vllm

Top products

The 15 most recently published vulnerabilities affecting vllm.

• CVE-2026-47155vLLM: Artifact Pin Decay in vLLM allows pinned deployments to load unpinned code, weights, and processors6.5Jun 22, 2026
• CVE-2026-41523vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution7.5Jun 22, 2026
• CVE-2026-54232vLLM: Dependency Confusion Vulnerability in vLLM Dockerfile8.8Jun 22, 2026
• CVE-2026-54233vLLM: OOM Denial of Service via Audio Decompression Bomb6.5Jun 22, 2026
• CVE-2026-54236vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router5.3Jun 22, 2026
• CVE-2026-54235vLLM: temperature=NaN and temperature=Infinity bypass validation and propagate to GPU kernels6.5Jun 22, 2026
• CVE-2026-48746vLLM: OpenAI auth bypass9.1Jun 22, 2026
• CVE-2026-53923vLLM GGUF Kernels: int64_t to int truncation of tensor dimensions causes GPU buffer overflow7.5Jun 22, 2026
• CVE-2026-56340vLLM - Denial of Service via Unvalidated Multimodal Embeddings8.8Jun 20, 2026
• CVE-2025-71379vllm - Regular Expression Denial of Service in Multiple Components4.3Jun 20, 2026
• CVE-2026-5497Unbounded Frame Count in video/jpeg Base64 Data URL Processing Leads to OOM DoS in vllm-project/vllm7.5Jun 11, 2026
• CVE-2026-44223vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty parameters6.5May 12, 2026
• CVE-2026-44222vLLM: Remote DoS via Special-Token Placeholders6.5May 12, 2026
• CVE-2026-7141vllm KV Block kv_cache_interface.py has_mamba_layers uninitialized resource5.6Apr 27, 2026
• CVE-2026-34756vLLM Affected by Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server6.5Apr 6, 2026