Vllm

This hub aggregates every CVE we track for Vllm, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Vllm.

• CVE-2026-47155vLLM: Artifact Pin Decay in vLLM allows pinned deployments to load unpinned code, weights, and processors6.5Jun 22, 2026
• CVE-2026-41523vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution7.5Jun 22, 2026
• CVE-2026-54232vLLM: Dependency Confusion Vulnerability in vLLM Dockerfile8.8Jun 22, 2026
• CVE-2026-54233vLLM: OOM Denial of Service via Audio Decompression Bomb6.5Jun 22, 2026
• CVE-2026-54236vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router5.3Jun 22, 2026
• CVE-2026-48746vLLM: OpenAI auth bypass9.1Jun 22, 2026
• CVE-2026-56340vLLM - Denial of Service via Unvalidated Multimodal Embeddings8.8Jun 20, 2026
• CVE-2025-71379vllm - Regular Expression Denial of Service in Multiple Components4.3Jun 20, 2026
• CVE-2026-5497Unbounded Frame Count in video/jpeg Base64 Data URL Processing Leads to OOM DoS in vllm-project/vllm7.5Jun 11, 2026
• CVE-2026-9540vllm-project vllm OpenAI-compatible Serving Path denial of service5.3May 26, 2026
• CVE-2026-44223vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty parameters6.5May 12, 2026
• CVE-2026-44222vLLM: Remote DoS via Special-Token Placeholders6.5May 12, 2026
• CVE-2026-7141vllm KV Block kv_cache_interface.py has_mamba_layers uninitialized resource5.6Apr 27, 2026
• CVE-2026-34756vLLM Affected by Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server6.5Apr 6, 2026
• CVE-2026-34755vLLM Affected by Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing6.5Apr 6, 2026