `TCPStore` interface will listen on ALL interfaces, regardless of what IP address is provided. The IP address given was only used as a client-side address to use. vLLM was fixed to use a workaround to force the `TCPStore` instance to bind its socket to a specified private interface.\n\nThis issue was reported privately to PyTorch and they determined that this behavior was intentional.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47277.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47277.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47277","reference_id":"","reference_type":"","scores":[{"value":"0.00865","scoring_system":"epss","scoring_elements":"0.75502","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47277"},{"reference_url":"https://docs.vllm.ai/en/latest/deployment/security.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-20T17:52:22Z/"}],"url":"https://docs.vllm.ai/en/latest/deployment/security.html"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://github.com/vllm-project/vllm/commit/0d6e187e88874c39cda7409cf673f9e6546893e7","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-20T17:52:22Z/"}],"url":"https://github.com/vllm-project/vllm/commit/0d6e187e88874c39cda7409cf673f9e6546893e7"},{"reference_url":"https://github.com/vllm-project/vllm/pull/15988","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-20T17:52:22Z/"}],"url":"https://github.com/vllm-project/vllm/pull/15988"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2367605","reference_id":"2367605","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2367605"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-47277","reference_id":"CVE-2025-47277","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-47277"},{"reference_url":"https://github.com/advisories/GHSA-hjq4-87xh-g4fv","reference_id":"GHSA-hjq4-87xh-g4fv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hjq4-87xh-g4fv"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-hjq4-87xh-g4fv","reference_id":"GHSA-hjq4-87xh-g4fv","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-20T17:52:22Z/"}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-hjq4-87xh-g4fv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10403","reference_id":"RHSA-2025:10403","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10403"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10404","reference_id":"RHSA-2025:10404","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10404"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15832","reference_id":"RHSA-2025:15832","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15832"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15836","reference_id":"RHSA-2025:15836","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15836"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15837","reference_id":"RHSA-2025:15837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15838","reference_id":"RHSA-2025:15838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15839","reference_id":"RHSA-2025:15839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15840","reference_id":"RHSA-2025:15840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15841","reference_id":"RHSA-2025:15841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15842","reference_id":"RHSA-2025:15842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15843","reference_id":"RHSA-2025:15843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15867","reference_id":"RHSA-2025:15867","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15867"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45033?format=json","purl":"pkg:pypi/vllm@0.8.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e3e-evbg-skcu"},{"vulnerability":"VCID-54rz-whp1-kkhg"},{"vulnerability":"VCID-5dbv-fmn5-qydp"},{"vulnerability":"VCID-5ec1-1h6d-tuaq"},{"vulnerability":"VCID-8eu5-rcfy-2ygn"},{"vulnerability":"VCID-c8r5-ks1q-ekcu"},{"vulnerability":"VCID-e8w2-9rwg-u7ba"},{"vulnerability":"VCID-f8nw-x5ug-kfh7"},{"vulnerability":"VCID-ffxe-muxd-p3b3"},{"vulnerability":"VCID-ggsq-9qgx-vyf6"},{"vulnerability":"VCID-jgbp-dwqq-dbdp"},{"vulnerability":"VCID-nctw-rz8h-f3af"},{"vulnerability":"VCID-nhwm-kq25-t3dt"},{"vulnerability":"VCID-q8jt-32dy-w7cp"},{"vulnerability":"VCID-qake-z4ec-wkdu"},{"vulnerability":"VCID-reu9-dy33-z7ez"},{"vulnerability":"VCID-svzy-7pke-2bdr"},{"vulnerability":"VCID-ugds-eqgw-fbbz"},{"vulnerability":"VCID-ut69-5v6z-dyd9"},{"vulnerability":"VCID-wa8k-r4vp-e7hk"},{"vulnerability":"VCID-wgcp-nzu8-47dr"},{"vulnerability":"VCID-za3a-c9m1-jqgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.5"}],"aliases":["CVE-2025-47277","GHSA-hjq4-87xh-g4fv"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-acke-grhk-37bc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56906?format=json","vulnerability_id":"VCID-dng6-6nw2-vkgt","summary":"vLLM deserialization vulnerability in vllm.distributed.GroupCoordinator.recv_object\nvllm-project vllm version 0.6.0 contains a vulnerability in the distributed training API. The function vllm.distributed.GroupCoordinator.recv_object() deserializes received object bytes using pickle.loads() without sanitization, leading to a remote code execution vulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9052.json","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9052.json"},{"reference_url":"https://github.com/github/advisory-database/pull/5444","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/github/advisory-database/pull/5444"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://github.com/vllm-project/vllm/blob/32e7db25365415841ebc7c4215851743fbb1bad1/vllm/distributed/parallel_state.py#L480","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/blob/32e7db25365415841ebc7c4215851743fbb1bad1/vllm/distributed/parallel_state.py#L480"},{"reference_url":"https://github.com/vllm-project/vllm/blob/v0.8.1/vllm/distributed/parallel_state.py#L457","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/blob/v0.8.1/vllm/distributed/parallel_state.py#L457"},{"reference_url":"https://huntr.com/bounties/ea75728f-4efe-4a3d-9f53-33f2c908e9f8","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.com/bounties/ea75728f-4efe-4a3d-9f53-33f2c908e9f8"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2353764","reference_id":"2353764","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2353764"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-9052","reference_id":"CVE-2024-9052","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-9052"},{"reference_url":"https://github.com/advisories/GHSA-pgr7-mhp5-fgjp","reference_id":"GHSA-pgr7-mhp5-fgjp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pgr7-mhp5-fgjp"}],"fixed_packages":[],"aliases":["CVE-2024-9052","GHSA-pgr7-mhp5-fgjp"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dng6-6nw2-vkgt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37072?format=json","vulnerability_id":"VCID-e8w2-9rwg-u7ba","summary":"vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.9.0, when a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the prefill process speeds up, which is reflected in the TTFT (Time to First Token). These timing differences caused by matching chunks are significant enough to be recognized and exploited. This issue has been patched in version 0.9.0.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46570.json","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46570.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-46570","reference_id":"","reference_type":"","scores":[{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39006","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-46570"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2025-53.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2025-53.yaml"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://github.com/vllm-project/vllm/commit/77073c77bc2006eb80ea6d5128f076f5e6c6f54f","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T18:04:57Z/"}],"url":"https://github.com/vllm-project/vllm/commit/77073c77bc2006eb80ea6d5128f076f5e6c6f54f"},{"reference_url":"https://github.com/vllm-project/vllm/pull/17045","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T18:04:57Z/"}],"url":"https://github.com/vllm-project/vllm/pull/17045"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-4qjh-9fv9-r85r","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T18:04:57Z/"}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-4qjh-9fv9-r85r"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2369223","reference_id":"2369223","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2369223"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-46570","reference_id":"CVE-2025-46570","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-46570"},{"reference_url":"https://github.com/advisories/GHSA-4qjh-9fv9-r85r","reference_id":"GHSA-4qjh-9fv9-r85r","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4qjh-9fv9-r85r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45283?format=json","purl":"pkg:pypi/vllm@0.