CRITICAL10.0CVE-2025-32444vLLM Vulnerable to Remote Code Execution via Mooncake Integration from 0, < a5450f11c95847cf51a17207af9a3ca5ab569b2c | >= 0.6.5, < 0.8.5
CRITICAL10.0CVE-2025-32444vLLM Vulnerable to Remote Code Execution via Mooncake Integration >= 0.6.5, < 0.8.5
CRITICAL9.8vLLM has RCE In Video Processing
>= 0.8.3, < 0.14.1
CRITICAL9.8vLLM Allows Remote Code Execution via PyNcclPipe Communication Service
>= 0.6.5, < 0.8.5
CRITICAL9.8vLLM deserialization vulnerability in vllm.distributed.GroupCoordinator.recv_object
from 0, <= 0.8.1
CRITICAL9.8vLLM allows Remote Code Execution by Pickle Deserialization via AsyncEngineRPCServer() RPC server entrypoints
from 0, <= 0.6.0
CRITICAL9.8vLLM allows Remote Code Execution by Pickle Deserialization via AsyncEngineRPCServer() RPC server entrypoints
from 0, <= 0.6.0
CRITICAL9.8vLLM Deserialization of Untrusted Data vulnerability
from 0, <= 0.6.2
CRITICAL9.0vLLM Allows Remote Code Execution via Mooncake Integration
from 0, < 288ca110f68d23909728627d3100e5a8db820aa2 | >= 0.6.5, < 0.8.0
CRITICAL9.0vLLM Allows Remote Code Execution via Mooncake Integration
>= 0.6.5, < 0.8.0
HIGH8.8vLLM has Hardcoded Trust Override in Model Files Enables RCE Despite Explicit User Opt-Out
>= 0.10.1, < 0.18.0
HIGH8.8vLLM affected by RCE via auto_map dynamic module loading during model initialization
>= 0.10.1, < 0.14.0
HIGH8.8vLLM deserialization vulnerability leading to DoS and potential RCE
>= 0.10.2, < 0.11.1
HIGH8.8vLLM has remote code execution vulnerability in the tool call parser for Qwen3-Coder
>= 0.10.0, < 0.10.1.1
HIGH8.0Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration
>= 0.5.2, < 0.10.0
HIGH7.5vLLM is vulnerable to timing attack at bearer auth
from 0, < 0.11.0
HIGH7.5vllm API endpoints vulnerable to Denial of Service Attacks
>= 0.1.0, < 0.10.1.1
HIGH7.5Data exposure via ZeroMQ on multi-node vLLM deployment
>= 0.5.2, < 0.8.5
HIGH7.5vllm: Malicious model to RCE by torch.load in hf_model_weights_iterator
from 0, < 0.7.0
HIGH7.5vllm: Malicious model to RCE by torch.load in hf_model_weights_iterator
from 0, < d3d6bb13fb62da3234addf6574922a4ec0513d04 | from 0, < 0.7.0
HIGH7.5vLLM denial of service vulnerability
from 0, < 0.5.5
HIGH7.1vLLM vulnerable to Server-Side Request Forgery (SSRF) through MediaConnector
from 0, < 0.14.1
HIGH7.1vLLM vulnerable to remote code execution via transformers_utils/get_config
from 0, < 0.11.1
HIGH7.1vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class
>= 0.5.0, < 0.11.0
MEDIUM6.5vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors
from 0, < 0.22.0
MEDIUM6.5vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty parameters
>= 0.18.0, < 0.20.0
MEDIUM6.5vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty parameters
>= 0.18.0, < 0.20.0
MEDIUM6.5vLLM Vulnerable to Remote DoS via Special-Token Placeholders
>= 0.6.1, < 0.20.0
MEDIUM6.5vLLM: Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing
>= 0.7.0, < 0.19.0
MEDIUM6.5vLLM: Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing
>= 0.7.0, < 0.19.0
MEDIUM6.5vLLM: Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server
>= 0.1.0, < 0.19.0
MEDIUM6.5vLLM is vulnerable to DoS in Idefics3 vision models via image payload with ambiguous dimensions
>= 0.6.4, < 0.12.0
MEDIUM6.5vLLM is vulnerable to DoS in Idefics3 vision models via image payload with ambiguous dimensions
>= 0.6.4, < 0.12.0
MEDIUM6.5vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`
>= 0.5.5, < 0.11.1
MEDIUM6.5vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs
>= 0.5.5, < 0.11.1
MEDIUM6.5vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server
>= 0.5.1, < 0.11.0
MEDIUM6.5vLLM Tool Schema allows DoS via Malformed pattern and type Fields
>= 0.8.0, < 0.9.0
MEDIUM6.5vLLM allows clients to crash the openai server with invalid regex
>= 0.8.0, < 0.9.0
MEDIUM6.5vLLM allows clients to crash the openai server with invalid regex
from 0, < 08bf7840780980c7568c573c70a6a8db94fd45ff | >= 0.8.0, < 0.9.0
MEDIUM6.5vLLM DOS: Remotely kill vllm over http with invalid JSON schema
>= 0.8.0, < 0.9.0
MEDIUM6.5vLLM DOS: Remotely kill vllm over http with invalid JSON schema
from 0, < 08bf7840780980c7568c573c70a6a8db94fd45ff | >= 0.8.0, < 0.9.0
MEDIUM6.5vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pythonic_tool_parser.py`
from 0, < 4fc1bf813ad80172c1db31264beaef7d93fe0601 | >= 0.6.4, < 0.9.0
MEDIUM6.5vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pythonic_tool_parser.py`
>= 0.6.4, < 0.9.0
MEDIUM6.5phi4mm: Quadratic Time Complexity in Input Token Processing leads to denial of service
>= 0.8.0, < 0.8.5
MEDIUM6.5vLLM denial of service via outlines unbounded cache on disk
from 0, < 0.8.0
MEDIUM6.5vLLM denial of service via outlines unbounded cache on disk
from 0, < 0.8.0
MEDIUM6.2vLLM Denial of Service via the best_of parameter
from 0, <= 0.5.0.post1
MEDIUM5.6vLLM makes Use of Uninitialized Resource
from 0, < 0.19.1
MEDIUM5.4vLLM: Server-Side Request Forgery (SSRF) in `download_bytes_from_url `
>= 0.16.0, < 0.19.0
MEDIUM5.4vLLM has SSRF Protection Bypass
>= 0.15.1, < 0.17.0
MEDIUM4.2vLLM has a Weakness in MultiModalHasher Image Hashing Implementation
>= 0.7.0, < 0.9.0
MEDIUM4.2vLLM has a Weakness in MultiModalHasher Image Hashing Implementation
from 0, < 99404f53c72965b41558aceb1bc2380875f5d848 | from 0, < 0.9.0
LOW2.6Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching
from 0, < 0.9.0
LOW2.6Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching
from 0, < 77073c77bc2006eb80ea6d5128f076f5e6c6f54f | from 0, < 0.9.0
LOW2.6vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache
from 0, < 432117cd1f59c76d97da2eaff55a7d758301dbc7 | from 0, < 0.7.2
LOW2.6vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache
from 0, < 0.7.2