{"url":"http://public2.vulnerablecode.io/api/packages/86933?format=json","purl":"pkg:pypi/vllm@0.6.1.post2","type":"pypi","namespace":"","name":"vllm","version":"0.6.1.post2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.20.0","latest_non_vulnerable_version":"0.22.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360486?format=json","vulnerability_id":"VCID-11fx-q5je-ruah","summary":"CVE-2025-24357 Malicious model remote code execution fix bypass with PyTorch < 2.6.0\n## Description\n\nhttps://github.com/vllm-project/vllm/security/advisories/GHSA-rh4j-5rhw-hr54 reported a vulnerability where loading a malicious model could result in code execution on the vllm host. The fix applied to specify `weights_only=True` to calls to `torch.load()` did not solve the problem prior to PyTorch 2.6.0.\n\nPyTorch has issued a new CVE about this problem: https://github.com/advisories/GHSA-53q9-r3pm-6pq6\n\nThis means that versions of vLLM using PyTorch before 2.6.0 are vulnerable to this problem.\n## Background Knowledge\nWhen users install VLLM according to the official manual\n![image](https://github.com/user-attachments/assets/d17e0bdb-26f2-46d6-adf6-0b17e5ddf5c7)\n\nBut the version of PyTorch is specified in the requirements. txt file\n![image](https://github.com/user-attachments/assets/94aad622-ad6d-4741-b772-c342727c58c7)\n\nSo by default when the user install VLLM, it will install the PyTorch with version 2.5.1\n![image](https://github.com/user-attachments/assets/04ff31b0-aad1-490a-963d-00fda91da47b)\n\nIn CVE-2025-24357, weights_only=True was used for patching, but we know this is not secure.\nBecause we found that using Weights_only=True in pyTorch before 2.5.1 was unsafe\n\nHere, we use this interface to prove that it is not safe.\n![image](https://github.com/user-attachments/assets/0d86efcd-2aad-42a2-8ac6-cc96b054c925)\n\n\n## Fix\nupdate PyTorch version to 2.6.0\n\n## Credit\nThis vulnerability was found By Ji'an Zhou and Li'shuo Song","references":[{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-ggpf-24jw-3fcw","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-ggpf-24jw-3fcw"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-rh4j-5rhw-hr54","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-rh4j-5rhw-hr54"},{"reference_url":"https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6","reference_id":"GHSA-53q9-r3pm-6pq6","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6"},{"reference_url":"https://github.com/advisories/GHSA-ggpf-24jw-3fcw","reference_id":"GHSA-ggpf-24jw-3fcw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-ggpf-24jw-3fcw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87066?format=json","purl":"pkg:pypi/vllm@0.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13vf-fjdh-auft"},{"vulnerability":"VCID-1hpy-jf1r-gkdb"},{"vulnerability":"VCID-2y7a-2pme-63ct"},{"vulnerability":"VCID-34qx-sfdb-tbh6"},{"vulnerability":"VCID-3fw7-eqn1-rkax"},{"vulnerability":"VCID-7ncr-qr8a-fkdx"},{"vulnerability":"VCID-8smp-5qe4-67ez"},{"vulnerability":"VCID-a6yw-hvfn-d7fd"},{"vulnerability":"VCID-am6k-xmjj-vfg7"},{"vulnerability":"VCID-aqfc-f15d-t7au"},{"vulnerability":"VCID-f2nx-ue5s-afc2"},{"vulnerability":"VCID-free-2d58-zkcc"},{"vulnerability":"VCID-g5xs-nywz-yyd1"},{"vulnerability":"VCID-gw7f-usg9-pqf6"},{"vulnerability":"VCID-gwtv-bfhe-6yeq"},{"vulnerability":"VCID-hx49-mkrg-9fd9"},{"vulnerability":"VCID-jebn-qbde-hucm"},{"vulnerability":"VCID-k2s5-nvyn-sbcm"},{"vulnerability":"VCID-qcre-r2c3-r3b1"},{"vulnerability":"VCID-s9jr-c3uv-yqgb"},{"vulnerability":"VCID-sau3-juet-8kdn"},{"vulnerability":"VCID-ufp6-jyp8-8ua3"},{"vulnerability":"VCID-uhsj-xqts-mqfv"},{"vulnerability":"VCID-vqms-v3s3-gkg8"},{"vulnerability":"VCID-vz3s-bpav-cuck"},{"vulnerability":"VCID-wtdh-z9fk-akh6"},{"vulnerability":"VCID-xq4r-415c-s3d5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.0"}],"aliases":["GHSA-ggpf-24jw-3fcw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-11fx-q5je-ruah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212284?format=json","vulnerability_id":"VCID-13vf-fjdh-auft","summary":"vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61620.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61620.json"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://github.com/vllm-project/vllm/commit/7977e5027c2250a4abc1f474c5619c40b4e5682f","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/commit/7977e5027c2250a4abc1f474c5619c40b4e5682f"},{"reference_url":"https://github.com/vllm-project/vllm/pull/25794","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/pull/25794"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2401761","reference_id":"2401761","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2401761"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61620","reference_id":"CVE-2025-61620","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61620"},{"reference_url":"https://github.com/advisories/GHSA-6fvq-23cw-5628","reference_id":"GHSA-6fvq-23cw-5628","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6fvq-23cw-5628"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-6fvq-23cw-5628","reference_id":"GHSA-6fvq-23cw-5628","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-6fvq-23cw-5628"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3461","reference_id":"RHSA-2026:3461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3462","reference_id":"RHSA-2026:3462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3462"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34107?format=json","purl":"pkg:pypi/vllm@0.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-34qx-sfdb-tbh6"},{"vulnerability":"VCID-3aq5-p58q-rkc1"},{"vulnerability":"VCID-3fw7-eqn1-rkax"},{"vulnerability":"VCID-aqfc-f15d-t7au"},{"vulnerability":"VCID-bt14-866q-hyb3"},{"vulnerability":"VCID-chgg-x8v7-fqdh"},{"vulnerability":"VCID-eqz9-e9m3-5uez"},{"vulnerability":"VCID-gw7f-usg9-pqf6"},{"vulnerability":"VCID-gwtv-bfhe-6yeq"},{"vulnerability":"VCID-hx49-mkrg-9fd9"},{"vulnerability":"VCID-jebn-qbde-hucm"},{"vulnerability":"VCID-wtdh-z9fk-akh6"},{"vulnerability":"VCID-xq4r-415c-s3d5"},{"vulnerability":"VCID-yj6x-r153-vkge"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.11.0"}],"aliases":["CVE-2025-61620","GHSA-6fvq-23cw-5628"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-13vf-fjdh-auft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74856?format=json","vulnerability_id":"VCID-34qx-sfdb-tbh6","summary":"vLLM is an inference and serving engine for large language models (LLMs). From 0.1.0 to before 0.19.0, a Denial of Service vulnerability exists in the vLLM OpenAI-compatible API server. Due to the lack of an upper bound validation on the n parameter in the ChatCompletionRequest and CompletionRequest Pydantic models, an unauthenticated attacker can send a single HTTP request with an astronomically large n value. This completely blocks the Python asyncio event loop and causes immediate Out-Of-Memory crashes by allocating millions of request object copies in the heap before the request even reaches the scheduling queue. This vulnerability is fixed in 0.19.0.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34756.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34756.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34756","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15625","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34756"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34756","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34756"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455425","reference_id":"2455425","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455425"},{"reference_url":"https://github.com/vllm-project/vllm/pull/37952","reference_id":"37952","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:16:25Z/"}],"url":"https://github.com/vllm-project/vllm/pull/37952"},{"reference_url":"https://github.com/vllm-project/vllm/commit/b111f8a61f100fdca08706f41f29ef3548de7380","reference_id":"b111f8a61f100fdca08706f41f29ef3548de7380","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:16:25Z/"}],"url":"https://github.com/vllm-project/vllm/commit/b111f8a61f100fdca08706f41f29ef3548de7380"},{"reference_url":"https://github.com/advisories/GHSA-3mwp-wvh9-7528","reference_id":"GHSA-3mwp-wvh9-7528","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3mwp-wvh9-7528"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-3mwp-wvh9-7528","reference_id":"GHSA-3mwp-wvh9-7528","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:16:25Z/"}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-3mwp-wvh9-7528"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/91798?format=json","purl":"pkg:pypi/vllm@0.19.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pyp-7waw-jyfj"},{"vulnerability":"VCID-3fw7-eqn1-rkax"},{"vulnerability":"VCID-gw7f-usg9-pqf6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.19.0"}],"aliases":["CVE-2026-34756","GHSA-3mwp-wvh9-7528"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-34qx-sfdb-tbh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72417?format=json","vulnerability_id":"VCID-3fw7-eqn1-rkax","summary":"A vulnerability was found in vllm up to 0.19.0. The affected element is the function has_mamba_layers of the file vllm/v1/kv_cache_interface.py of the component KV Block Handler. Performing a manipulation results in uninitialized resource. