| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-34756 | vLLM Affected by Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server | vllm-project | vllm | Medium | 6.5 | 2026-04-06 15:40:03 | Deep Dive |
| CVE-2026-34755 | vLLM Affected by Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing | vllm-project | vllm | Medium | 6.5 | 2026-04-06 15:38:53 | Deep Dive |
| CVE-2026-34753 | vLLM affected by Server-Side Request Forgery (SSRF) in `download_bytes_from_url ` | vllm-project | vllm | Medium | 5.4 | 2026-04-06 15:36:53 | Deep Dive |
| CVE-2026-34760 | vLLM: Downmix Implementation Differences as Attack Vectors Against Audio AI Models | vllm-project | vllm | Medium | 5.9 | 2026-04-02 18:59:50 | Deep Dive |
| CVE-2026-27893 | vLLM's hardcoded trust_remote_code=True in NemotronVL and KimiK25 bypasses user security opt-out | vllm-project | vllm | High | 8.8 | 2026-03-26 23:56:54 | Deep Dive |
| CVE-2026-25960 | SSRF Protection Bypass in vLLM | vllm-project | vllm | High | 7.1 | 2026-03-09 21:01:02 | Deep Dive |
| CVE-2026-22778 | vLLM leaks a heap address when PIL throws an error | vllm-project | vllm | Critical | 9.8 | 2026-02-02 21:09:53 | Deep Dive |
| CVE-2026-24779 | vLLM vulnerable to Server-Side Request Forgery (SSRF) in `MediaConnector` | vllm-project | vllm | High | 7.1 | 2026-01-27 22:01:14 | Deep Dive |
| CVE-2026-22807 | vLLM affected by RCE via auto_map dynamic module loading during model initialization | vllm-project | vllm | High | 8.8 | 2026-01-21 21:13:12 | Deep Dive |
| CVE-2026-22773 | vLLM is vulnerable to DoS in Idefics3 vision models via image payload with ambiguous dimensions | vllm-project | vllm | Medium | 6.5 | 2026-01-10 06:39:02 | Deep Dive |
| CVE-2025-66448 | vLLM vulnerable to remote code execution via transformers_utils/get_config | vllm-project | vllm | High | 7.1 | 2025-12-01 22:45:43 | Deep Dive |
| CVE-2025-62372 | vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs | vllm-project | vllm | 中危 | - | 2025-11-21 01:22:37 | Deep Dive |
| CVE-2025-62426 | vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs` | vllm-project | vllm | Medium | 6.5 | 2025-11-21 01:21:30 | Deep Dive |
| CVE-2025-62164 | VLLM deserialization vulnerability leading to DoS and potential RCE | vllm-project | vllm | High | 8.8 | 2025-11-21 01:18:39 | Deep Dive |
| CVE-2025-59425 | vLLM vulnerable to timing attack at bearer auth | vllm-project | vllm | High | 7.5 | 2025-10-07 14:06:49 | Deep Dive |
| CVE-2025-48956 | vLLM API endpoints vulnerable to Denial of Service Attacks | vllm-project | vllm | High | 7.5 | 2025-08-21 14:41:04 | Deep Dive |
| CVE-2025-48944 | vLLM Tool Schema allows DoS via Malformed pattern and type Fields | vllm-project | vllm | Medium | 6.5 | 2025-05-30 18:38:46 | Deep Dive |
| CVE-2025-48943 | vLLM allows clients to crash the openai server with invalid regex | vllm-project | vllm | Medium | 6.5 | 2025-05-30 18:36:02 | Deep Dive |
| CVE-2025-48942 | vLLM DOS: Remotely kill vllm over http with invalid JSON schema | vllm-project | vllm | Medium | 6.5 | 2025-05-30 18:33:40 | Deep Dive |
| CVE-2025-48887 | vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pythonic_tool_parser.py` | vllm-project | vllm | Medium | 6.5 | 2025-05-30 17:36:17 | Deep Dive |