CRITICAL 9.8 PyPI
GHSA-cj47-qj6g-x7r4 · CVE-2024-9053, PYSEC-2025-222 vLLM allows Remote Code Execution by Pickle Deserialization via AsyncEngineRPCServer() RPC server entrypoints
수정: 2026. 6. 8.
package
PyPI / vllm
pkg:pypi/vllm
CRITICAL 9.8 PyPI
GHSA-ggpf-24jw-3fcw CVE-2025-24357 Malicious model remote code execution fix bypass with PyTorch < 2.6.0
수정: 2026. 2. 4.
MEDIUM 6.5 PyPI
GHSA-grg2-63fw-f2qr · CVE-2026-22773, PYSEC-2026-143 vLLM is vulnerable to DoS in Idefics3 vision models via image payload with ambiguous dimensions
수정: 2026. 6. 8.
MEDIUM 6.5 PyPI
GHSA-hf3c-wxg2-49q9 vLLM vulnerable to Denial of Service by abusing xgrammar cache
수정: 2025. 4. 15.
CRITICAL 10.0 PyPI
GHSA-hj4w-hm2g-p6w5 · CVE-2025-32444, PYSEC-2025-42 vLLM Vulnerable to Remote Code Execution via Mooncake Integration
수정: 2026. 2. 4.
CRITICAL 9.8 PyPI
GHSA-hjq4-87xh-g4fv · CVE-2025-47277 vLLM Allows Remote Code Execution via PyNcclPipe Communication Service
수정: 2026. 2. 4.
MEDIUM 6.5 PyPI
GHSA-hpv8-x276-m59f · CVE-2026-44222 vLLM Vulnerable to Remote DoS via Special-Token Placeholders
수정: 2026. 6. 1.
MEDIUM 4.3 PyPI
GHSA-j828-28rj-hfhp vLLM vulnerable to Regular Expression Denial of Service
수정: 2026. 2. 4.
HIGH 8.8 PyPI
GHSA-mcmc-2m55-j8jj vLLM introduced enhanced protection for CVE-2025-62164
수정: 2026. 2. 3.
MEDIUM 6.5 PyPI
GHSA-mgrm-fgjv-mhv8 · CVE-2025-29770, PYSEC-2025-223 vLLM denial of service via outlines unbounded cache on disk
수정: 2026. 6. 8.
HIGH 8.8 PyPI
GHSA-mrw7-hf4f-83pf · CVE-2025-62164 vLLM deserialization vulnerability leading to DoS and potential RCE
수정: 2026. 2. 4.
MEDIUM 5.4 PyPI
GHSA-pf3h-qjgv-vcpr · CVE-2026-34753 vLLM: Server-Side Request Forgery (SSRF) in `download_bytes_from_url `
수정: 2026. 4. 10.
CRITICAL 9.8 PyPI
GHSA-pgr7-mhp5-fgjp · CVE-2024-9052 vLLM deserialization vulnerability in vllm.distributed.GroupCoordinator.recv_object
수정: 2026. 2. 4.
MEDIUM 6.5 PyPI
GHSA-pmqf-x6x8-p7qw · CVE-2025-62372 vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs
수정: 2026. 2. 4.
MEDIUM 6.5 PyPI
GHSA-pq5c-rjhq-qp7p · CVE-2026-34755, PYSEC-2026-144 vLLM: Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing
수정: 2026. 6. 8.
HIGH 7.1 PyPI
GHSA-qh4c-xf7m-gxfc · CVE-2026-24779 vLLM vulnerable to Server-Side Request Forgery (SSRF) through MediaConnector
수정: 2026. 3. 27.
HIGH 7.5 PyPI
GHSA-rh4j-5rhw-hr54 · CVE-2025-24357, PYSEC-2025-58 vllm: Malicious model to RCE by torch.load in hf_model_weights_iterator
수정: 2026. 2. 4.