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e3e-evbg-skcu"},{"vulnerability":"VCID-5dbv-fmn5-qydp"},{"vulnerability":"VCID-8eu5-rcfy-2ygn"},{"vulnerability":"VCID-f8nw-x5ug-kfh7"},{"vulnerability":"VCID-ffxe-muxd-p3b3"},{"vulnerability":"VCID-ggsq-9qgx-vyf6"},{"vulnerability":"VCID-jgbp-dwqq-dbdp"},{"vulnerability":"VCID-nctw-rz8h-f3af"},{"vulnerability":"VCID-nhwm-kq25-t3dt"},{"vulnerability":"VCID-q8jt-32dy-w7cp"},{"vulnerability":"VCID-reu9-dy33-z7ez"},{"vulnerability":"VCID-ut69-5v6z-dyd9"},{"vulnerability":"VCID-wa8k-r4vp-e7hk"},{"vulnerability":"VCID-za3a-c9m1-jqgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.9.0"}],"aliases":["CVE-2025-46570","GHSA-4qjh-9fv9-r85r","PYSEC-2025-53"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e8w2-9rwg-u7ba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48422?format=json","vulnerability_id":"VCID-f8nw-x5ug-kfh7","summary":"vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs\nUsers can crash the vLLM engine serving multimodal models by passing multimodal embedding inputs with correct `ndim` but incorrect `shape` (e.g. hidden dimension is wrong), regardless of whether the model is intended to support such inputs (as defined in the Supported Models page).\n\nThe issue has existed ever since we added support for image embedding inputs, i.e. #6613 (released in v0.5.5)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62372.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62372.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62372","reference_id":"","reference_type":"","scores":[{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25424","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62372"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T17:07:55Z/"}],"url":"https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b"},{"reference_url":"https://github.com/vllm-project/vllm/pull/27204","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T17:07:55Z/"}],"url":"https://github.com/vllm-project/vllm/pull/27204"},{"reference_url":"https://github.com/vllm-project/vllm/pull/6613","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T17:07:55Z/"}],"url":"https://github.com/vllm-project/vllm/pull/6613"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416280","reference_id":"2416280","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416280"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62372","reference_id":"CVE-2025-62372","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62372"},{"reference_url":"https://github.com/advisories/GHSA-pmqf-x6x8-p7qw","reference_id":"GHSA-pmqf-x6x8-p7qw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pmqf-x6x8-p7qw"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw","reference_id":"GHSA-pmqf-x6x8-p7qw","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T17:07:55Z/"}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23204","reference_id":"RHSA-2025:23204","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23204"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23205","reference_id":"RHSA-2025:23205","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23205"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23209","reference_id":"RHSA-2025:23209","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23209"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23449","reference_id":"RHSA-2025:23449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3461","reference_id":"RHSA-2026:3461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3462","reference_id":"RHSA-2026:3462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3462"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46991?format=json","purl":"pkg:pypi/vllm@0.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6td1-mwvq-u7a6"},{"vulnerability":"VCID-b35p-p399-bqf7"},{"vulnerability":"VCID-ffxe-muxd-p3b3"},{"vulnerability":"VCID-ggsq-9qgx-vyf6"},{"vulnerability":"VCID-nctw-rz8h-f3af"},{"vulnerability":"VCID-q8jt-32dy-w7cp"},{"vulnerability":"VCID-reu9-dy33-z7ez"},{"vulnerability":"VCID-wa8k-r4vp-e7hk"},{"vulnerability":"VCID-z6u4-yvcm-gqhm"},{"vulnerability":"VCID-za3a-c9m1-jqgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.11.1"}],"aliases":["CVE-2025-62372","GHSA-pmqf-x6x8-p7qw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f8nw-x5ug-kfh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63583?format=json","vulnerability_id":"VCID-ffxe-muxd-p3b3","summary":"vllm: vLLM: Denial of Service via excessively large 'n' parameter in OpenAI-compatible API","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34756.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34756.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34756","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.1564","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34756"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://github.com/vllm-project/vllm/commit/b111f8a61f100fdca08706f41f29ef3548de7380","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:16:25Z/"}],"url":"https://github.com/vllm-project/vllm/commit/b111f8a61f100fdca08706f41f29ef3548de7380"},{"reference_url":"https://github.com/vllm-project/vllm/pull/37952","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:16:25Z/"}],"url":"https://github.com/vllm-project/vllm/pull/37952"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-3mwp-wvh9-7528","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:16:25Z/"}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-3mwp-wvh9-7528"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34756","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34756"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455425","reference_id":"2455425","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455425"},{"reference_url":"https://github.com/advisories/GHSA-3mwp-wvh9-7528","reference_id":"GHSA-3mwp-wvh9-7528","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3mwp-wvh9-7528"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49120?format=json","purl":"pkg:pypi/vllm@0.19.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jzjy-kj6h-4bas"},{"vulnerability":"VCID-reu9-dy33-z7ez"},{"vulnerability":"VCID-wa8k-r4vp-e7hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.19.0"}],"aliases":["CVE-2026-34756","GHSA-3mwp-wvh9-7528"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ffxe-muxd-p3b3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37051?format=json","vulnerability_id":"VCID-fxgs-s1vm-8bez","summary":"vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration with mooncake, are vulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerable sockets were set to listen on all network interfaces, increasing the likelihood that an attacker is able to reach the vulnerable ZeroMQ sockets to carry out an attack. vLLM instances that do not make use of the mooncake integration are not vulnerable. This issue has been patched in version 0.8.5.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32444.json","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32444.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32444","reference_id":"","reference_type":"","scores":[{"value":"0.02477","scoring_system":"epss","scoring_elements":"0.85579","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32444"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2025-42.yaml","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2025-42.yaml"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://github.com/vllm-project/vllm/blob/32b14baf8a1f7195ca09484de3008063569b43c5/vllm/distributed/kv_transfer/kv_pipe/mooncake_pipe.py#L179","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:08:21Z/"}],"url":"https://github.com/vllm-project/vllm/blob/32b14baf8a1f7195ca09484de3008063569b43c5/vllm/distributed/kv_transfer/kv_pipe/mooncake_pipe.py#L179"},{"reference_url":"https://github.com/vllm-project/vllm/commit/a5450f11c95847cf51a17207af9a3ca5ab569b2c","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:08:21Z/"}],"url":"https://github.com/vllm-project/vllm/commit/a5450f11c95847cf51a17207af9a3ca5ab569b2c"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-hj4w-hm2g-p6w5","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:08:21Z/"}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-hj4w-hm2g-p6w5"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-x3m8-f7g5-qhm7","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:08:21Z/"}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-x3m8-f7g5-qhm7"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2363024","reference_id":"2363024","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2363024"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32444","reference_id":"CVE-2025-32444","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32444"},{"reference_url":"https://github.com/advisories/GHSA-hj4w-hm2g-p6w5","reference_id":"GHSA-hj4w-hm2g-p6w5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hj4w-hm2g-p6w5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45033?format=json","purl":"pkg:pypi/vllm@0.8.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e3e-evbg-skcu"},{"vulnerability":"VCID-54rz-whp1-kkhg"},{"vulnerability":"VCID-5dbv-fmn5-qydp"},{"vulnerability":"VCID-5ec1-1h6d-tuaq"},{"vulnerability":"VCID-8eu5-rcfy-2ygn"},{"vulnerability":"VCID-c8r5-ks1q-ekcu"},{"vulnerability":"VCID-e8w2-9rwg-u7ba"},{"vulnerability":"VCID-f8nw-x5ug-kfh7"},{"vulnerability":"VCID-ffxe-muxd-p3b3"},{"vulnerability":"VCID-ggsq-9qgx-vyf6"},{"vulnerability":"VCID-jgbp-dwqq-dbdp"},{"vulnerability":"VCID-nctw-rz8h-f3af"},{"vulnerability":"VCID-nhwm-kq25-t3dt"},{"vulnerability":"VCID-q8jt-32dy-w7cp"},{"vulnerability":"VCID-qake-z4ec-wkdu"},{"vulnerability":"VCID-reu9-dy33-z7ez"},{"vulnerability":"VCID-svzy-7pke-2bdr"},{"vulnerability":"VCID-ugds-eqgw-fbbz"},{"vulnerability":"VCID-ut69-5v6z-dyd9"},{"vulnerability":"VCID-wa8k-r4vp-e7hk"},{"vulnerability":"VCID-wgcp-nzu8-47dr"},{"vulnerability":"VCID-za3a-c9m1-jqgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.5"}],"aliases":["CVE-2025-32444","GHSA-hj4w-hm2g-p6w5","PYSEC-2025-42"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fxgs-s1vm-8bez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49873?format=json","vulnerability_id":"VCID-ggsq-9qgx-vyf6","summary":"vLLM vulnerable to Server-Side Request Forgery (SSRF) through MediaConnector\nA Server-Side Request Forgery (SSRF) vulnerability exists in the `MediaConnector` class within the vLLM project's multimodal feature set. The load_from_url and load_from_url_async methods obtain and process media from URLs provided by users, using different Python parsing libraries when restricting the target host. These two parsing libraries have different interpretations of backslashes, which allows the host name restriction to be bypassed. This allows an attacker to coerce the vLLM server into making arbitrary requests to internal network resources.