vllm vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2025-62164Highvllm: vLLM deserialization vulnerability leading to DoS and potential RCECVE-2025-6242Highvllm: vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` classCVE-2025-61620Mediumvllm: vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible ServerCVE-2025-59425Highvllm: vLLM is vulnerable to timing attack at bearer authCVE-2025-9141Highvllm: vLLM has remote code execution vulnerability in the tool call parser for Qwen3-CoderCVE-2025-48956Highvllm: vllm API endpoints vulnerable to Denial of Service AttacksCVE-2025-48944Mediumvllm: vLLM Tool Schema allows DoS via Malformed pattern and type FieldsCVE-2025-48943Mediumvllm: vLLM allows clients to crash the openai server with invalid regexCVE-2025-48942Mediumvllm: vLLM DOS: Remotely kill vllm over http with invalid JSON schemaCVE-2025-46722Mediumvllm: vLLM has a Weakness in MultiModalHasher Image Hashing ImplementationCVE-2025-46570Lowvllm: Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix CachingGHSA-J828-28RJ-HFHPMediumvllm: vLLM vulnerable to Regular Expression Denial of ServiceCVE-2025-48887Mediumvllm: vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in…CVE-2025-47277Criticalvllm: vLLM Allows Remote Code Execution via PyNcclPipe Communication ServiceCVE-2025-30165Highvllm: Remote Code Execution Vulnerability in vLLM Multi-Node Cluster ConfigurationCVE-2025-46560Mediumvllm: phi4mm: Quadratic Time Complexity in Input Token Processing​ leads to denial of serviceCVE-2025-32444Criticalvllm: vLLM Vulnerable to Remote Code Execution via Mooncake IntegrationCVE-2025-30202Highvllm: Data exposure via ZeroMQ on multi-node vLLM deploymentGHSA-GGPF-24JW-3FCWCriticalvllm: CVE-2025-24357 Malicious model remote code execution fix bypass with PyTorch < 2.6.0GHSA-HF3C-WXG2-49Q9Mediumvllm: vLLM vulnerable to Denial of Service by abusing xgrammar cacheCVE-2024-9053Criticalvllm: vLLM allows Remote Code Execution by Pickle Deserialization via AsyncEngineRPCServer() RPC server…CVE-2024-9052Criticalvllm: vLLM deserialization vulnerability in vllm.distributed.GroupCoordinator.recv_objectCVE-2024-11041Criticalvllm: vLLM Deserialization of Untrusted Data vulnerabilityCVE-2025-29783Criticalvllm: vLLM Allows Remote Code Execution via Mooncake IntegrationCVE-2025-29770Mediumvllm: vLLM denial of service via outlines unbounded cache on disk

Stop the waste.
Protect your environment with Kodem.