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is described as difficult. The exploit has been made public and could be used. The patch is named 1ad67864c0c20f167929e64c875f5c28e1aad9fd. To fix this issue, it is recommended to deploy a patch.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7141.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7141.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7141","reference_id":"","reference_type":"","scores":[{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22703","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7141"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-7141","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-7141"},{"reference_url":"https://github.com/AjAnubolu/vllm/commit/1ad67864c0c20f167929e64c875f5c28e1aad9fd","reference_id":"1ad67864c0c20f167929e64c875f5c28e1aad9fd","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T17:41:12Z/"}],"url":"https://github.com/AjAnubolu/vllm/commit/1ad67864c0c20f167929e64c875f5c28e1aad9fd"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2463365","reference_id":"2463365","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2463365"},{"reference_url":"https://vuldb.com/vuln/359740","reference_id":"359740","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T17:41:12Z/"}],"url":"https://vuldb.com/vuln/359740"},{"reference_url":"https://github.com/vllm-project/vllm/issues/39146","reference_id":"39146","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T17:41:12Z/"}],"url":"https://github.com/vllm-project/vllm/issues/39146"},{"reference_url":"https://github.com/vllm-project/vllm/issues/39146#issue-4215090365","reference_id":"39146#issue-4215090365","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T17:41:12Z/"}],"url":"https://github.com/vllm-project/vllm/issues/39146#issue-4215090365"},{"reference_url":"https://github.com/vllm-project/vllm/pull/39283","reference_id":"39283","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T17:41:12Z/"}],"url":"https://github.com/vllm-project/vllm/pull/39283"},{"reference_url":"https://vuldb.com/submit/801297","reference_id":"801297","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T17:41:12Z/"}],"url":"https://vuldb.com/submit/801297"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*"},{"reference_url":"https://vuldb.com/vuln/359740/cti","reference_id":"cti","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-27T17:41:12Z/"}],"url":"https://vuldb.com/vuln/359740/cti"},{"reference_url":"https://github.com/advisories/GHSA-x368-4g9h-fvv4","reference_id":"GHSA-x368-4g9h-fvv4","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x368-4g9h-fvv4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93083?format=json","purl":"pkg:pypi/vllm@0.19.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pyp-7waw-jyfj"},{"vulnerability":"VCID-gw7f-usg9-pqf6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.19.1"}],"aliases":["CVE-2026-7141","GHSA-x368-4g9h-fvv4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3fw7-eqn1-rkax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89866?format=json","vulnerability_id":"VCID-7ncr-qr8a-fkdx","summary":"vLLM is an inference and serving engine for large language models. In a multi-node vLLM deployment using the V0 engine, vLLM uses ZeroMQ for some multi-node communication purposes. The secondary vLLM hosts open a `SUB` ZeroMQ socket and connect to an `XPUB` socket on the primary vLLM host. When data is received on this `SUB` socket, it is deserialized with `pickle`. This is unsafe, as it can be abused to execute code on a remote machine. Since the vulnerability exists in a client that connects to the primary vLLM host, this vulnerability serves as an escalation point. If the primary vLLM host is compromised, this vulnerability could be used to compromise the rest of the hosts in the vLLM deployment. Attackers could also use other means to exploit the vulnerability without requiring access to the primary vLLM host. One example would be the use of ARP cache poisoning to redirect traffic to a malicious endpoint used to deliver a payload with arbitrary code to execute on the target machine. Note that this issue only affects the V0 engine, which has been off by default since v0.8.0. Further, the issue only applies to a deployment using tensor parallelism across multiple hosts, which we do not expect to be a common deployment pattern. Since V0 is has been off by default since v0.8.0 and the fix is fairly invasive, the maintainers of vLLM have decided not to fix this issue. Instead, the maintainers recommend that users ensure their environment is on a secure network in case this pattern is in use. The V1 engine is not affected by this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30165.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30165.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30165","reference_id":"","reference_type":"","scores":[{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.63091","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30165"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30165","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30165"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2355250","reference_id":"2355250","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2355250"},{"reference_url":"https://github.com/advisories/GHSA-9pcc-gvx5-r5wm","reference_id":"GHSA-9pcc-gvx5-r5wm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9pcc-gvx5-r5wm"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-9pcc-gvx5-r5wm","reference_id":"GHSA-9pcc-gvx5-r5wm","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-06T17:22:47Z/"}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-9pcc-gvx5-r5wm"},{"reference_url":"https://github.com/vllm-project/vllm/blob/c21b99b91241409c2fdf9f3f8c542e8748b317be/vllm/distributed/device_communicators/shm_broadcast.py#L295-L301","reference_id":"shm_broadcast.py#L295-L301","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-06T17:22:47Z/"}],"url":"https://github.com/vllm-project/vllm/blob/c21b99b91241409c2fdf9f3f8c542e8748b317be/vllm/distributed/device_communicators/shm_broadcast.py#L295-L301"},{"reference_url":"https://github.com/vllm-project/vllm/blob/c21b99b91241409c2fdf9f3f8c542e8748b317be/vllm/distributed/device_communicators/shm_broadcast.py#L468-L470","reference_id":"shm_broadcast.py#L468-L470","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-06T17:22:47Z/"}],"url":"https://github.com/vllm-project/vllm/blob/c21b99b91241409c2fdf9f3f8c542e8748b317be/vllm/distributed/device_communicators/shm_broadcast.py#L468-L470"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89665?format=json","purl":"pkg:pypi/vllm@0.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13vf-fjdh-auft"},{"vulnerability":"VCID-34qx-sfdb-tbh6"},{"vulnerability":"VCID-3fw7-eqn1-rkax"},{"vulnerability":"VCID-aqfc-f15d-t7au"},{"vulnerability":"VCID-df4q-ck1w-byhc"},{"vulnerability":"VCID-eqz9-e9m3-5uez"},{"vulnerability":"VCID-free-2d58-zkcc"},{"vulnerability":"VCID-gw7f-usg9-pqf6"},{"vulnerability":"VCID-gwtv-bfhe-6yeq"},{"vulnerability":"VCID-hx49-mkrg-9fd9"},{"vulnerability":"VCID-jebn-qbde-hucm"},{"vulnerability":"VCID-ufp6-jyp8-8ua3"},{"vulnerability":"VCID-uhsj-xqts-mqfv"},{"vulnerability":"VCID-wtdh-z9fk-akh6"},{"vulnerability":"VCID-xq4r-415c-s3d5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.10.0"}],"aliases":["CVE-2025-30165","GHSA-9pcc-gvx5-r5wm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7ncr-qr8a-fkdx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60522?format=json","vulnerability_id":"VCID-8yzj-y5fx-73bd","summary":"vllm-project vllm version v0.6.2 contains a vulnerability in the MessageQueue.dequeue() API function. The function uses pickle.loads to parse received sockets directly, leading to a remote code execution vulnerability. An attacker can exploit this by sending a malicious payload to the MessageQueue, causing the victim's machine to execute arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11041.json","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11041.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-11041","reference_id":"","reference_type":"","scores":[{"value":"0.05599","scoring_system":"epss","scoring_elements":"0.90519","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-11041"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://github.com/vllm-project/vllm/blob/7193774b1ff8603ad5bf4598e5efba0d9a39b436/vllm/distributed/device_communicators/shm_broadcast.py#L441-L443","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/blob/7193774b1ff8603ad5bf4598e5efba0d9a39b436/vllm/distributed/device_communicators/shm_broadcast.py#L441-L443"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-11041","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-11041"},{"reference_url":"https://huntr.com/bounties/00136195-11e0-4ad0-98d5-72db066e867f","reference_id":"00136195-11e0-4ad0-98d5-72db066e867f","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-20T17:51:10Z/"}],"url":"https://huntr.com/bounties/00136195-11e0-4ad0-98d5-72db066e867f"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2353718","reference_id":"2353718","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2353718"},{"reference_url":"https://github.com/advisories/GHSA-5vqr-wprc-cpp7","reference_id":"GHSA-5vqr-wprc-cpp7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5vqr-wprc-cpp7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86935?format=json","purl":"pkg:pypi/vllm@0.