\n\nThis vulnerability is particularly critical in containerized environments like `llm-d`, where a compromised vLLM pod could be used to scan the internal network, interact with other pods, and potentially cause Denial of Service or access sensitive data. For example, an attacker could make the vLLM pod send malicious requests to an internal `llm-d` management endpoint, leading to system instability by falsely reporting metrics like the KV cache state.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24779.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24779.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24779","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11693","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24779"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://github.com/vllm-project/vllm/commit/f46d576c54fb8aeec5fc70560e850bed38ef17d7","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-28T21:10:30Z/"}],"url":"https://github.com/vllm-project/vllm/commit/f46d576c54fb8aeec5fc70560e850bed38ef17d7"},{"reference_url":"https://github.com/vllm-project/vllm/pull/32746","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-28T21:10:30Z/"}],"url":"https://github.com/vllm-project/vllm/pull/32746"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433624","reference_id":"2433624","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433624"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24779","reference_id":"CVE-2026-24779","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24779"},{"reference_url":"https://github.com/advisories/GHSA-qh4c-xf7m-gxfc","reference_id":"GHSA-qh4c-xf7m-gxfc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qh4c-xf7m-gxfc"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-qh4c-xf7m-gxfc","reference_id":"GHSA-qh4c-xf7m-gxfc","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-28T21:10:30Z/"}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-qh4c-xf7m-gxfc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10184","reference_id":"RHSA-2026:10184","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10184"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19712","reference_id":"RHSA-2026:19712","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19712"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3461","reference_id":"RHSA-2026:3461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3462","reference_id":"RHSA-2026:3462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3782","reference_id":"RHSA-2026:3782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3782"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49112?format=json","purl":"pkg:pypi/vllm@0.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6td1-mwvq-u7a6"},{"vulnerability":"VCID-ffxe-muxd-p3b3"},{"vulnerability":"VCID-reu9-dy33-z7ez"},{"vulnerability":"VCID-wa8k-r4vp-e7hk"},{"vulnerability":"VCID-za3a-c9m1-jqgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.14.1"}],"aliases":["CVE-2026-24779","GHSA-qh4c-xf7m-gxfc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ggsq-9qgx-vyf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49316?format=json","vulnerability_id":"VCID-jgbp-dwqq-dbdp","summary":"vLLM vulnerable to remote code execution via transformers_utils/get_config\n`vllm` has a critical remote code execution vector in a config class named `Nemotron_Nano_VL_Config`. When `vllm` loads a model config that contains an `auto_map` entry, the config class resolves that mapping with `get_class_from_dynamic_module(...)` and immediately instantiates the returned class. This fetches and executes Python from the remote repository referenced in the `auto_map` string. Crucially, this happens even when the caller explicitly sets `trust_remote_code=False` in `vllm.transformers_utils.config.get_config`. In practice, an attacker can publish a benign-looking frontend repo whose `config.json` points via `auto_map` to a separate malicious backend repo; loading the frontend will silently run the backend’s code on the victim host.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66448.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66448.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66448","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14241","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66448"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-02T14:14:49Z/"}],"url":"https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86"},{"reference_url":"https://github.com/vllm-project/vllm/pull/28126","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-02T14:14:49Z/"}],"url":"https://github.com/vllm-project/vllm/pull/28126"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418152","reference_id":"2418152","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418152"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66448","reference_id":"CVE-2025-66448","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66448"},{"reference_url":"https://github.com/advisories/GHSA-8fr4-5q9j-m8gm","reference_id":"GHSA-8fr4-5q9j-m8gm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8fr4-5q9j-m8gm"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm","reference_id":"GHSA-8fr4-5q9j-m8gm","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-02T14:14:49Z/"}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23078","reference_id":"RHSA-2025:23078","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23079","reference_id":"RHSA-2025:23079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23080","reference_id":"RHSA-2025:23080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23080"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23204","reference_id":"RHSA-2025:23204","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23204"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23205","reference_id":"RHSA-2025:23205","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23205"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23209","reference_id":"RHSA-2025:23209","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23209"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23449","reference_id":"RHSA-2025:23449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19712","reference_id":"RHSA-2026:19712","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19712"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3461","reference_id":"RHSA-2026:3461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3462","reference_id":"RHSA-2026:3462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3713","reference_id":"RHSA-2026:3713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3782","reference_id":"RHSA-2026:3782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3782"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46991?format=json","purl":"pkg:pypi/vllm@0.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6td1-mwvq-u7a6"},{"vulnerability":"VCID-b35p-p399-bqf7"},{"vulnerability":"VCID-ffxe-muxd-p3b3"},{"vulnerability":"VCID-ggsq-9qgx-vyf6"},{"vulnerability":"VCID-nctw-rz8h-f3af"},{"vulnerability":"VCID-q8jt-32dy-w7cp"},{"vulnerability":"VCID-reu9-dy33-z7ez"},{"vulnerability":"VCID-wa8k-r4vp-e7hk"},{"vulnerability":"VCID-z6u4-yvcm-gqhm"},{"vulnerability":"VCID-za3a-c9m1-jqgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.11.1"}],"aliases":["CVE-2025-66448","GHSA-8fr4-5q9j-m8gm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jgbp-dwqq-dbdp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36994?format=json","vulnerability_id":"VCID-k1qz-xe9c-2bg3","summary":"vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. The outlines library is one of the backends used by vLLM to support structured output (a.k.a. guided decoding). Outlines provides an optional cache for its compiled grammars on the local filesystem. This cache has been on by default in vLLM. Outlines is also available by default through the OpenAI compatible API server. The affected code in vLLM is vllm/model_executor/guided_decoding/outlines_logits_processors.py, which unconditionally uses the cache from outlines. A malicious user can send a stream of very short decoding requests with unique schemas, resulting in an addition to the cache for each request. This can result in a Denial of Service if the filesystem runs out of space. Note that even if vLLM was configured to use a different backend by default, it is still possible to choose outlines on a per-request basis using the guided_decoding_backend key of the extra_body field of the request. This issue applies only to the V0 engine and is fixed in 0.8.0.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-29770.