vllm vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-54233Mediumvllm: vLLM: OOM Denial of Service via Audio Decompression BombCVE-2026-54236Mediumvllm: vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic routerCVE-2026-53923Mediumvllm: vLLM: GGUF dequantize kernel int truncation exposes uninitialized GPU memory in multi-tenant servingCVE-2026-12491Mediumvllm: vLLM: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model…CVE-2026-54235Mediumvllm: vLLM: temperature=NaN and temperature=Infinity bypass validation and propagate to GPU kernelsCVE-2026-48746Criticalvllm: vLLM: OpenAI auth bypassCVE-2026-41523Highvllm: vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary…CVE-2026-47155Mediumvllm: vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processorsCVE-2026-9540Mediumvllm: vllm has Improper Resource Shutdown or Release CVE-2026-44223Mediumvllm: vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty…CVE-2026-44222Mediumvllm: vLLM Vulnerable to Remote DoS via Special-Token PlaceholdersCVE-2026-7141Lowvllm: vLLM makes Use of Uninitialized ResourceCVE-2026-34755Mediumvllm: vLLM: Denial of Service via Unbounded Frame Count in video/jpeg Base64 ProcessingCVE-2026-34753Mediumvllm: vLLM: Server-Side Request Forgery (SSRF) in `download_bytes_from_url `CVE-2026-34756Mediumvllm: vLLM: Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API ServerCVE-2026-27893Highvllm: vLLM has Hardcoded Trust Override in Model Files Enables RCE Despite Explicit User Opt-OutCVE-2026-25960Mediumvllm: vLLM has SSRF Protection BypassCVE-2026-22778Criticalvllm: vLLM has RCE In Video ProcessingCVE-2026-24779Highvllm: vLLM vulnerable to Server-Side Request Forgery (SSRF) through MediaConnectorCVE-2026-22807Highvllm: vLLM affected by RCE via auto_map dynamic module loading during model initializationCVE-2026-22773Mediumvllm: vLLM is vulnerable to DoS in Idefics3 vision models via image payload with ambiguous dimensionsGHSA-MCMC-2M55-J8JJHighvllm: vLLM introduced enhanced protection for CVE-2025-62164CVE-2025-66448Highvllm: vLLM vulnerable to remote code execution via transformers_utils/get_configCVE-2025-62426Mediumvllm: vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted…CVE-2025-62372Highvllm: vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs

Stop the waste.
Protect your environment with Kodem.