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11fx-q5je-ruah"},{"vulnerability":"VCID-13vf-fjdh-auft"},{"vulnerability":"VCID-34qx-sfdb-tbh6"},{"vulnerability":"VCID-3fw7-eqn1-rkax"},{"vulnerability":"VCID-7ncr-qr8a-fkdx"},{"vulnerability":"VCID-96gu-w535-dfan"},{"vulnerability":"VCID-am6k-xmjj-vfg7"},{"vulnerability":"VCID-aqfc-f15d-t7au"},{"vulnerability":"VCID-c8rj-5vkq-m3hm"},{"vulnerability":"VCID-free-2d58-zkcc"},{"vulnerability":"VCID-gw7f-usg9-pqf6"},{"vulnerability":"VCID-gwtv-bfhe-6yeq"},{"vulnerability":"VCID-jebn-qbde-hucm"},{"vulnerability":"VCID-k2s5-nvyn-sbcm"},{"vulnerability":"VCID-qcre-r2c3-r3b1"},{"vulnerability":"VCID-rsg5-7nkg-9yhs"},{"vulnerability":"VCID-s9jr-c3uv-yqgb"},{"vulnerability":"VCID-ufp6-jyp8-8ua3"},{"vulnerability":"VCID-uhsj-xqts-mqfv"},{"vulnerability":"VCID-vqms-v3s3-gkg8"},{"vulnerability":"VCID-xq4r-415c-s3d5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.6.3"}],"aliases":["CVE-2024-11041","GHSA-5vqr-wprc-cpp7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8yzj-y5fx-73bd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/108753?format=json","vulnerability_id":"VCID-96gu-w535-dfan","summary":"vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. The outlines library is one of the backends used by vLLM to support structured output (a.k.a. guided decoding). Outlines provides an optional cache for its compiled grammars on the local filesystem. This cache has been on by default in vLLM. Outlines is also available by default through the OpenAI compatible API server. The affected code in vLLM is vllm/model_executor/guided_decoding/outlines_logits_processors.py, which unconditionally uses the cache from outlines. A malicious user can send a stream of very short decoding requests with unique schemas, resulting in an addition to the cache for each request. This can result in a Denial of Service if the filesystem runs out of space. Note that even if vLLM was configured to use a different backend by default, it is still possible to choose outlines on a per-request basis using the guided_decoding_backend key of the extra_body field of the request. This issue applies only to the V0 engine and is fixed in 0.8.0.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-29770.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-29770.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-29770","reference_id":"","reference_type":"","scores":[{"value":"0.00658","scoring_system":"epss","scoring_elements":"0.71542","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-29770"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2025-223.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2025-223.yaml"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-29770","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-29770"},{"reference_url":"https://github.com/vllm-project/vllm/pull/14837","reference_id":"14837","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T20:14:04Z/"}],"url":"https://github.com/vllm-project/vllm/pull/14837"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2353368","reference_id":"2353368","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2353368"},{"reference_url":"https://github.com/advisories/GHSA-mgrm-fgjv-mhv8","reference_id":"GHSA-mgrm-fgjv-mhv8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mgrm-fgjv-mhv8"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-mgrm-fgjv-mhv8","reference_id":"GHSA-mgrm-fgjv-mhv8","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T20:14:04Z/"}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-mgrm-fgjv-mhv8"},{"reference_url":"https://github.com/vllm-project/vllm/blob/53be4a863486d02bd96a59c674bbec23eec508f6/vllm/model_executor/guided_decoding/outlines_logits_processors.py","reference_id":"outlines_logits_processors.py","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T20:14:04Z/"}],"url":"https://github.com/vllm-project/vllm/blob/53be4a863486d02bd96a59c674bbec23eec508f6/vllm/model_executor/guided_decoding/outlines_logits_processors.py"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87066?format=json","purl":"pkg:pypi/vllm@0.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13vf-fjdh-auft"},{"vulnerability":"VCID-1hpy-jf1r-gkdb"},{"vulnerability":"VCID-2y7a-2pme-63ct"},{"vulnerability":"VCID-34qx-sfdb-tbh6"},{"vulnerability":"VCID-3fw7-eqn1-rkax"},{"vulnerability":"VCID-7ncr-qr8a-fkdx"},{"vulnerability":"VCID-8smp-5qe4-67ez"},{"vulnerability":"VCID-a6yw-hvfn-d7fd"},{"vulnerability":"VCID-am6k-xmjj-vfg7"},{"vulnerability":"VCID-aqfc-f15d-t7au"},{"vulnerability":"VCID-f2nx-ue5s-afc2"},{"vulnerability":"VCID-free-2d58-zkcc"},{"vulnerability":"VCID-g5xs-nywz-yyd1"},{"vulnerability":"VCID-gw7f-usg9-pqf6"},{"vulnerability":"VCID-gwtv-bfhe-6yeq"},{"vulnerability":"VCID-hx49-mkrg-9fd9"},{"vulnerability":"VCID-jebn-qbde-hucm"},{"vulnerability":"VCID-k2s5-nvyn-sbcm"},{"vulnerability":"VCID-qcre-r2c3-r3b1"},{"vulnerability":"VCID-s9jr-c3uv-yqgb"},{"vulnerability":"VCID-sau3-juet-8kdn"},{"vulnerability":"VCID-ufp6-jyp8-8ua3"},{"vulnerability":"VCID-uhsj-xqts-mqfv"},{"vulnerability":"VCID-vqms-v3s3-gkg8"},{"vulnerability":"VCID-vz3s-bpav-cuck"},{"vulnerability":"VCID-wtdh-z9fk-akh6"},{"vulnerability":"VCID-xq4r-415c-s3d5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.0"}],"aliases":["CVE-2025-29770","GHSA-mgrm-fgjv-mhv8","PYSEC-2025-223"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-96gu-w535-dfan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97309?format=json","vulnerability_id":"VCID-am6k-xmjj-vfg7","summary":"vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.9.0, when a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the prefill process speeds up, which is reflected in the TTFT (Time to First Token). These timing differences caused by matching chunks are significant enough to be recognized and exploited. This issue has been patched in version 0.9.0.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46570.json","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46570.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-46570","reference_id":"","reference_type":"","scores":[{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39014","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-46570"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2025-53.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2025-53.yaml"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-46570","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-46570"},{"reference_url":"https://github.com/vllm-project/vllm/pull/17045","reference_id":"17045","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T18:04:57Z/"}],"url":"https://github.com/vllm-project/vllm/pull/17045"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2369223","reference_id":"2369223","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2369223"},{"reference_url":"https://github.com/vllm-project/vllm/commit/77073c77bc2006eb80ea6d5128f076f5e6c6f54f","reference_id":"77073c77bc2006eb80ea6d5128f076f5e6c6f54f","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T18:04:57Z/"}],"url":"https://github.com/vllm-project/vllm/commit/77073c77bc2006eb80ea6d5128f076f5e6c6f54f"},{"reference_url":"https://github.com/advisories/GHSA-4qjh-9fv9-r85r","reference_id":"GHSA-4qjh-9fv9-r85r","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4qjh-9fv9-r85r"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-4qjh-9fv9-r85r","reference_id":"GHSA-4qjh-9fv9-r85r","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T18:04:57Z/"}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-4qjh-9fv9-r85r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87714?format=json","purl":"pkg:pypi/vllm@0.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13vf-fjdh-auft"},{"vulnerability":"VCID-34qx-sfdb-tbh6"},{"vulnerability":"VCID-3fw7-eqn1-rkax"},{"vulnerability":"VCID-aqfc-f15d-t7au"},{"vulnerability":"VCID-eqz9-e9m3-5uez"},{"vulnerability":"VCID-free-2d58-zkcc"},{"vulnerability":"VCID-gw7f-usg9-pqf6"},{"vulnerability":"VCID-gwtv-bfhe-6yeq"},{"vulnerability":"VCID-hx49-mkrg-9fd9"},{"vulnerability":"VCID-jebn-qbde-hucm"},{"vulnerability":"VCID-ufp6-jyp8-8ua3"},{"vulnerability":"VCID-uhsj-xqts-mqfv"},{"vulnerability":"VCID-wtdh-z9fk-akh6"},{"vulnerability":"VCID-xq4r-415c-s3d5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.9.0"}],"aliases":["CVE-2025-46570","GHSA-4qjh-9fv9-r85r","PYSEC-2025-53"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-am6k-xmjj-vfg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82719?format=json","vulnerability_id":"VCID-aqfc-f15d-t7au","summary":"vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.14.1, a Server-Side Request Forgery (SSRF) vulnerability exists in the `MediaConnector` class within the vLLM project's multimodal feature set. The load_from_url and load_from_url_async methods obtain and process media from URLs provided by users, using different Python parsing libraries when restricting the target host. These two parsing libraries have different interpretations of backslashes, which allows the host name restriction to be bypassed. This allows an attacker to coerce the vLLM server into making arbitrary requests to internal network resources. This vulnerability is particularly critical in containerized environments like `llm-d`, where a compromised vLLM pod could be used to scan the internal network, interact with other pods, and potentially cause denial of service or access sensitive data. For example, an attacker could make the vLLM pod send malicious requests to an internal `llm-d` management endpoint, leading to system instability by falsely reporting metrics like the KV cache state. Version 0.14.1 contains a patch for the issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24779.