{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37076?format=json","vulnerability_id":"VCID-qake-z4ec-wkdu","summary":"vLLM is an inference and serving engine for large language models (LLMs). In versions 0.8.0 up to but excluding 0.9.0, hitting the  /v1/completions API with a invalid json_schema as a Guided Param kills the vllm server. This vulnerability is similar GHSA-9hcf-v7m4-6m2j/CVE-2025-48943, but for regex instead of a JSON schema. Version 0.9.0 fixes the issue.","aliases":[{"alias":"CVE-2025-48942"},{"alias":"GHSA-6qc9-v4r8-22xg"},{"alias":"PYSEC-2025-54"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45283?format=json","purl":"pkg:pypi/vllm@0.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nctw-rz8h-f3af"},{"vulnerability":"VCID-za3a-c9m1-jqgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.9.0"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44634?format=json","purl":"pkg:pypi/vllm@0.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ec1-1h6d-tuaq"},{"vulnerability":"VCID-e8w2-9rwg-u7ba"},{"vulnerability":"VCID-fxgs-s1vm-8bez"},{"vulnerability":"VCID-nctw-rz8h-f3af"},{"vulnerability":"VCID-qake-z4ec-wkdu"},{"vulnerability":"VCID-svzy-7pke-2bdr"},{"vulnerability":"VCID-ugds-eqgw-fbbz"},{"vulnerability":"VCID-za3a-c9m1-jqgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/45029?format=json","purl":"pkg:pypi/vllm@0.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ec1-1h6d-tuaq"},{"vulnerability":"VCID-e8w2-9rwg-u7ba"},{"vulnerability":"VCID-fxgs-s1vm-8bez"},{"vulnerability":"VCID-nctw-rz8h-f3af"},{"vulnerability":"VCID-qake-z4ec-wkdu"},{"vulnerability":"VCID-svzy-7pke-2bdr"},{"vulnerability":"VCID-ugds-eqgw-fbbz"},{"vulnerability":"VCID-za3a-c9m1-jqgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/45030?format=json","purl":"pkg:pypi/vllm@0.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ec1-1h6d-tuaq"},{"vulnerability":"VCID-e8w2-9rwg-u7ba"},{"vulnerability":"VCID-fxgs-s1vm-8bez"},{"vulnerability":"VCID-nctw-rz8h-f3af"},{"vulnerability":"VCID-qake-z4ec-wkdu"},{"vulnerability":"VCID-svzy-7pke-2bdr"},{"vulnerability":"VCID-ugds-eqgw-fbbz"},{"vulnerability":"VCID-za3a-c9m1-jqgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.2"},{"url":"http://public2.vulnerablecode.io/api/packages/45031?format=json","purl":"pkg:pypi/vllm@0.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ec1-1h6d-tuaq"},{"vulnerability":"VCID-e8w2-9rwg-u7ba"},{"vulnerability":"VCID-fxgs-s1vm-8bez"},{"vulnerability":"VCID-nctw-rz8h-f3af"},{"vulnerability":"VCID-q8jt-32dy-w7cp"},{"vulnerability":"VCID-qake-z4ec-wkdu"},{"vulnerability":"VCID-svzy-7pke-2bdr"},{"vulnerability":"VCID-ugds-eqgw-fbbz"},{"vulnerability":"VCID-za3a-c9m1-jqgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.3"},{"url":"http://public2.vulnerablecode.io/api/packages/45032?format=json","purl":"pkg:pypi/vllm@0.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ec1-1h6d-tuaq"},{"vulnerability":"VCID-e8w2-9rwg-u7ba"},{"vulnerability":"VCID-fxgs-s1vm-8bez"},{"vulnerability":"VCID-nctw-rz8h-f3af"},{"vulnerability":"VCID-qake-z4ec-wkdu"},{"vulnerability":"VCID-svzy-7pke-2bdr"},{"vulnerability":"VCID-ugds-eqgw-fbbz"},{"vulnerability":"VCID-za3a-c9m1-jqgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/45033?format=json","purl":"pkg:pypi/vllm@0.8.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ec1-1h6d-tuaq"},{"vulnerability":"VCID-e8w2-9rwg-u7ba"},{"vulnerability":"VCID-nctw-rz8h-f3af"},{"vulnerability":"VCID-qake-z4ec-wkdu"},{"vulnerability":"VCID-svzy-7pke-2bdr"},{"vulnerability":"VCID-ugds-eqgw-fbbz"},{"vulnerability":"VCID-za3a-c9m1-jqgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.5"},{"url":"http://public2.vulnerablecode.io/api/packages/45282?format=json","purl":"pkg:pypi/vllm@0.8.5.post1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ec1-1h6d-tuaq"},{"vulnerability":"VCID-e8w2-9rwg-u7ba"},{"vulnerability":"VCID-nctw-rz8h-f3af"},{"vulnerability":"VCID-qake-z4ec-wkdu"},{"vulnerability":"VCID-svzy-7pke-2bdr"},{"vulnerability":"VCID-ugds-eqgw-fbbz"},{"vulnerability":"VCID-za3a-c9m1-jqgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/vllm@0.8.5.post1"}],"references":[{"reference_url":"https://github.com/vllm-project/vllm/commit/08bf7840780980c7568c573c70a6a8db94fd45ff","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/vllm-project/vllm/commit/08bf7840780980c7568c573c70a6a8db94fd45ff"},{"reference_url":"https://github.com/vllm-project/vllm/issues/17248","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/vllm-project/vllm/issues/17248"},{"reference_url":"https://github.com/vllm-project/vllm/pull/17623","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/vllm-project/vllm/pull/17623"},{"reference_url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-6qc9-v4r8-22xg","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-6qc9-v4r8-22xg"}],"weaknesses":[],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qake-z4ec-wkdu"}