LOW 2.6 PyPI
GHSA-rm76-4mrf-v9r8 · CVE-2025-25183, PYSEC-2025-62 vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache
수정: 2026. 2. 4.
HIGH 7.5 PyPI
GHSA-rxc4-3w6r-4v47 · CVE-2025-48956 vllm API endpoints vulnerable to Denial of Service Attacks
수정: 2026. 2. 4.
MEDIUM 5.4 PyPI
GHSA-v359-jj2v-j536 · CVE-2026-25960 vLLM has SSRF Protection Bypass
수정: 2026. 3. 16.
MEDIUM 6.5 PyPI
GHSA-vc6m-hm49-g9qg · CVE-2025-46560 phi4mm: Quadratic Time Complexity in Input Token Processing leads to denial of service
수정: 2026. 2. 4.
MEDIUM 6.5 PyPI
GHSA-vrq3-r879-7m65 · CVE-2025-48944 vLLM Tool Schema allows DoS via Malformed pattern and type Fields
수정: 2026. 2. 4.
HIGH 7.5 PyPI
GHSA-w2r7-9579-27hf · CVE-2024-8768 vLLM denial of service vulnerability
수정: 2026. 2. 4.
MEDIUM 6.5 PyPI
GHSA-w6q7-j642-7c25 · CVE-2025-48887, PYSEC-2025-50 vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pythonic_tool_parser.py`
수정: 2026. 2. 4.
MEDIUM 6.2 PyPI
GHSA-wc36-9694-f9rf · CVE-2024-8939 vLLM Denial of Service via the best_of parameter
수정: 2026. 2. 4.
HIGH 7.5 PyPI
GHSA-wr9h-g72x-mwhm · CVE-2025-59425 vLLM is vulnerable to timing attack at bearer auth
수정: 2026. 2. 4.
MEDIUM 5.6 PyPI
GHSA-x368-4g9h-fvv4 · CVE-2026-7141 vLLM makes Use of Uninitialized Resource
수정: 2026. 6. 1.
CRITICAL 9.0 PyPI
GHSA-x3m8-f7g5-qhm7 · CVE-2025-29783, PYSEC-2025-63 vLLM Allows Remote Code Execution via Mooncake Integration
수정: 2026. 2. 4.
HIGH 8.8 PyPI
GHSA-2pc9-4j83-qjmr · CVE-2026-22807 vLLM affected by RCE via auto_map dynamic module loading during model initialization
수정: 2026. 2. 4.
HIGH 7.1 PyPI
GHSA-3f6c-7fw2-ppm4 · CVE-2025-6242 vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class
수정: 2026. 2. 4.
MEDIUM 6.5 PyPI
GHSA-3mwp-wvh9-7528 · CVE-2026-34756 vLLM: Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server
수정: 2026. 4. 10.
LOW 2.6 PyPI
GHSA-4qjh-9fv9-r85r · CVE-2025-46570, PYSEC-2025-53 Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching
수정: 2026. 2. 4.
CRITICAL 9.8 PyPI
GHSA-4r2x-xpjr-7cvv · CVE-2026-22778 vLLM has RCE In Video Processing
수정: 2026. 3. 27.
CRITICAL 9.8 PyPI
GHSA-5vqr-wprc-cpp7 · CVE-2024-11041 vLLM Deserialization of Untrusted Data vulnerability
수정: 2026. 2. 4.
MEDIUM 6.5 PyPI
GHSA-69j4-grxj-j64p · CVE-2025-62426 vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`
수정: 2026. 2. 4.
MEDIUM 6.5 PyPI
GHSA-6fvq-23cw-5628 · CVE-2025-61620 vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server
수정: 2026. 2. 4.
MEDIUM 6.5 PyPI
GHSA-6qc9-v4r8-22xg · CVE-2025-48942, PYSEC-2025-54 vLLM DOS: Remotely kill vllm over http with invalid JSON schema
수정: 2026. 2. 4.