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24779.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24779","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11655","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24779"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433624","reference_id":"2433624","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433624"},{"reference_url":"https://github.com/vllm-project/vllm/pull/32746","reference_id":"32746","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-28T21:10:30Z/"}],"url":"https://github.com/vllm-project/vllm/pull/32746"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24779","reference_id":"CVE-2026-24779","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24779"},{"reference_url":"https://github.com/vllm-project/vllm/commit/f46d576c54fb8aeec5fc70560e850bed38ef17d7","reference_id":"f46d576c54fb8aeec5fc70560e850bed38ef17d7","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-28T21:10:30Z/"}],"url":"https://github.com/vllm-project/vllm/commit/f46d576c54fb8aeec5fc70560e850bed38ef17d7"},{"reference_url":"https://github.com/advisories/GHSA-qh4c-xf7m-gxfc","reference_id":"GHSA-qh4c-xf7m-gxfc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qh4c-xf7m-gxfc"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-qh4c-xf7m-gxfc","reference_id":"GHSA-qh4c-xf7m-gxfc","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-28T21:10:30Z/"}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-qh4c-xf7m-gxfc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10184","reference_id":"RHSA-2026:10184","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10184"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19712","reference_id":"RHSA-2026:19712","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19712"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3461","reference_id":"RHSA-2026:3461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3462","reference_id":"RHSA-2026:3462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3782","reference_id":"RHSA-2026:3782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3782"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38314?format=json","purl":"pkg:pypi/vllm@0.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-34qx-sfdb-tbh6"},{"vulnerability":"VCID-3fw7-eqn1-rkax"},{"vulnerability":"VCID-chgg-x8v7-fqdh"},{"vulnerability":"VCID-gw7f-usg9-pqf6"},{"vulnerability":"VCID-wtdh-z9fk-akh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.14.1"}],"aliases":["CVE-2026-24779","GHSA-qh4c-xf7m-gxfc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aqfc-f15d-t7au"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89223?format=json","vulnerability_id":"VCID-c8rj-5vkq-m3hm","summary":"vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. Prefix caching makes use of Python's built-in hash() function. As of Python 3.12, the behavior of hash(None) has changed to be a predictable constant value. This makes it more feasible that someone could try exploit hash collisions. The impact of a collision would be using cache that was generated using different content. Given knowledge of prompts in use and predictable hashing behavior, someone could intentionally populate the cache using a prompt known to collide with another prompt in use. This issue has been addressed in version 0.7.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25183.json","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25183.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-25183","reference_id":"","reference_type":"","scores":[{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55798","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-25183"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2025-62.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2025-62.yaml"},{"reference_url":"https://github.com/python/cpython/pull/99541","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python/cpython/pull/99541"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://github.com/vllm-project/vllm/commit/73b35cca7f3745d07d439c197768b25d88b6ab7f","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/commit/73b35cca7f3745d07d439c197768b25d88b6ab7f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-25183","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-25183"},{"reference_url":"https://github.com/vllm-project/vllm/pull/12621","reference_id":"12621","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T20:33:57Z/"}],"url":"https://github.com/vllm-project/vllm/pull/12621"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2344292","reference_id":"2344292","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2344292"},{"reference_url":"https://github.com/python/cpython/commit/432117cd1f59c76d97da2eaff55a7d758301dbc7","reference_id":"432117cd1f59c76d97da2eaff55a7d758301dbc7","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T20:33:57Z/"}],"url":"https://github.com/python/cpython/commit/432117cd1f59c76d97da2eaff55a7d758301dbc7"},{"reference_url":"https://github.com/advisories/GHSA-rm76-4mrf-v9r8","reference_id":"GHSA-rm76-4mrf-v9r8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rm76-4mrf-v9r8"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-rm76-4mrf-v9r8","reference_id":"GHSA-rm76-4mrf-v9r8","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T20:33:57Z/"}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-rm76-4mrf-v9r8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86946?format=json","purl":"pkg:pypi/vllm@0.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11fx-q5je-ruah"},{"vulnerability":"VCID-13vf-fjdh-auft"},{"vulnerability":"VCID-2y7a-2pme-63ct"},{"vulnerability":"VCID-34qx-sfdb-tbh6"},{"vulnerability":"VCID-3fw7-eqn1-rkax"},{"vulnerability":"VCID-7ncr-qr8a-fkdx"},{"vulnerability":"VCID-8wkb-2cgt-kfgh"},{"vulnerability":"VCID-96gu-w535-dfan"},{"vulnerability":"VCID-a6yw-hvfn-d7fd"},{"vulnerability":"VCID-am6k-xmjj-vfg7"},{"vulnerability":"VCID-aqfc-f15d-t7au"},{"vulnerability":"VCID-free-2d58-zkcc"},{"vulnerability":"VCID-gw7f-usg9-pqf6"},{"vulnerability":"VCID-gwtv-bfhe-6yeq"},{"vulnerability":"VCID-hx49-mkrg-9fd9"},{"vulnerability":"VCID-jebn-qbde-hucm"},{"vulnerability":"VCID-k2s5-nvyn-sbcm"},{"vulnerability":"VCID-qcre-r2c3-r3b1"},{"vulnerability":"VCID-s9jr-c3uv-yqgb"},{"vulnerability":"VCID-sau3-juet-8kdn"},{"vulnerability":"VCID-ufp6-jyp8-8ua3"},{"vulnerability":"VCID-uhsj-xqts-mqfv"},{"vulnerability":"VCID-vqms-v3s3-gkg8"},{"vulnerability":"VCID-vz3s-bpav-cuck"},{"vulnerability":"VCID-wtdh-z9fk-akh6"},{"vulnerability":"VCID-xq4r-415c-s3d5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.7.2"}],"aliases":["CVE-2025-25183","GHSA-rm76-4mrf-v9r8","PYSEC-2025-62"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c8rj-5vkq-m3hm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/117984?format=json","vulnerability_id":"VCID-free-2d58-zkcc","summary":"vLLM is an inference and serving engine for large language models (LLMs). From 0.1.0 to before 0.10.1.1, a Denial of Service (DoS) vulnerability can be triggered by sending a single HTTP GET request with an extremely large header to an HTTP endpoint. This results in server memory exhaustion, potentially leading to a crash or unresponsiveness. The attack does not require authentication, making it exploitable by any remote user. This vulnerability is fixed in 0.10.1.1.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48956.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48956.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48956","reference_id":"","reference_type":"","scores":[{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.54236","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48956"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48956","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48956"},{"reference_url":"https://github.com/vllm-project/vllm/pull/23267","reference_id":"23267","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-21T15:01:51Z/"}],"url":"https://github.com/vllm-project/vllm/pull/23267"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2372522","reference_id":"2372522","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2372522"},{"reference_url":"https://github.com/vllm-project/vllm/commit/d8b736f913a59117803d6701521d2e4861701944","reference_id":"d8b736f913a59117803d6701521d2e4861701944","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-21T15:01:51Z/"}],"url":"https://github.com/vllm-project/vllm/commit/d8b736f913a59117803d6701521d2e4861701944"},{"reference_url":"https://github.com/advisories/GHSA-rxc4-3w6r-4v47","reference_id":"GHSA-rxc4-3w6r-4v47","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rxc4-3w6r-4v47"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-rxc4-3w6r-4v47","reference_id":"GHSA-rxc4-3w6r-4v47","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-21T15:01:51Z/"}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-rxc4-3w6r-4v47"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