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-29770.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-29770","reference_id":"","reference_type":"","scores":[{"value":"0.00658","scoring_system":"epss","scoring_elements":"0.71497","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-29770"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://github.com/vllm-project/vllm/blob/53be4a863486d02bd96a59c674bbec23eec508f6/vllm/model_executor/guided_decoding/outlines_logits_processors.py","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T20:14:04Z/"}],"url":"https://github.com/vllm-project/vllm/blob/53be4a863486d02bd96a59c674bbec23eec508f6/vllm/model_executor/guided_decoding/outlines_logits_processors.py"},{"reference_url":"https://github.com/vllm-project/vllm/pull/14837","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T20:14:04Z/"}],"url":"https://github.com/vllm-project/vllm/pull/14837"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-mgrm-fgjv-mhv8","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T20:14:04Z/"}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-mgrm-fgjv-mhv8"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2353368","reference_id":"2353368","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2353368"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-29770","reference_id":"CVE-2025-29770","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-29770"},{"reference_url":"https://github.com/advisories/GHSA-mgrm-fgjv-mhv8","reference_id":"GHSA-mgrm-fgjv-mhv8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mgrm-fgjv-mhv8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44634?format=json","purl":"pkg:pypi/vllm@0.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e3e-evbg-skcu"},{"vulnerability":"VCID-54rz-whp1-kkhg"},{"vulnerability":"VCID-5c5b-q5we-mfdu"},{"vulnerability":"VCID-5dbv-fmn5-qydp"},{"vulnerability":"VCID-5ec1-1h6d-tuaq"},{"vulnerability":"VCID-8eu5-rcfy-2ygn"},{"vulnerability":"VCID-acke-grhk-37bc"},{"vulnerability":"VCID-c8r5-ks1q-ekcu"},{"vulnerability":"VCID-dng6-6nw2-vkgt"},{"vulnerability":"VCID-e8w2-9rwg-u7ba"},{"vulnerability":"VCID-f8nw-x5ug-kfh7"},{"vulnerability":"VCID-ffxe-muxd-p3b3"},{"vulnerability":"VCID-fxgs-s1vm-8bez"},{"vulnerability":"VCID-ggsq-9qgx-vyf6"},{"vulnerability":"VCID-jgbp-dwqq-dbdp"},{"vulnerability":"VCID-nctw-rz8h-f3af"},{"vulnerability":"VCID-nhwm-kq25-t3dt"},{"vulnerability":"VCID-q5vf-2w1m-4fb1"},{"vulnerability":"VCID-qake-z4ec-wkdu"},{"vulnerability":"VCID-reu9-dy33-z7ez"},{"vulnerability":"VCID-svzy-7pke-2bdr"},{"vulnerability":"VCID-tcng-tr33-zqaa"},{"vulnerability":"VCID-ugds-eqgw-fbbz"},{"vulnerability":"VCID-ut69-5v6z-dyd9"},{"vulnerability":"VCID-wa8k-r4vp-e7hk"},{"vulnerability":"VCID-wgcp-nzu8-47dr"},{"vulnerability":"VCID-za3a-c9m1-jqgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.0"}],"aliases":["CVE-2025-29770","GHSA-mgrm-fgjv-mhv8","PYSEC-2025-223"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k1qz-xe9c-2bg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37179?format=json","vulnerability_id":"VCID-nctw-rz8h-f3af","summary":"vLLM is an inference and serving engine for large language models (LLMs). In versions from 0.6.4 to before 0.12.0, users can crash the vLLM engine serving multimodal models that use the Idefics3 vision model implementation by sending a specially crafted 1x1 pixel image. This causes a tensor dimension mismatch that results in an unhandled runtime error, leading to complete server termination. This issue has been patched in version 0.12.0.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22773.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22773.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22773","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07112","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22773"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://github.com/vllm-project/vllm/commit/0ec84221718d920c3f46da879cc354f94b8fb59e","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/commit/0ec84221718d920c3f46da879cc354f94b8fb59e"},{"reference_url":"https://github.com/vllm-project/vllm/pull/29881","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/pull/29881"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-grg2-63fw-f2qr","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-12T13:22:42Z/"}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-grg2-63fw-f2qr"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428443","reference_id":"2428443","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428443"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22773","reference_id":"CVE-2026-22773","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22773"},{"reference_url":"https://github.com/advisories/GHSA-grg2-63fw-f2qr","reference_id":"GHSA-grg2-63fw-f2qr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-grg2-63fw-f2qr"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10184","reference_id":"RHSA-2026:10184","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10184"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3461","reference_id":"RHSA-2026:3461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3462","reference_id":"RHSA-2026:3462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3462"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46993?format=json","purl":"pkg:pypi/vllm@0.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6td1-mwvq-u7a6"},{"vulnerability":"VCID-b35p-p399-bqf7"},{"vulnerability":"VCID-ffxe-muxd-p3b3"},{"vulnerability":"VCID-ggsq-9qgx-vyf6"},{"vulnerability":"VCID-q8jt-32dy-w7cp"},{"vulnerability":"VCID-reu9-dy33-z7ez"},{"vulnerability":"VCID-wa8k-r4vp-e7hk"},{"vulnerability":"VCID-z6u4-yvcm-gqhm"},{"vulnerability":"VCID-za3a-c9m1-jqgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.12.0"}],"aliases":["CVE-2026-22773","GHSA-grg2-63fw-f2qr","PYSEC-2026-143"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nctw-rz8h-f3af"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48434?format=json","vulnerability_id":"VCID-nhwm-kq25-t3dt","summary":"vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`\nThe /v1/chat/completions and /tokenize endpoints allow a `chat_template_kwargs` request parameter that is used in the code before it is properly validated against the chat template. With the right `chat_template_kwargs` parameters, it is possible to block processing of the API server for long periods of time, delaying all other requests","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62426.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62426.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62426","reference_id":"","reference_type":"","scores":[{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25429","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62426"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://github.com/vllm-project/vllm/blob/2a6dc67eb520ddb9c4138d8b35ed6fe6226997fb/vllm/entrypoints/chat_utils.py#L1602-L1610","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T17:12:00Z/"}],"url":"https://github.com/vllm-project/vllm/blob/2a6dc67eb520ddb9c4138d8b35ed6fe6226997fb/vllm/entrypoints/chat_utils.py#L1602-L1610"},{"reference_url":"https://github.com/vllm-project/vllm/blob/2a6dc67eb520ddb9c4138d8b35ed6fe6226997fb/vllm/entrypoints/openai/serving_engine.py#L809-L814","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T17:12:00Z/"}],"url":"https://github.com/vllm-project/vllm/blob/2a6dc67eb520ddb9c4138d8b35ed6fe6226997fb/vllm/entrypoints/openai/serving_engine.py#L809-L814"},{"reference_url":"https://github.com/vllm-project/vllm/commit/3ada34f9cb4d1af763fdfa3b481862a93eb6bd2b","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T17:12:00Z/"}],"url":"https://github.com/vllm-project/vllm/commit/3ada34f9cb4d1af763fdfa3b481862a93eb6bd2b"},{"reference_url":"https://github.com/vllm-project/vllm/pull/27205","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T17:12:00Z/"}],"url":"https://github.com/vllm-project/vllm/pull/27205"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416278","reference_id":"2416278","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416278"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62426","reference_id":"CVE-2025-62426","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62426"},{"reference_url":"https://github.com/advisories/GHSA-69j4-grxj-j64p","reference_id":"GHSA-69j4-grxj-j64p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-69j4-grxj-j64p"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-69j4-grxj-j64p","reference_id":"GHSA-69j4-grxj-j64p","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T17:12:00Z/"}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-69j4-grxj-j64p"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3461","reference_id":"RHSA-2026:3461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3462","reference_id":"RHSA-2026:3462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3462"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46991?format=json","purl":"pkg:pypi/vllm@0.