vllm-project
AI / MLoss-project
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting vllm-project.
- CVE-2026-47155vLLM: Artifact Pin Decay in vLLM allows pinned deployments to load unpinned code, weights, and processors6.5
- CVE-2026-41523vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution7.5
- CVE-2026-54232vLLM: Dependency Confusion Vulnerability in vLLM Dockerfile8.8
- CVE-2026-54233vLLM: OOM Denial of Service via Audio Decompression Bomb6.5
- CVE-2026-54236vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router5.3
- CVE-2026-48746vLLM: OpenAI auth bypass9.1
- CVE-2026-5497Unbounded Frame Count in video/jpeg Base64 Data URL Processing Leads to OOM DoS in vllm-project/vllm7.5
- CVE-2026-4944Hardcoded trust_remote_code=True in vllm-project/vllm Bypasses User Security Control8.8
- CVE-2026-9540vllm-project vllm OpenAI-compatible Serving Path denial of service5.3
- CVE-2026-44223vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty parameters6.5
- CVE-2026-44222vLLM: Remote DoS via Special-Token Placeholders6.5
- CVE-2026-34756vLLM Affected by Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server6.5
- CVE-2026-34755vLLM Affected by Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing6.5
- CVE-2026-34753vLLM affected by Server-Side Request Forgery (SSRF) in `download_bytes_from_url `5.4
- CVE-2026-34760vLLM: Downmix Implementation Differences as Attack Vectors Against Audio AI Models5.9