19421","reference_id":"RHSA-2025:19421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19422","reference_id":"RHSA-2025:19422","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19422"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19423","reference_id":"RHSA-2025:19423","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19423"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19424","reference_id":"RHSA-2025:19424","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19424"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19425","reference_id":"RHSA-2025:19425","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19425"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19426","reference_id":"RHSA-2025:19426","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19426"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19427","reference_id":"RHSA-2025:19427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19428","reference_id":"RHSA-2025:19428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19429","reference_id":"RHSA-2025:19429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19429"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19430","reference_id":"RHSA-2025:19430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19430"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24977","reference_id":"RHSA-2026:24977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3713","reference_id":"RHSA-2026:3713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3713"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89666?format=json","purl":"pkg:pypi/vllm@0.10.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13vf-fjdh-auft"},{"vulnerability":"VCID-34qx-sfdb-tbh6"},{"vulnerability":"VCID-3fw7-eqn1-rkax"},{"vulnerability":"VCID-aqfc-f15d-t7au"},{"vulnerability":"VCID-bt14-866q-hyb3"},{"vulnerability":"VCID-chgg-x8v7-fqdh"},{"vulnerability":"VCID-eqz9-e9m3-5uez"},{"vulnerability":"VCID-gw7f-usg9-pqf6"},{"vulnerability":"VCID-gwtv-bfhe-6yeq"},{"vulnerability":"VCID-hx49-mkrg-9fd9"},{"vulnerability":"VCID-jebn-qbde-hucm"},{"vulnerability":"VCID-ufp6-jyp8-8ua3"},{"vulnerability":"VCID-uhsj-xqts-mqfv"},{"vulnerability":"VCID-wtdh-z9fk-akh6"},{"vulnerability":"VCID-xq4r-415c-s3d5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.10.1.1"}],"aliases":["CVE-2025-48956","GHSA-rxc4-3w6r-4v47"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-free-2d58-zkcc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67968?format=json","vulnerability_id":"VCID-gw7f-usg9-pqf6","summary":"vLLM is an inference and serving engine for large language models (LLMs). From 0.6.1 to before 0.20.0, there is a a Token Injection vulnerability in vLLM’s multimodal processing. Unauthenticated, text-only prompts that spell special tokens are interpreted as control. Image and video placeholder sequences supplied without matching data cause vLLM to index into empty grids during input-position computation, raising an unhandled IndexError and terminating the worker or degrading availability. Multimodal paths that rely on image_grid_thw/video_grid_thw are affected. This vulnerability is fixed in 0.20.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44222","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02896","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44222"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44222","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44222"},{"reference_url":"https://github.com/vllm-project/vllm/issues/32656","reference_id":"32656","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T12:24:39Z/"}],"url":"https://github.com/vllm-project/vllm/issues/32656"},{"reference_url":"https://github.com/advisories/GHSA-hpv8-x276-m59f","reference_id":"GHSA-hpv8-x276-m59f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hpv8-x276-m59f"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-hpv8-x276-m59f","reference_id":"GHSA-hpv8-x276-m59f","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T12:24:39Z/"}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-hpv8-x276-m59f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93084?format=json","purl":"pkg:pypi/vllm@0.20.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.20.0"}],"aliases":["CVE-2026-44222","GHSA-hpv8-x276-m59f"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gw7f-usg9-pqf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102185?format=json","vulnerability_id":"VCID-gwtv-bfhe-6yeq","summary":"vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before 0.11.1, users can crash the vLLM engine serving multimodal models by passing multimodal embedding inputs with correct ndim but incorrect shape (e.g. hidden dimension is wrong), regardless of whether the model is intended to support such inputs (as defined in the Supported Models page). This issue has been patched in version 0.11.1.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62372.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62372.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62372","reference_id":"","reference_type":"","scores":[{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25348","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62372"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416280","reference_id":"2416280","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416280"},{"reference_url":"https://github.com/vllm-project/vllm/pull/27204","reference_id":"27204","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T17:07:55Z/"}],"url":"https://github.com/vllm-project/vllm/pull/27204"},{"reference_url":"https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b","reference_id":"58fab50d82838d5014f4a14d991fdb9352c9c84b","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T17:07:55Z/"}],"url":"https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b"},{"reference_url":"https://github.com/vllm-project/vllm/pull/6613","reference_id":"6613","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T17:07:55Z/"}],"url":"https://github.com/vllm-project/vllm/pull/6613"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62372","reference_id":"CVE-2025-62372","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62372"},{"reference_url":"https://github.com/advisories/GHSA-pmqf-x6x8-p7qw","reference_id":"GHSA-pmqf-x6x8-p7qw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pmqf-x6x8-p7qw"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw","reference_id":"GHSA-pmqf-x6x8-p7qw","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T17:07:55Z/"}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23204","reference_id":"RHSA-2025:23204","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23204"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23205","reference_id":"RHSA-2025:23205","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23205"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23209","reference_id":"RHSA-2025:23209","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23209"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23449","reference_id":"RHSA-2025:23449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3461","reference_id":"RHSA-2026:3461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3462","reference_id":"RHSA-2026:3462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3462"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35371?format=json","purl":"pkg:pypi/vllm@0.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-34qx-sfdb-tbh6"},{"vulnerability":"VCID-3aq5-p58q-rkc1"},{"vulnerability":"VCID-3fw7-eqn1-rkax"},{"vulnerability":"VCID-aqfc-f15d-t7au"},{"vulnerability":"VCID-bt14-866q-hyb3"},{"vulnerability":"VCID-chgg-x8v7-fqdh"},{"vulnerability":"VCID-eqz9-e9m3-5uez"},{"vulnerability":"VCID-gw7f-usg9-pqf6"},{"vulnerability":"VCID-hx49-mkrg-9fd9"},{"vulnerability":"VCID-wtdh-z9fk-akh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.11.1"}],"aliases":["CVE-2025-62372","GHSA-pmqf-x6x8-p7qw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gwtv-bfhe-6yeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94790?format=json","vulnerability_id":"VCID-jebn-qbde-hucm","summary":"vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named Nemotron_Nano_VL_Config. When vllm loads a model config that contains an auto_map entry, the config class resolves that mapping with get_class_from_dynamic_module(...) and immediately instantiates the returned class. This fetches and executes Python from the remote repository referenced in the auto_map string. Crucially, this happens even when the caller explicitly sets trust_remote_code=False in vllm.transformers_utils.config.get_config. In practice, an attacker can publish a benign-looking frontend repo whose config.json points via auto_map to a separate malicious backend repo; loading the frontend will silently run the backend’s code on the victim host. This vulnerability is fixed in 0.11.1.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66448.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66448.