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6td1-mwvq-u7a6"},{"vulnerability":"VCID-b35p-p399-bqf7"},{"vulnerability":"VCID-ffxe-muxd-p3b3"},{"vulnerability":"VCID-ggsq-9qgx-vyf6"},{"vulnerability":"VCID-nctw-rz8h-f3af"},{"vulnerability":"VCID-q8jt-32dy-w7cp"},{"vulnerability":"VCID-reu9-dy33-z7ez"},{"vulnerability":"VCID-wa8k-r4vp-e7hk"},{"vulnerability":"VCID-z6u4-yvcm-gqhm"},{"vulnerability":"VCID-za3a-c9m1-jqgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.11.1"}],"aliases":["CVE-2025-62426","GHSA-69j4-grxj-j64p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nhwm-kq25-t3dt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57173?format=json","vulnerability_id":"VCID-prmn-2c4w-uuh5","summary":"CVE-2025-24357 Malicious model remote code execution fix bypass with PyTorch < 2.6.0\nhttps://github.com/vllm-project/vllm/security/advisories/GHSA-rh4j-5rhw-hr54 reported a vulnerability where loading a malicious model could result in code execution on the vllm host. The fix applied to specify `weights_only=True` to calls to `torch.load()` did not solve the problem prior to PyTorch 2.6.0.\n\nPyTorch has issued a new CVE about this problem: https://github.com/advisories/GHSA-53q9-r3pm-6pq6\n\nThis means that versions of vLLM using PyTorch before 2.6.0 are vulnerable to this problem.","references":[{"reference_url":"https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-rh4j-5rhw-hr54","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-rh4j-5rhw-hr54"},{"reference_url":"https://github.com/advisories/GHSA-ggpf-24jw-3fcw","reference_id":"GHSA-ggpf-24jw-3fcw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-ggpf-24jw-3fcw"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-ggpf-24jw-3fcw","reference_id":"GHSA-ggpf-24jw-3fcw","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-ggpf-24jw-3fcw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44634?format=json","purl":"pkg:pypi/vllm@0.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e3e-evbg-skcu"},{"vulnerability":"VCID-54rz-whp1-kkhg"},{"vulnerability":"VCID-5c5b-q5we-mfdu"},{"vulnerability":"VCID-5dbv-fmn5-qydp"},{"vulnerability":"VCID-5ec1-1h6d-tuaq"},{"vulnerability":"VCID-8eu5-rcfy-2ygn"},{"vulnerability":"VCID-acke-grhk-37bc"},{"vulnerability":"VCID-c8r5-ks1q-ekcu"},{"vulnerability":"VCID-dng6-6nw2-vkgt"},{"vulnerability":"VCID-e8w2-9rwg-u7ba"},{"vulnerability":"VCID-f8nw-x5ug-kfh7"},{"vulnerability":"VCID-ffxe-muxd-p3b3"},{"vulnerability":"VCID-fxgs-s1vm-8bez"},{"vulnerability":"VCID-ggsq-9qgx-vyf6"},{"vulnerability":"VCID-jgbp-dwqq-dbdp"},{"vulnerability":"VCID-nctw-rz8h-f3af"},{"vulnerability":"VCID-nhwm-kq25-t3dt"},{"vulnerability":"VCID-q5vf-2w1m-4fb1"},{"vulnerability":"VCID-qake-z4ec-wkdu"},{"vulnerability":"VCID-reu9-dy33-z7ez"},{"vulnerability":"VCID-svzy-7pke-2bdr"},{"vulnerability":"VCID-tcng-tr33-zqaa"},{"vulnerability":"VCID-ugds-eqgw-fbbz"},{"vulnerability":"VCID-ut69-5v6z-dyd9"},{"vulnerability":"VCID-wa8k-r4vp-e7hk"},{"vulnerability":"VCID-wgcp-nzu8-47dr"},{"vulnerability":"VCID-za3a-c9m1-jqgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.0"}],"aliases":["GHSA-ggpf-24jw-3fcw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-prmn-2c4w-uuh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57230?format=json","vulnerability_id":"VCID-q5vf-2w1m-4fb1","summary":"Data exposure via ZeroMQ on multi-node vLLM deployment\nIn a multi-node vLLM deployment, vLLM uses ZeroMQ for some multi-node communication purposes. The primary vLLM host opens an `XPUB` ZeroMQ socket and binds it to ALL interfaces. While the socket is always opened for a multi-node deployment, it is only used when doing tensor parallelism across multiple hosts.\n\nAny client with network access to this host can connect to this `XPUB` socket unless its port is blocked by a firewall. Once connected, these arbitrary clients will receive all of the same data broadcasted to all of the secondary vLLM hosts. This data is internal vLLM state information that is not useful to an attacker.\n\nBy potentially connecting to this socket many times and not reading data published to them, an attacker can also cause a denial of service by slowing down or potentially blocking the publisher.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30202.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30202.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30202","reference_id":"","reference_type":"","scores":[{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.6385","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30202"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://github.com/vllm-project/vllm/commit/a0304dc504c85f421d38ef47c64f83046a13641c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T13:16:29Z/"}],"url":"https://github.com/vllm-project/vllm/commit/a0304dc504c85f421d38ef47c64f83046a13641c"},{"reference_url":"https://github.com/vllm-project/vllm/pull/17197","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/pull/17197"},{"reference_url":"https://github.com/vllm-project/vllm/pull/6183","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T13:16:29Z/"}],"url":"https://github.com/vllm-project/vllm/pull/6183"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2355251","reference_id":"2355251","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2355251"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30202","reference_id":"CVE-2025-30202","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30202"},{"reference_url":"https://github.com/advisories/GHSA-9f8f-2vmf-885j","reference_id":"GHSA-9f8f-2vmf-885j","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9f8f-2vmf-885j"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-9f8f-2vmf-885j","reference_id":"GHSA-9f8f-2vmf-885j","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T13:16:29Z/"}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-9f8f-2vmf-885j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45033?format=json","purl":"pkg:pypi/vllm@0.8.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e3e-evbg-skcu"},{"vulnerability":"VCID-54rz-whp1-kkhg"},{"vulnerability":"VCID-5dbv-fmn5-qydp"},{"vulnerability":"VCID-5ec1-1h6d-tuaq"},{"vulnerability":"VCID-8eu5-rcfy-2ygn"},{"vulnerability":"VCID-c8r5-ks1q-ekcu"},{"vulnerability":"VCID-e8w2-9rwg-u7ba"},{"vulnerability":"VCID-f8nw-x5ug-kfh7"},{"vulnerability":"VCID-ffxe-muxd-p3b3"},{"vulnerability":"VCID-ggsq-9qgx-vyf6"},{"vulnerability":"VCID-jgbp-dwqq-dbdp"},{"vulnerability":"VCID-nctw-rz8h-f3af"},{"vulnerability":"VCID-nhwm-kq25-t3dt"},{"vulnerability":"VCID-q8jt-32dy-w7cp"},{"vulnerability":"VCID-qake-z4ec-wkdu"},{"vulnerability":"VCID-reu9-dy33-z7ez"},{"vulnerability":"VCID-svzy-7pke-2bdr"},{"vulnerability":"VCID-ugds-eqgw-fbbz"},{"vulnerability":"VCID-ut69-5v6z-dyd9"},{"vulnerability":"VCID-wa8k-r4vp-e7hk"},{"vulnerability":"VCID-wgcp-nzu8-47dr"},{"vulnerability":"VCID-za3a-c9m1-jqgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.5"}],"aliases":["CVE-2025-30202","GHSA-9f8f-2vmf-885j"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q5vf-2w1m-4fb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61813?format=json","vulnerability_id":"VCID-reu9-dy33-z7ez","summary":"vllm: vllm: Uninitialized resource in KV Block Handler via has_mamba_layers function","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7141.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7141.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7141","reference_id":"","reference_type":"","scores":[{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22776","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7141"},{"reference_url":"https://github.com/AjAnubolu/vllm/commit/1ad67864c0c20f167929e64c875f5c28e1aad9fd","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T17:41:12Z/"}],"url":"https://github.com/AjAnubolu/vllm/commit/1ad67864c0c20f167929e64c875f5c28e1aad9fd"},{"reference_url":"https://github.com/vllm-project/vllm/issues/39146","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T17:41:12Z/"}],"url":"https://github.com/vllm-project/vllm/issues/39146"},{"reference_url":"https://github.com/vllm-project/vllm/issues/39146#issue-4215090365","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T17:41:12Z/"}],"url":"https://github.com/vllm-project/vllm/issues/39146#issue-4215090365"},{"reference_url":"https://github.com/vllm-project/vllm/pull/39283","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T17:41:12Z/"}],"url":"https://github.com/vllm-project/vllm/pull/39283"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-7141","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-7141"},{"reference_url":"https://vuldb.com/submit/801297","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T17:41:12Z/"}],"url":"https://vuldb.com/submit/801297"},{"reference_url":"https://vuldb.com/vuln/359740","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T17:41:12Z/"}],"url":"https://vuldb.com/vuln/359740"},{"reference_url":"https://vuldb.com/vuln/359740/cti","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T17:41:12Z/"}],"url":"https://vuldb.com/vuln/359740/cti"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2463365","reference_id":"2463365","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2463365"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-x368-4g9h-fvv4","reference_id":"GHSA-x368-4g9h-fvv4","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-x368-4g9h-fvv4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50314?format=json","purl":"pkg:pypi/vllm@0.19.