Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

vllm-project — Vulnerabilities & Security Advisories 33

Browse all 33 CVE security advisories affecting vllm-project. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by vllm-project:vllmvllm-project/vllm
CVE IDTitleCVSSSeverityPublished
CVE-2026-34756 vLLM Affected by Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server — vllmCWE-770 6.5 Medium2026-04-06
CVE-2026-34755 vLLM Affected by Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing — vllmCWE-770 6.5 Medium2026-04-06
CVE-2026-34753 vLLM affected by Server-Side Request Forgery (SSRF) in `download_bytes_from_url ` — vllmCWE-918 5.4 Medium2026-04-06
CVE-2026-34760 vLLM: Downmix Implementation Differences as Attack Vectors Against Audio AI Models — vllmCWE-20 5.9 Medium2026-04-02
CVE-2026-27893 vLLM's hardcoded trust_remote_code=True in NemotronVL and KimiK25 bypasses user security opt-out — vllmCWE-693 8.8 High2026-03-26
CVE-2026-25960 SSRF Protection Bypass in vLLM — vllmCWE-918 7.1 High2026-03-09
CVE-2026-22778 vLLM leaks a heap address when PIL throws an error — vllmCWE-532 9.8 Critical2026-02-02
CVE-2026-24779 vLLM vulnerable to Server-Side Request Forgery (SSRF) in `MediaConnector` — vllmCWE-918 7.1 High2026-01-27
CVE-2026-22807 vLLM affected by RCE via auto_map dynamic module loading during model initialization — vllmCWE-94 8.8 High2026-01-21
CVE-2026-22773 vLLM is vulnerable to DoS in Idefics3 vision models via image payload with ambiguous dimensions — vllmCWE-770 6.5 Medium2026-01-10
CVE-2025-66448 vLLM vulnerable to remote code execution via transformers_utils/get_config — vllmCWE-94 7.1 High2025-12-01
CVE-2025-62372 vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs — vllmCWE-129 7.5 -2025-11-21
CVE-2025-62426 vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs` — vllmCWE-770 6.5 Medium2025-11-21
CVE-2025-62164 VLLM deserialization vulnerability leading to DoS and potential RCE — vllmCWE-20 8.8 High2025-11-21
CVE-2025-59425 vLLM vulnerable to timing attack at bearer auth — vllmCWE-385 7.5 High2025-10-07
CVE-2025-48956 vLLM API endpoints vulnerable to Denial of Service Attacks — vllmCWE-400 7.5 High2025-08-21
CVE-2025-48944 vLLM Tool Schema allows DoS via Malformed pattern and type Fields — vllmCWE-20 6.5 Medium2025-05-30
CVE-2025-48943 vLLM allows clients to crash the openai server with invalid regex — vllmCWE-248 6.5 Medium2025-05-30
CVE-2025-48942 vLLM DOS: Remotely kill vllm over http with invalid JSON schema — vllmCWE-248 6.5 Medium2025-05-30
CVE-2025-48887 vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pythonic_tool_parser.py` — vllmCWE-1333 6.5 Medium2025-05-30
CVE-2025-46722 vLLM has a Weakness in MultiModalHasher Image Hashing Implementation — vllmCWE-1288 4.2 Medium2025-05-29
CVE-2025-46570 vLLM’s Chunk-Based Prefix Caching Vulnerable to Potential Timing Side-Channel — vllmCWE-208 2.6 Low2025-05-29
CVE-2025-47277 vLLM Allows Remote Code Execution via PyNcclPipe Communication Service — vllmCWE-502 9.8 Critical2025-05-20
CVE-2025-30165 Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration — vllmCWE-502 8.0 High2025-05-06
CVE-2025-32444 vLLM Vulnerable to Remote Code Execution via Mooncake Integration — vllmCWE-502 10.0 Critical2025-04-30
CVE-2025-46560 vLLM phi4mm: Quadratic Time Complexity in Input Token Processing​ leads to denial of service — vllmCWE-1333 6.5 Medium2025-04-30
CVE-2025-30202 Data exposure via ZeroMQ on multi-node vLLM deployment — vllmCWE-770 7.5 High2025-04-30
CVE-2024-11041 Remote Code Execution in vllm-project/vllm — vllm-project/vllmCWE-502 9.8 -2025-03-20
CVE-2024-9053 Remote Code Execution in vllm-project/vllm — vllm-project/vllmCWE-502 9.8 -2025-03-20
CVE-2025-29783 vLLM Allows Remote Code Execution via Mooncake Integration — vllmCWE-502 9.1 Critical2025-03-19

This page lists every published CVE security advisory associated with vllm-project. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.