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66448","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14237","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66448"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418152","reference_id":"2418152","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418152"},{"reference_url":"https://github.com/vllm-project/vllm/pull/28126","reference_id":"28126","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-02T14:14:49Z/"}],"url":"https://github.com/vllm-project/vllm/pull/28126"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66448","reference_id":"CVE-2025-66448","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66448"},{"reference_url":"https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86","reference_id":"ffb08379d8870a1a81ba82b72797f196838d0c86","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-02T14:14:49Z/"}],"url":"https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86"},{"reference_url":"https://github.com/advisories/GHSA-8fr4-5q9j-m8gm","reference_id":"GHSA-8fr4-5q9j-m8gm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8fr4-5q9j-m8gm"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm","reference_id":"GHSA-8fr4-5q9j-m8gm","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-02T14:14:49Z/"}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23078","reference_id":"RHSA-2025:23078","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23079","reference_id":"RHSA-2025:23079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23080","reference_id":"RHSA-2025:23080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23080"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23204","reference_id":"RHSA-2025:23204","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23204"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23205","reference_id":"RHSA-2025:23205","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23205"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23209","reference_id":"RHSA-2025:23209","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23209"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23449","reference_id":"RHSA-2025:23449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19712","reference_id":"RHSA-2026:19712","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19712"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3461","reference_id":"RHSA-2026:3461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3462","reference_id":"RHSA-2026:3462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3713","reference_id":"RHSA-2026:3713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3782","reference_id":"RHSA-2026:3782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3782"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35371?format=json","purl":"pkg:pypi/vllm@0.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-34qx-sfdb-tbh6"},{"vulnerability":"VCID-3aq5-p58q-rkc1"},{"vulnerability":"VCID-3fw7-eqn1-rkax"},{"vulnerability":"VCID-aqfc-f15d-t7au"},{"vulnerability":"VCID-bt14-866q-hyb3"},{"vulnerability":"VCID-chgg-x8v7-fqdh"},{"vulnerability":"VCID-eqz9-e9m3-5uez"},{"vulnerability":"VCID-gw7f-usg9-pqf6"},{"vulnerability":"VCID-hx49-mkrg-9fd9"},{"vulnerability":"VCID-wtdh-z9fk-akh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.11.1"}],"aliases":["CVE-2025-66448","GHSA-8fr4-5q9j-m8gm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jebn-qbde-hucm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51246?format=json","vulnerability_id":"VCID-k2s5-nvyn-sbcm","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9052.json","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9052.json"},{"reference_url":"https://github.com/github/advisory-database/pull/5444","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/github/advisory-database/pull/5444"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://github.com/vllm-project/vllm/blob/32e7db25365415841ebc7c4215851743fbb1bad1/vllm/distributed/parallel_state.py#L480","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/blob/32e7db25365415841ebc7c4215851743fbb1bad1/vllm/distributed/parallel_state.py#L480"},{"reference_url":"https://github.com/vllm-project/vllm/blob/v0.8.1/vllm/distributed/parallel_state.py#L457","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/blob/v0.8.1/vllm/distributed/parallel_state.py#L457"},{"reference_url":"https://huntr.com/bounties/ea75728f-4efe-4a3d-9f53-33f2c908e9f8","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.com/bounties/ea75728f-4efe-4a3d-9f53-33f2c908e9f8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-9052","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-9052"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2353764","reference_id":"2353764","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2353764"},{"reference_url":"https://github.com/advisories/GHSA-pgr7-mhp5-fgjp","reference_id":"GHSA-pgr7-mhp5-fgjp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pgr7-mhp5-fgjp"}],"fixed_packages":[],"aliases":["CVE-2024-9052","GHSA-pgr7-mhp5-fgjp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k2s5-nvyn-sbcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218395?format=json","vulnerability_id":"VCID-rsg5-7nkg-9yhs","summary":"vLLM is a library for LLM inference and serving. vllm/model_executor/weight_utils.py implements hf_model_weights_iterator to load the model checkpoint, which is downloaded from huggingface. It uses the torch.load function and the weights_only parameter defaults to False. When torch.load loads malicious pickle data, it will execute arbitrary code during unpickling. This vulnerability is fixed in v0.7.0.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24357.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24357.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24357","reference_id":"","reference_type":"","scores":[{"value":"0.00665","scoring_system":"epss","scoring_elements":"0.71698","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24357"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2025-58.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2025-58.yaml"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://github.com/vllm-project/vllm/commit/d3d6bb13fb62da3234addf6574922a4ec0513d04","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/commit/d3d6bb13fb62da3234addf6574922a4ec0513d04"},{"reference_url":"https://github.com/vllm-project/vllm/pull/12366","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/pull/12366"},{"reference_url":"https://github.com/vllm-project/vllm/releases/tag/v0.7.0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/releases/tag/v0.7.0"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-rh4j-5rhw-hr54","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-rh4j-5rhw-hr54"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24357","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2342304","reference_id":"2342304","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2342304"},{"reference_url":"https://github.com/advisories/GHSA-rh4j-5rhw-hr54","reference_id":"GHSA-rh4j-5rhw-hr54","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rh4j-5rhw-hr54"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86941?format=json","purl":"pkg:pypi/vllm@0.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11fx-q5je-ruah"},{"vulnerability":"VCID-13vf-fjdh-auft"},{"vulnerability":"VCID-2y7a-2pme-63ct"},{"vulnerability":"VCID-34qx-sfdb-tbh6"},{"vulnerability":"VCID-3fw7-eqn1-rkax"},{"vulnerability":"VCID-7ncr-qr8a-fkdx"},{"vulnerability":"VCID-8wkb-2cgt-kfgh"},{"vulnerability":"VCID-96gu-w535-dfan"},{"vulnerability":"VCID-a6yw-hvfn-d7fd"},{"vulnerability":"VCID-am6k-xmjj-vfg7"},{"vulnerability":"VCID-aqfc-f15d-t7au"},{"vulnerability":"VCID-c8rj-5vkq-m3hm"},{"vulnerability":"VCID-free-2d58-zkcc"},{"vulnerability":"VCID-gw7f-usg9-pqf6"},{"vulnerability":"VCID-gwtv-bfhe-6yeq"},{"vulnerability":"VCID-hx49-mkrg-9fd9"},{"vulnerability":"VCID-jebn-qbde-hucm"},{"vulnerability":"VCID-k2s5-nvyn-sbcm"},{"vulnerability":"VCID-qcre-r2c3-r3b1"},{"vulnerability":"VCID-s9jr-c3uv-yqgb"},{"vulnerability":"VCID-sau3-juet-8kdn"},{"vulnerability":"VCID-ufp6-jyp8-8ua3"},{"vulnerability":"VCID-uhsj-xqts-mqfv"},{"vulnerability":"VCID-vqms-v3s3-gkg8"},{"vulnerability":"VCID-vz3s-bpav-cuck"},{"vulnerability":"VCID-wtdh-z9fk-akh6"},{"vulnerability":"VCID-xq4r-415c-s3d5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.7.0"}],"aliases":["CVE-2025-24357","GHSA-rh4j-5rhw-hr54","PYSEC-2025-58"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rsg5-7nkg-9yhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97164?format=json","vulnerability_id":"VCID-s9jr-c3uv-yqgb","summary":"vLLM is an inference and serving engine for large language models (LLMs). In versions starting from 0.7.0 to before 0.9.0, in the file vllm/multimodal/hasher.py, the MultiModalHasher class has a security and data integrity issue in its image hashing method. Currently, it serializes PIL.Image.Image objects using only obj.tobytes(), which returns only the raw pixel data, without including metadata such as the image’s shape (width, height, mode). As a result, two images of different sizes (e.g., 30x100 and 100x30) with the same pixel byte sequence could generate the same hash value. This may lead to hash collisions, incorrect cache hits, and even data leakage or security risks. This issue has been patched in version 0.9.0.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46722.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46722.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-46722","reference_id":"","reference_type":"","scores":[{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.46108","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-46722"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2025-43.