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jzjy-kj6h-4bas"},{"vulnerability":"VCID-wa8k-r4vp-e7hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.19.1"}],"aliases":["CVE-2026-7141","GHSA-x368-4g9h-fvv4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-reu9-dy33-z7ez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37071?format=json","vulnerability_id":"VCID-svzy-7pke-2bdr","summary":"vLLM is an inference and serving engine for large language models (LLMs). In versions starting from 0.7.0 to before 0.9.0, in the file vllm/multimodal/hasher.py, the MultiModalHasher class has a security and data integrity issue in its image hashing method. Currently, it serializes PIL.Image.Image objects using only obj.tobytes(), which returns only the raw pixel data, without including metadata such as the image’s shape (width, height, mode). As a result, two images of different sizes (e.g., 30x100 and 100x30) with the same pixel byte sequence could generate the same hash value. This may lead to hash collisions, incorrect cache hits, and even data leakage or security risks. This issue has been patched in version 0.9.0.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46722.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46722.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-46722","reference_id":"","reference_type":"","scores":[{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.46088","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-46722"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2025-43.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2025-43.yaml"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://github.com/vllm-project/vllm/commit/99404f53c72965b41558aceb1bc2380875f5d848","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T18:12:29Z/"}],"url":"https://github.com/vllm-project/vllm/commit/99404f53c72965b41558aceb1bc2380875f5d848"},{"reference_url":"https://github.com/vllm-project/vllm/pull/17378","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T18:12:29Z/"}],"url":"https://github.com/vllm-project/vllm/pull/17378"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-c65p-x677-fgj6","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T18:12:29Z/"}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-c65p-x677-fgj6"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2369221","reference_id":"2369221","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2369221"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-46722","reference_id":"CVE-2025-46722","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-46722"},{"reference_url":"https://github.com/advisories/GHSA-c65p-x677-fgj6","reference_id":"GHSA-c65p-x677-fgj6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-c65p-x677-fgj6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45283?format=json","purl":"pkg:pypi/vllm@0.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e3e-evbg-skcu"},{"vulnerability":"VCID-5dbv-fmn5-qydp"},{"vulnerability":"VCID-8eu5-rcfy-2ygn"},{"vulnerability":"VCID-f8nw-x5ug-kfh7"},{"vulnerability":"VCID-ffxe-muxd-p3b3"},{"vulnerability":"VCID-ggsq-9qgx-vyf6"},{"vulnerability":"VCID-jgbp-dwqq-dbdp"},{"vulnerability":"VCID-nctw-rz8h-f3af"},{"vulnerability":"VCID-nhwm-kq25-t3dt"},{"vulnerability":"VCID-q8jt-32dy-w7cp"},{"vulnerability":"VCID-reu9-dy33-z7ez"},{"vulnerability":"VCID-ut69-5v6z-dyd9"},{"vulnerability":"VCID-wa8k-r4vp-e7hk"},{"vulnerability":"VCID-za3a-c9m1-jqgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.9.0"}],"aliases":["CVE-2025-46722","GHSA-c65p-x677-fgj6","PYSEC-2025-43"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-svzy-7pke-2bdr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36995?format=json","vulnerability_id":"VCID-u659-sd9h-tkf3","summary":"vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. When vLLM is configured to use Mooncake, unsafe deserialization exposed directly over ZMQ/TCP on all network interfaces will allow attackers to execute remote code on distributed hosts. This is a remote code execution vulnerability impacting any deployments using Mooncake to distribute KV across distributed hosts. This vulnerability is fixed in 0.8.0.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-29783.json","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-29783.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-29783","reference_id":"","reference_type":"","scores":[{"value":"0.02122","scoring_system":"epss","scoring_elements":"0.84487","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-29783"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2025-63.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2025-63.yaml"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://github.com/vllm-project/vllm/commit/288ca110f68d23909728627d3100e5a8db820aa2","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-19T18:30:27Z/"}],"url":"https://github.com/vllm-project/vllm/commit/288ca110f68d23909728627d3100e5a8db820aa2"},{"reference_url":"https://github.com/vllm-project/vllm/pull/14228","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-19T18:30:27Z/"}],"url":"https://github.com/vllm-project/vllm/pull/14228"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-x3m8-f7g5-qhm7","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-19T18:30:27Z/"}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-x3m8-f7g5-qhm7"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2353374","reference_id":"2353374","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2353374"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-29783","reference_id":"CVE-2025-29783","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-29783"},{"reference_url":"https://github.com/advisories/GHSA-x3m8-f7g5-qhm7","reference_id":"GHSA-x3m8-f7g5-qhm7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-x3m8-f7g5-qhm7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44634?format=json","purl":"pkg:pypi/vllm@0.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e3e-evbg-skcu"},{"vulnerability":"VCID-54rz-whp1-kkhg"},{"vulnerability":"VCID-5c5b-q5we-mfdu"},{"vulnerability":"VCID-5dbv-fmn5-qydp"},{"vulnerability":"VCID-5ec1-1h6d-tuaq"},{"vulnerability":"VCID-8eu5-rcfy-2ygn"},{"vulnerability":"VCID-acke-grhk-37bc"},{"vulnerability":"VCID-c8r5-ks1q-ekcu"},{"vulnerability":"VCID-dng6-6nw2-vkgt"},{"vulnerability":"VCID-e8w2-9rwg-u7ba"},{"vulnerability":"VCID-f8nw-x5ug-kfh7"},{"vulnerability":"VCID-ffxe-muxd-p3b3"},{"vulnerability":"VCID-fxgs-s1vm-8bez"},{"vulnerability":"VCID-ggsq-9qgx-vyf6"},{"vulnerability":"VCID-jgbp-dwqq-dbdp"},{"vulnerability":"VCID-nctw-rz8h-f3af"},{"vulnerability":"VCID-nhwm-kq25-t3dt"},{"vulnerability":"VCID-q5vf-2w1m-4fb1"},{"vulnerability":"VCID-qake-z4ec-wkdu"},{"vulnerability":"VCID-reu9-dy33-z7ez"},{"vulnerability":"VCID-svzy-7pke-2bdr"},{"vulnerability":"VCID-tcng-tr33-zqaa"},{"vulnerability":"VCID-ugds-eqgw-fbbz"},{"vulnerability":"VCID-ut69-5v6z-dyd9"},{"vulnerability":"VCID-wa8k-r4vp-e7hk"},{"vulnerability":"VCID-wgcp-nzu8-47dr"},{"vulnerability":"VCID-za3a-c9m1-jqgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.0"}],"aliases":["CVE-2025-29783","GHSA-x3m8-f7g5-qhm7","PYSEC-2025-63"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u659-sd9h-tkf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37074?format=json","vulnerability_id":"VCID-ugds-eqgw-fbbz","summary":"vLLM, an inference and serving engine for large language models (LLMs), has a Regular Expression Denial of Service (ReDoS) vulnerability in the file `vllm/entrypoints/openai/tool_parsers/pythonic_tool_parser.py` of versions 0.6.4 up to but excluding 0.9.0. The root cause is the use of a highly complex and nested regular expression for tool call detection, which can be exploited by an attacker to cause severe performance degradation or make the service unavailable. The pattern contains multiple nested quantifiers, optional groups, and inner repetitions which make it vulnerable to catastrophic backtracking. Version 0.9.0 contains a patch for the issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48887.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48887.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48887","reference_id":"","reference_type":"","scores":[{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57367","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48887"},{"reference_url":"https://github.com/vllm-project/vllm/commit/4fc1bf813ad80172c1db31264beaef7d93fe0601","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T17:58:00Z/"}],"url":"https://github.com/vllm-project/vllm/commit/4fc1bf813ad80172c1db31264beaef7d93fe0601"},{"reference_url":"https://github.com/vllm-project/vllm/pull/18454","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T17:58:00Z/"}],"url":"https://github.com/vllm-project/vllm/pull/18454"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-w6q7-j642-7c25","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T17:58:00Z/"}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-w6q7-j642-7c25"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2369467","reference_id":"2369467","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2369467"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45283?format=json","purl":"pkg:pypi/vllm@0.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e3e-evbg-skcu"},{"vulnerability":"VCID-5dbv-fmn5-qydp"},{"vulnerability":"VCID-8eu5-rcfy-2ygn"},{"vulnerability":"VCID-f8nw-x5ug-kfh7"},{"vulnerability":"VCID-ffxe-muxd-p3b3"},{"vulnerability":"VCID-ggsq-9qgx-vyf6"},{"vulnerability":"VCID-jgbp-dwqq-dbdp"},{"vulnerability":"VCID-nctw-rz8h-f3af"},{"vulnerability":"VCID-nhwm-kq25-t3dt"},{"vulnerability":"VCID-q8jt-32dy-w7cp"},{"vulnerability":"VCID-reu9-dy33-z7ez"},{"vulnerability":"VCID-ut69-5v6z-dyd9"},{"vulnerability":"VCID-wa8k-r4vp-e7hk"},{"vulnerability":"VCID-za3a-c9m1-jqgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.9.0"}],"aliases":["CVE-2025-48887","PYSEC-2025-50"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ugds-eqgw-fbbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57927?format=json","vulnerability_id":"VCID-ut69-5v6z-dyd9","summary":"vllm API endpoints vulnerable to Denial of Service Attacks\nA Denial of Service (DoS) vulnerability can be triggered by sending a single HTTP GET request with an extremely large header to an HTTP endpoint. This results in server memory exhaustion, potentially leading to a crash or unresponsiveness. The attack does not require authentication, making it exploitable by any remote user.