-
- Notifications
You must be signed in to change notification settings - Fork 10.6k
Security: vllm-project/vllm
Security Navigation
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
- Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pythonic_tool_parser.py`GHSA-w6q7-j642-7c25 published
May 28, 2025 by russellbModerate - phi4mm: Quadratic Time Complexity in Input Token Processing leads to denial of serviceGHSA-vc6m-hm49-g9qg published
Apr 29, 2025 by russellbModerate - Remote Code Execution via Mooncake IntegrationGHSA-hj4w-hm2g-p6w5 published
Apr 29, 2025 by russellbCritical - DOS: Remotely kill vllm over http with invalid JSON schemaGHSA-6qc9-v4r8-22xg published
May 28, 2025 by russellbModerate - Denial of Service via ZeroMQ on Multi-node vLLM DeploymentGHSA-9f8f-2vmf-885j published
Apr 29, 2025 by russellbHigh - Remote Code Execution Vulnerability in vLLM Multi-Node Cluster ConfigurationGHSA-9pcc-gvx5-r5wm published
May 6, 2025 by russellbHigh - Denial of Service by abusing xgrammar cacheGHSA-hf3c-wxg2-49q9 published
Apr 15, 2025 by russellbModerate - Denial of Service by abusing outlines unbounded cache on diskGHSA-mgrm-fgjv-mhv8 published
Mar 19, 2025 by russellbModerate - CVE-2025-24357 Malicious model remote code execution fix bypass with PyTorch < 2.6.0GHSA-ggpf-24jw-3fcw published
Apr 22, 2025 by russellbHigh - Remote Code Execution via Mooncake IntegrationGHSA-x3m8-f7g5-qhm7 published
Mar 19, 2025 by russellbCritical