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2025-43.yaml"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-46722","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-46722"},{"reference_url":"https://github.com/vllm-project/vllm/pull/17378","reference_id":"17378","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T18:12:29Z/"}],"url":"https://github.com/vllm-project/vllm/pull/17378"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2369221","reference_id":"2369221","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2369221"},{"reference_url":"https://github.com/vllm-project/vllm/commit/99404f53c72965b41558aceb1bc2380875f5d848","reference_id":"99404f53c72965b41558aceb1bc2380875f5d848","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T18:12:29Z/"}],"url":"https://github.com/vllm-project/vllm/commit/99404f53c72965b41558aceb1bc2380875f5d848"},{"reference_url":"https://github.com/advisories/GHSA-c65p-x677-fgj6","reference_id":"GHSA-c65p-x677-fgj6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-c65p-x677-fgj6"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-c65p-x677-fgj6","reference_id":"GHSA-c65p-x677-fgj6","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T18:12:29Z/"}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-c65p-x677-fgj6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87714?format=json","purl":"pkg:pypi/vllm@0.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13vf-fjdh-auft"},{"vulnerability":"VCID-34qx-sfdb-tbh6"},{"vulnerability":"VCID-3fw7-eqn1-rkax"},{"vulnerability":"VCID-aqfc-f15d-t7au"},{"vulnerability":"VCID-eqz9-e9m3-5uez"},{"vulnerability":"VCID-free-2d58-zkcc"},{"vulnerability":"VCID-gw7f-usg9-pqf6"},{"vulnerability":"VCID-gwtv-bfhe-6yeq"},{"vulnerability":"VCID-hx49-mkrg-9fd9"},{"vulnerability":"VCID-jebn-qbde-hucm"},{"vulnerability":"VCID-ufp6-jyp8-8ua3"},{"vulnerability":"VCID-uhsj-xqts-mqfv"},{"vulnerability":"VCID-wtdh-z9fk-akh6"},{"vulnerability":"VCID-xq4r-415c-s3d5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.9.0"}],"aliases":["CVE-2025-46722","GHSA-c65p-x677-fgj6","PYSEC-2025-43"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s9jr-c3uv-yqgb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110612?format=json","vulnerability_id":"VCID-ufp6-jyp8-8ua3","summary":"A Server-Side Request Forgery (SSRF) vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The load_from_url and load_from_url_async methods fetch and process media from user-provided URLs without adequate restrictions on the target hosts. This allows an attacker to coerce the vLLM server into making arbitrary requests to internal network resources.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6242.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6242.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6242","reference_id":"","reference_type":"","scores":[{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16513","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6242"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://github.com/vllm-project/vllm/commit/9d9a2b77f19f68262d5e469c4e82c0f6365ad72d","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/commit/9d9a2b77f19f68262d5e469c4e82c0f6365ad72d"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3","reference_id":"cpe:/a:redhat:ai_inference_server:3","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux_ai:1","reference_id":"cpe:/a:redhat:enterprise_linux_ai:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux_ai:1"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-6242","reference_id":"CVE-2025-6242","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-07T19:55:28Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-6242"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6242","reference_id":"CVE-2025-6242","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6242"},{"reference_url":"https://github.com/advisories/GHSA-3f6c-7fw2-ppm4","reference_id":"GHSA-3f6c-7fw2-ppm4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3f6c-7fw2-ppm4"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-3f6c-7fw2-ppm4","reference_id":"GHSA-3f6c-7fw2-ppm4","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-3f6c-7fw2-ppm4"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23078","reference_id":"RHSA-2025:23078","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23079","reference_id":"RHSA-2025:23079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23080","reference_id":"RHSA-2025:23080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23080"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10184","reference_id":"RHSA-2026:10184","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10184"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19712","reference_id":"RHSA-2026:19712","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19712"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3461","reference_id":"RHSA-2026:3461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3462","reference_id":"RHSA-2026:3462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3713","reference_id":"RHSA-2026:3713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3713"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2373716","reference_id":"show_bug.cgi?id=2373716","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-07T19:55:28Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2373716"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34107?format=json","purl":"pkg:pypi/vllm@0.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-34qx-sfdb-tbh6"},{"vulnerability":"VCID-3aq5-p58q-rkc1"},{"vulnerability":"VCID-3fw7-eqn1-rkax"},{"vulnerability":"VCID-aqfc-f15d-t7au"},{"vulnerability":"VCID-bt14-866q-hyb3"},{"vulnerability":"VCID-chgg-x8v7-fqdh"},{"vulnerability":"VCID-eqz9-e9m3-5uez"},{"vulnerability":"VCID-gw7f-usg9-pqf6"},{"vulnerability":"VCID-gwtv-bfhe-6yeq"},{"vulnerability":"VCID-hx49-mkrg-9fd9"},{"vulnerability":"VCID-jebn-qbde-hucm"},{"vulnerability":"VCID-wtdh-z9fk-akh6"},{"vulnerability":"VCID-xq4r-415c-s3d5"},{"vulnerability":"VCID-yj6x-r153-vkge"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.11.0"}],"aliases":["CVE-2025-6242","GHSA-3f6c-7fw2-ppm4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ufp6-jyp8-8ua3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/100740?format=json","vulnerability_id":"VCID-uhsj-xqts-mqfv","summary":"vLLM is an inference and serving engine for large language models (LLMs). Before version 0.11.0rc2, the API key support in vLLM performs validation using a method that was vulnerable to a timing attack. API key validation uses a string comparison that takes longer the more characters the provided API key gets correct. Data analysis across many attempts could allow an attacker to determine when it finds the next correct character in the key sequence. Deployments relying on vLLM's built-in API key validation are vulnerable to authentication bypass using this technique. Version 0.11.0rc2 fixes the issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59425.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59425.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59425","reference_id":"","reference_type":"","scores":[{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53617","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59425"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2397234","reference_id":"2397234","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2397234"},{"reference_url":"https://github.com/vllm-project/vllm/blob/4b946d693e0af15740e9ca9c0e059d5f333b1083/vllm/entrypoints/openai/api_server.py#L1270-L1274","reference_id":"api_server.py#L1270-L1274","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T14:32:10Z/"}],"url":"https://github.com/vllm-project/vllm/blob/4b946d693e0af15740e9ca9c0e059d5f333b1083/vllm/entrypoints/openai/api_server.py#L1270-L1274"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59425","reference_id":"CVE-2025-59425","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59425"},{"reference_url":"https://github.com/vllm-project/vllm/commit/ee10d7e6ff5875386c7f136ce8b5f525c8fcef48","reference_id":"ee10d7e6ff5875386c7f136ce8b5f525c8fcef48","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T14:32:10Z/"}],"url":"https://github.com/vllm-project/vllm/commit/ee10d7e6ff5875386c7f136ce8b5f525c8fcef48"},{"reference_url":"https://github.com/advisories/GHSA-wr9h-g72x-mwhm","reference_id":"GHSA-wr9h-g72x-mwhm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wr9h-g72x-mwhm"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-wr9h-g72x-mwhm","reference_id":"GHSA-wr9h-g72x-mwhm","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T14:32:10Z/"}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-wr9h-g72x-mwhm"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23078","reference_id":"RHSA-2025:23078","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23079","reference_id":"RHSA-2025:23079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23080","reference_id":"RHSA-2025:23080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23080"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3461","reference_id":"RHSA-2026:3461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3462","reference_id":"RHSA-2026:3462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3713","reference_id":"RHSA-2026:3713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3782","reference_id":"RHSA-2026:3782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3782"},{"reference_url":"https://github.com/vllm-project/vllm/releases/tag/v0.11.0","reference_id":"v0.11.0","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T14:32:10Z/"}],"url":"https://github.com/vllm-project/vllm/releases/tag/v0.11.0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34107?format=json","purl":"pkg:pypi/vllm@0.