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48956.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48956.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48956","reference_id":"","reference_type":"","scores":[{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.54171","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48956"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://github.com/vllm-project/vllm/commit/d8b736f913a59117803d6701521d2e4861701944","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-21T15:01:51Z/"}],"url":"https://github.com/vllm-project/vllm/commit/d8b736f913a59117803d6701521d2e4861701944"},{"reference_url":"https://github.com/vllm-project/vllm/pull/23267","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-21T15:01:51Z/"}],"url":"https://github.com/vllm-project/vllm/pull/23267"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2372522","reference_id":"2372522","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2372522"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48956","reference_id":"CVE-2025-48956","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48956"},{"reference_url":"https://github.com/advisories/GHSA-rxc4-3w6r-4v47","reference_id":"GHSA-rxc4-3w6r-4v47","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rxc4-3w6r-4v47"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-rxc4-3w6r-4v47","reference_id":"GHSA-rxc4-3w6r-4v47","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-21T15:01:51Z/"}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-rxc4-3w6r-4v47"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19421","reference_id":"RHSA-2025:19421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19422","reference_id":"RHSA-2025:19422","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19422"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19423","reference_id":"RHSA-2025:19423","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19423"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19424","reference_id":"RHSA-2025:19424","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19424"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19425","reference_id":"RHSA-2025:19425","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19425"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19426","reference_id":"RHSA-2025:19426","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19426"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19427","reference_id":"RHSA-2025:19427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19428","reference_id":"RHSA-2025:19428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19429","reference_id":"RHSA-2025:19429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19429"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19430","reference_id":"RHSA-2025:19430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19430"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3713","reference_id":"RHSA-2026:3713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3713"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46988?format=json","purl":"pkg:pypi/vllm@0.10.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e3e-evbg-skcu"},{"vulnerability":"VCID-5dbv-fmn5-qydp"},{"vulnerability":"VCID-6td1-mwvq-u7a6"},{"vulnerability":"VCID-8eu5-rcfy-2ygn"},{"vulnerability":"VCID-b35p-p399-bqf7"},{"vulnerability":"VCID-f8nw-x5ug-kfh7"},{"vulnerability":"VCID-ffxe-muxd-p3b3"},{"vulnerability":"VCID-ggsq-9qgx-vyf6"},{"vulnerability":"VCID-jgbp-dwqq-dbdp"},{"vulnerability":"VCID-nctw-rz8h-f3af"},{"vulnerability":"VCID-nhwm-kq25-t3dt"},{"vulnerability":"VCID-q8jt-32dy-w7cp"},{"vulnerability":"VCID-reu9-dy33-z7ez"},{"vulnerability":"VCID-wa8k-r4vp-e7hk"},{"vulnerability":"VCID-za3a-c9m1-jqgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.10.1.1"}],"aliases":["CVE-2025-48956","GHSA-rxc4-3w6r-4v47"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ut69-5v6z-dyd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95131?format=json","vulnerability_id":"VCID-wa8k-r4vp-e7hk","summary":"vLLM Vulnerable to Remote DoS via Special-Token Placeholders\n## Summary\nThis report explains a Token Injection vulnerability in vLLM’s multimodal processing. Unauthenticated, text-only prompts that spell special tokens are interpreted as control. Image and video placeholder sequences supplied without matching data cause vLLM to index into empty grids during input-position computation, raising an unhandled IndexError and terminating the worker or degrading availability. Multimodal paths that rely on `image_grid_thw`/`video_grid_thw` are affected. Severity: High (remote DoS). Reproduced on vLLM 0.10.0 with Qwen2.5-VL.\n\n## Details\n- Affected component: multimodal input position computation.\n- File/functions (paths are indicative):\n  - vllm/model_executor/layers/rotary_embedding.py\n    - get_input_positions_tensor(...)\n    - _vl_get_input_positions_tensor(...)\n- Failure mechanism:\n  - The code counts detected vision tokens and then indexes video_grid_thw/image_grid_thw accordingly.\n  - When user input carries placeholder tokens but no actual multimodal payload, these grids are empty. The code does not bounds-check before indexing.\n\nRepresentative snippet (context):\n```python\n# vllm/model_executor/layers/rotary_embedding.py\n@classmethod\ndef _vl_get_input_positions_tensor(\n    cls,\n    input_tokens,\n    hf_config,\n    image_grid_thw,\n    video_grid_thw,\n    ...,\n):\n    # detect video tokens\n    video_nums = (vision_tokens == video_token_id).sum()\n    # later in processing\n    t, h, w = (\n        video_grid_thw[video_index][0],  # IndexError if no video data\n        video_grid_thw[video_index][1],\n        video_grid_thw[video_index][2],\n    )\n```\n\nAbbreviated call path:\n```\nOpenAI API request\n → vllm.v1.engine.core: step/execute_model\n → vllm.v1.worker.gpu_model_runner: _update_states/execute_model\n → vllm.model_executor.layers.rotary_embedding: get_input_positions_tensor\n → _vl_get_input_positions_tensor\n → IndexError: list index out of range\n```\n\n## PoC\n### Environment\n- vLLM: 0.10.0\n- Model: Qwen/Qwen2.5-VL-3B-Instruct\n- Launch server:\n```bash\npython -m vllm.entrypoints.openai.api_server \\\n  --model Qwen/Qwen2.5-VL-3B-Instruct \\\n  --port 8000\n```\n\n### Request (text-only, no image/video data)\n```bash\ncat > request.json <<'JSON'\n{\n  \"model\": \"Qwen/Qwen2.5-VL-3B-Instruct\",\n  \"messages\": [\n    {\n      \"role\": \"user\",\n      \"content\": [\n        { \"type\": \"text\",\n          \"text\": \"what's in picture <|vision_start|><|image_pad|><|vision_end|>\" }\n      ]\n    }\n  ]\n}\nJSON\n\ncurl -s http://127.0.0.1:8000/v1/chat/completions \\\n  -H 'Content-Type: application/json' \\\n  --data @request.json\n```\n\n### Observed result\n- HTTP 500; logs show IndexError: list index out of range from _vl_get_input_positions_tensor(...).\n- In some deployments, the worker exits and capacity remains reduced until manual restart.\n\n## Impact\n- Type: Token Injection leading to Remote Denial of Service (unauthenticated). A single request can trigger the fault.\n- Scope: Any vLLM deployment that serves VLMs and accepts raw user text via OpenAI-compatible endpoints (self-hosted or proxied/managed fronts).\n- Effect: Request → unhandled exception in position computation → worker termination / service unavailability.\n\n## Fixes\n\n* Changes associated with https://github.com/vllm-project/vllm/issues/32656\n\n## Credits\nPengyu Ding (Infra Security, Ant Group)  \nZiteng Xu (Infra Security, Ant Group)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44222","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02964","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44222"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://github.com/vllm-project/vllm/issues/32656","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T12:24:39Z/"}],"url":"https://github.com/vllm-project/vllm/issues/32656"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-hpv8-x276-m59f","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T12:24:39Z/"}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-hpv8-x276-m59f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44222","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44222"},{"reference_url":"https://github.com/advisories/GHSA-hpv8-x276-m59f","reference_id":"GHSA-hpv8-x276-m59f","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hpv8-x276-m59f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50315?format=json","purl":"pkg:pypi/vllm@0.20.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.20.0"}],"aliases":["CVE-2026-44222","GHSA-hpv8-x276-m59f"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wa8k-r4vp-e7hk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57262?format=json","vulnerability_id":"VCID-wgcp-nzu8-47dr","summary":"Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration\nIn a multi-node vLLM deployment using the V0 engine, vLLM uses ZeroMQ for some multi-node communication purposes. The secondary vLLM hosts open a `SUB` ZeroMQ socket and connect to an `XPUB` socket on the primary vLLM host.