HIGH 8.8 PyPI
GHSA-7972-pg2x-xr59 · CVE-2026-27893 vLLM has Hardcoded Trust Override in Model Files Enables RCE Despite Explicit User Opt-Out
수정: 2026. 3. 30.
HIGH 8.8 PyPI
GHSA-79j6-g2m3-jgfw · CVE-2025-9141 vLLM has remote code execution vulnerability in the tool call parser for Qwen3-Coder
수정: 2026. 2. 4.
MEDIUM 6.5 PyPI
GHSA-83vm-p52w-f9pw · CVE-2026-44223, PYSEC-2026-145 vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty parameters
수정: 2026. 6. 8.
HIGH 7.1 PyPI
GHSA-8fr4-5q9j-m8gm · CVE-2025-66448 vLLM vulnerable to remote code execution via transformers_utils/get_config
수정: 2025. 12. 2.
HIGH 7.5 PyPI
GHSA-9f8f-2vmf-885j · CVE-2025-30202 Data exposure via ZeroMQ on multi-node vLLM deployment
수정: 2026. 2. 4.
MEDIUM 6.5 PyPI
GHSA-9hcf-v7m4-6m2j · CVE-2025-48943, PYSEC-2025-55 vLLM allows clients to crash the openai server with invalid regex
수정: 2026. 2. 4.
HIGH 8.0 PyPI
GHSA-9pcc-gvx5-r5wm · CVE-2025-30165 Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration
수정: 2026. 2. 4.
MEDIUM 4.2 PyPI
GHSA-c65p-x677-fgj6 · CVE-2025-46722, PYSEC-2025-43 vLLM has a Weakness in MultiModalHasher Image Hashing Implementation
수정: 2026. 2. 4.
CRITICAL 9.8 PyPI
PYSEC-2025-222 · CVE-2024-9053, GHSA-cj47-qj6g-x7r4 수정: 2026. 5. 21.
MEDIUM 6.5 PyPI
PYSEC-2025-223 · CVE-2025-29770, GHSA-mgrm-fgjv-mhv8 수정: 2026. 5. 20.
CRITICAL 9.8 PyPI
PYSEC-2025-42 · CVE-2025-32444, GHSA-hj4w-hm2g-p6w5 수정: 2026. 2. 4.
— PyPI
PYSEC-2025-43 · CVE-2025-46722, GHSA-c65p-x677-fgj6 수정: 2025. 5. 29.
— PyPI
PYSEC-2025-50 · CVE-2025-48887, GHSA-w6q7-j642-7c25 수정: 2026. 2. 5.
— PyPI
PYSEC-2025-53 · CVE-2025-46570, GHSA-4qjh-9fv9-r85r 수정: 2025. 6. 26.
— PyPI
PYSEC-2025-54 · CVE-2025-48942, GHSA-6qc9-v4r8-22xg 수정: 2025. 6. 26.
— PyPI
PYSEC-2025-55 · CVE-2025-48943, GHSA-9hcf-v7m4-6m2j 수정: 2025. 6. 26.
HIGH 8.8 PyPI
PYSEC-2025-58 · CVE-2025-24357, GHSA-rh4j-5rhw-hr54 수정: 2025. 6. 27.
— PyPI
PYSEC-2025-62 · CVE-2025-25183, GHSA-rm76-4mrf-v9r8 수정: 2025. 7. 1.
— PyPI
PYSEC-2025-63 · CVE-2025-29783, GHSA-x3m8-f7g5-qhm7 수정: 2025. 7. 1.
HIGH 7.5 PyPI
PYSEC-2026-143 · CVE-2026-22773, GHSA-grg2-63fw-f2qr 수정: 2026. 5. 20.
MEDIUM 6.5 PyPI
PYSEC-2026-144 · CVE-2026-34755, GHSA-pq5c-rjhq-qp7p 수정: 2026. 5. 20.
MEDIUM 6.5 PyPI
PYSEC-2026-145 · CVE-2026-44223, GHSA-83vm-p52w-f9pw 수정: 2026. 5. 20.