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-34qx-sfdb-tbh6"},{"vulnerability":"VCID-3aq5-p58q-rkc1"},{"vulnerability":"VCID-3fw7-eqn1-rkax"},{"vulnerability":"VCID-aqfc-f15d-t7au"},{"vulnerability":"VCID-bt14-866q-hyb3"},{"vulnerability":"VCID-chgg-x8v7-fqdh"},{"vulnerability":"VCID-eqz9-e9m3-5uez"},{"vulnerability":"VCID-gw7f-usg9-pqf6"},{"vulnerability":"VCID-gwtv-bfhe-6yeq"},{"vulnerability":"VCID-hx49-mkrg-9fd9"},{"vulnerability":"VCID-jebn-qbde-hucm"},{"vulnerability":"VCID-wtdh-z9fk-akh6"},{"vulnerability":"VCID-xq4r-415c-s3d5"},{"vulnerability":"VCID-yj6x-r153-vkge"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.11.0"}],"aliases":["CVE-2025-59425","GHSA-wr9h-g72x-mwhm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uhsj-xqts-mqfv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89842?format=json","vulnerability_id":"VCID-vqms-v3s3-gkg8","summary":"vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.5.2 and prior to 0.8.5 are vulnerable to denial of service and data exposure via ZeroMQ on multi-node vLLM deployment. In a multi-node vLLM deployment, vLLM uses ZeroMQ for some multi-node communication purposes. The primary vLLM host opens an XPUB ZeroMQ socket and binds it to ALL interfaces. While the socket is always opened for a multi-node deployment, it is only used when doing tensor parallelism across multiple hosts. Any client with network access to this host can connect to this XPUB socket unless its port is blocked by a firewall. Once connected, these arbitrary clients will receive all of the same data broadcasted to all of the secondary vLLM hosts. This data is internal vLLM state information that is not useful to an attacker. By potentially connecting to this socket many times and not reading data published to them, an attacker can also cause a denial of service by slowing down or potentially blocking the publisher. This issue has been patched in version 0.8.5.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30202.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30202.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30202","reference_id":"","reference_type":"","scores":[{"value":"0.00685","scoring_system":"epss","scoring_elements":"0.72167","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30202"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://github.com/vllm-project/vllm/pull/17197","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm/pull/17197"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30202","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30202"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2355251","reference_id":"2355251","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2355251"},{"reference_url":"https://github.com/vllm-project/vllm/pull/6183","reference_id":"6183","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T13:16:29Z/"}],"url":"https://github.com/vllm-project/vllm/pull/6183"},{"reference_url":"https://github.com/vllm-project/vllm/commit/a0304dc504c85f421d38ef47c64f83046a13641c","reference_id":"a0304dc504c85f421d38ef47c64f83046a13641c","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T13:16:29Z/"}],"url":"https://github.com/vllm-project/vllm/commit/a0304dc504c85f421d38ef47c64f83046a13641c"},{"reference_url":"https://github.com/advisories/GHSA-9f8f-2vmf-885j","reference_id":"GHSA-9f8f-2vmf-885j","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9f8f-2vmf-885j"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-9f8f-2vmf-885j","reference_id":"GHSA-9f8f-2vmf-885j","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T13:16:29Z/"}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-9f8f-2vmf-885j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87472?format=json","purl":"pkg:pypi/vllm@0.8.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13vf-fjdh-auft"},{"vulnerability":"VCID-1hpy-jf1r-gkdb"},{"vulnerability":"VCID-34qx-sfdb-tbh6"},{"vulnerability":"VCID-3fw7-eqn1-rkax"},{"vulnerability":"VCID-7ncr-qr8a-fkdx"},{"vulnerability":"VCID-am6k-xmjj-vfg7"},{"vulnerability":"VCID-aqfc-f15d-t7au"},{"vulnerability":"VCID-eqz9-e9m3-5uez"},{"vulnerability":"VCID-f2nx-ue5s-afc2"},{"vulnerability":"VCID-free-2d58-zkcc"},{"vulnerability":"VCID-g5xs-nywz-yyd1"},{"vulnerability":"VCID-gw7f-usg9-pqf6"},{"vulnerability":"VCID-gwtv-bfhe-6yeq"},{"vulnerability":"VCID-hx49-mkrg-9fd9"},{"vulnerability":"VCID-jebn-qbde-hucm"},{"vulnerability":"VCID-qcre-r2c3-r3b1"},{"vulnerability":"VCID-s9jr-c3uv-yqgb"},{"vulnerability":"VCID-ufp6-jyp8-8ua3"},{"vulnerability":"VCID-uhsj-xqts-mqfv"},{"vulnerability":"VCID-vz3s-bpav-cuck"},{"vulnerability":"VCID-wtdh-z9fk-akh6"},{"vulnerability":"VCID-xq4r-415c-s3d5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.5"}],"aliases":["CVE-2025-30202","GHSA-9f8f-2vmf-885j"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vqms-v3s3-gkg8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102487?format=json","vulnerability_id":"VCID-xq4r-415c-s3d5","summary":"vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before 0.11.1, the /v1/chat/completions and /tokenize endpoints allow a chat_template_kwargs request parameter that is used in the code before it is properly validated against the chat template. With the right chat_template_kwargs parameters, it is possible to block processing of the API server for long periods of time, delaying all other requests. This issue has been patched in version 0.11.1.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62426.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62426.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62426","reference_id":"","reference_type":"","scores":[{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25353","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62426"},{"reference_url":"https://github.com/vllm-project/vllm","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vllm-project/vllm"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416278","reference_id":"2416278","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416278"},{"reference_url":"https://github.com/vllm-project/vllm/pull/27205","reference_id":"27205","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T17:12:00Z/"}],"url":"https://github.com/vllm-project/vllm/pull/27205"},{"reference_url":"https://github.com/vllm-project/vllm/commit/3ada34f9cb4d1af763fdfa3b481862a93eb6bd2b","reference_id":"3ada34f9cb4d1af763fdfa3b481862a93eb6bd2b","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T17:12:00Z/"}],"url":"https://github.com/vllm-project/vllm/commit/3ada34f9cb4d1af763fdfa3b481862a93eb6bd2b"},{"reference_url":"https://github.com/vllm-project/vllm/blob/2a6dc67eb520ddb9c4138d8b35ed6fe6226997fb/vllm/entrypoints/chat_utils.py#L1602-L1610","reference_id":"chat_utils.py#L1602-L1610","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T17:12:00Z/"}],"url":"https://github.com/vllm-project/vllm/blob/2a6dc67eb520ddb9c4138d8b35ed6fe6226997fb/vllm/entrypoints/chat_utils.py#L1602-L1610"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62426","reference_id":"CVE-2025-62426","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62426"},{"reference_url":"https://github.com/advisories/GHSA-69j4-grxj-j64p","reference_id":"GHSA-69j4-grxj-j64p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-69j4-grxj-j64p"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-69j4-grxj-j64p","reference_id":"GHSA-69j4-grxj-j64p","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T17:12:00Z/"}],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-69j4-grxj-j64p"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3461","reference_id":"RHSA-2026:3461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3462","reference_id":"RHSA-2026:3462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3462"},{"reference_url":"https://github.com/vllm-project/vllm/blob/2a6dc67eb520ddb9c4138d8b35ed6fe6226997fb/vllm/entrypoints/openai/serving_engine.py#L809-L814","reference_id":"serving_engine.py#L809-L814","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-24T17:12:00Z/"}],"url":"https://github.com/vllm-project/vllm/blob/2a6dc67eb520ddb9c4138d8b35ed6fe6226997fb/vllm/entrypoints/openai/serving_engine.py#L809-L814"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35371?format=json","purl":"pkg:pypi/vllm@0.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-34qx-sfdb-tbh6"},{"vulnerability":"VCID-3aq5-p58q-rkc1"},{"vulnerability":"VCID-3fw7-eqn1-rkax"},{"vulnerability":"VCID-aqfc-f15d-t7au"},{"vulnerability":"VCID-bt14-866q-hyb3"},{"vulnerability":"VCID-chgg-x8v7-fqdh"},{"vulnerability":"VCID-eqz9-e9m3-5uez"},{"vulnerability":"VCID-gw7f-usg9-pqf6"},{"vulnerability":"VCID-hx49-mkrg-9fd9"},{"vulnerability":"VCID-wtdh-z9fk-akh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.11.1"}],"aliases":["CVE-2025-62426","GHSA-69j4-grxj-j64p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xq4r-415c-s3d5"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.6.1.post2"}