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30165.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30165.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30165","reference_id":"","reference_type":"","scores":[{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.63023","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30165"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://github.com/vllm-project/vllm/blob/c21b99b91241409c2fdf9f3f8c542e8748b317be/vllm/distributed/device_communicators/shm_broadcast.py#L295-L301","reference_id":"","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-06T17:22:47Z/"}],"url":"https://github.com/vllm-project/vllm/blob/c21b99b91241409c2fdf9f3f8c542e8748b317be/vllm/distributed/device_communicators/shm_broadcast.py#L295-L301"},{"reference_url":"https://github.com/vllm-project/vllm/blob/c21b99b91241409c2fdf9f3f8c542e8748b317be/vllm/distributed/device_communicators/shm_broadcast.py#L468-L470","reference_id":"","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-06T17:22:47Z/"}],"url":"https://github.com/vllm-project/vllm/blob/c21b99b91241409c2fdf9f3f8c542e8748b317be/vllm/distributed/device_communicators/shm_broadcast.py#L468-L470"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2355250","reference_id":"2355250","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2355250"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30165","reference_id":"CVE-2025-30165","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30165"},{"reference_url":"https://github.com/advisories/GHSA-9pcc-gvx5-r5wm","reference_id":"GHSA-9pcc-gvx5-r5wm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9pcc-gvx5-r5wm"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-9pcc-gvx5-r5wm","reference_id":"GHSA-9pcc-gvx5-r5wm","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-06T17:22:47Z/"}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-9pcc-gvx5-r5wm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46986?format=json","purl":"pkg:pypi/vllm@0.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e3e-evbg-skcu"},{"vulnerability":"VCID-5dbv-fmn5-qydp"},{"vulnerability":"VCID-8eu5-rcfy-2ygn"},{"vulnerability":"VCID-f8nw-x5ug-kfh7"},{"vulnerability":"VCID-ffxe-muxd-p3b3"},{"vulnerability":"VCID-ggsq-9qgx-vyf6"},{"vulnerability":"VCID-gusq-npjb-6qc5"},{"vulnerability":"VCID-jgbp-dwqq-dbdp"},{"vulnerability":"VCID-nctw-rz8h-f3af"},{"vulnerability":"VCID-nhwm-kq25-t3dt"},{"vulnerability":"VCID-q8jt-32dy-w7cp"},{"vulnerability":"VCID-reu9-dy33-z7ez"},{"vulnerability":"VCID-ut69-5v6z-dyd9"},{"vulnerability":"VCID-wa8k-r4vp-e7hk"},{"vulnerability":"VCID-za3a-c9m1-jqgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.10.0"}],"aliases":["CVE-2025-30165","GHSA-9pcc-gvx5-r5wm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wgcp-nzu8-47dr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37260?format=json","vulnerability_id":"VCID-za3a-c9m1-jqgz","summary":"vLLM is an inference and serving engine for large language models (LLMs). From 0.7.0 to before 0.19.0, the VideoMediaIO.load_base64() method at vllm/multimodal/media/video.py splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The num_frames parameter (default: 32), which is enforced by the load_bytes() code path, is completely bypassed in the video/jpeg base64 path. An attacker can send a single API request containing thousands of comma-separated base64-encoded JPEG frames, causing the server to decode all frames into memory and crash with OOM. This vulnerability is fixed in 0.19.0.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34755.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34755.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34755","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17216","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34755"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://github.com/vllm-project/vllm/commit/58ee61422169ce17e08248f8efa1e9df434fe395","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/commit/58ee61422169ce17e08248f8efa1e9df434fe395"},{"reference_url":"https://github.com/vllm-project/vllm/pull/38636","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/pull/38636"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-pq5c-rjhq-qp7p","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T18:36:13Z/"}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-pq5c-rjhq-qp7p"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34755","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34755"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455403","reference_id":"2455403","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455403"},{"reference_url":"https://github.com/advisories/GHSA-pq5c-rjhq-qp7p","reference_id":"GHSA-pq5c-rjhq-qp7p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pq5c-rjhq-qp7p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49120?format=json","purl":"pkg:pypi/vllm@0.19.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jzjy-kj6h-4bas"},{"vulnerability":"VCID-reu9-dy33-z7ez"},{"vulnerability":"VCID-wa8k-r4vp-e7hk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.19.0"}],"aliases":["CVE-2026-34755","GHSA-pq5c-rjhq-qp7p","PYSEC-2026-144"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-za3a-c9m1-jqgz"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36972?format=json","vulnerability_id":"VCID-737m-tpkz-qffm","summary":"vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. Prefix caching makes use of Python's built-in hash() function. As of Python 3.12, the behavior of hash(None) has changed to be a predictable constant value. This makes it more feasible that someone could try exploit hash collisions. The impact of a collision would be using cache that was generated using different content. Given knowledge of prompts in use and predictable hashing behavior, someone could intentionally populate the cache using a prompt known to collide with another prompt in use. This issue has been addressed in version 0.7.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25183.json","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25183.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-25183","reference_id":"","reference_type":"","scores":[{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55729","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-25183"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2025-62.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2025-62.yaml"},{"reference_url":"https://github.com/python/cpython/commit/432117cd1f59c76d97da2eaff55a7d758301dbc7","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T20:33:57Z/"}],"url":"https://github.com/python/cpython/commit/432117cd1f59c76d97da2eaff55a7d758301dbc7"},{"reference_url":"https://github.com/python/cpython/pull/99541","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python/cpython/pull/99541"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://github.com/vllm-project/vllm/commit/73b35cca7f3745d07d439c197768b25d88b6ab7f","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/commit/73b35cca7f3745d07d439c197768b25d88b6ab7f"},{"reference_url":"https://github.com/vllm-project/vllm/pull/12621","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T20:33:57Z/"}],"url":"https://github.com/vllm-project/vllm/pull/12621"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-rm76-4mrf-v9r8","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T20:33:57Z/"}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-rm76-4mrf-v9r8"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2344292","reference_id":"2344292","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2344292"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-25183","reference_id":"CVE-2025-25183","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-25183"},{"reference_url":"https://github.com/advisories/GHSA-rm76-4mrf-v9r8","reference_id":"GHSA-rm76-4mrf-v9r8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rm76-4mrf-v9r8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44390?format=json","purl":"pkg:pypi/vllm@0.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e3e-evbg-skcu"},{"vulnerability":"VCID-54rz-whp1-kkhg"},{"vulnerability":"VCID-5c5b-q5we-mfdu"},{"vulnerability":"VCID-5dbv-fmn5-qydp"},{"vulnerability":"VCID-8eu5-rcfy-2ygn"},{"vulnerability":"VCID-acke-grhk-37bc"},{"vulnerability":"VCID-dng6-6nw2-vkgt"},{"vulnerability":"VCID-e8w2-9rwg-u7ba"},{"vulnerability":"VCID-f8nw-x5ug-kfh7"},{"vulnerability":"VCID-ffxe-muxd-p3b3"},{"vulnerability":"VCID-fxgs-s1vm-8bez"},{"vulnerability":"VCID-ggsq-9qgx-vyf6"},{"vulnerability":"VCID-jgbp-dwqq-dbdp"},{"vulnerability":"VCID-k1qz-xe9c-2bg3"},{"vulnerability":"VCID-nctw-rz8h-f3af"},{"vulnerability":"VCID-nhwm-kq25-t3dt"},{"vulnerability":"VCID-prmn-2c4w-uuh5"},{"vulnerability":"VCID-q5vf-2w1m-4fb1"},{"vulnerability":"VCID-reu9-dy33-z7ez"},{"vulnerability":"VCID-svzy-7pke-2bdr"},{"vulnerability":"VCID-u659-sd9h-tkf3"},{"vulnerability":"VCID-ugds-eqgw-fbbz"},{"vulnerability":"VCID-ut69-5v6z-dyd9"},{"vulnerability":"VCID-wa8k-r4vp-e7hk"},{"vulnerability":"VCID-wgcp-nzu8-47dr"},{"vulnerability":"VCID-za3a-c9m1-jqgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.7.2"}],"aliases":["CVE-2025-25183","GHSA-rm76-4mrf-v9r8","PYSEC-2025-62"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-737m-tpkz-qffm"}],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.7.2"}