Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: vllm Clear
ID Title
CVE-2026-55574 Vulnerability in vllm (CVE-2026-55574)
vulnerability in vllm (CVE-2026-55574). Risk of unauthorized operations or information disclosure.
CVE-2026-55514 Vulnerability in vllm (CVE-2026-55514)
vulnerability in vllm (CVE-2026-55514). Risk of unauthorized operations or information disclosure.
CVE-2026-54234 Vulnerability in dos (CVE-2026-54234)
vulnerability in dos (CVE-2026-54234). Risk of unauthorized operations or information disclosure.
CVE-2026-55646 Vulnerability in vllm (CVE-2026-55646)
vulnerability in vllm (CVE-2026-55646). Risk of unauthorized operations or information disclosure.
CVE-2026-54232 Vulnerability in vllm (CVE-2026-54232)
vulnerability in vllm (CVE-2026-54232). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.22.1` or later.
CVE-2025-71379 Vulnerability in dos (CVE-2025-71379)
vulnerability in dos (CVE-2025-71379). Risk of unauthorized operations or information disclosure.
CVE-2026-56340 Vulnerability in dos (CVE-2026-56340)
vulnerability in dos (CVE-2026-56340). Successful exploitation can lead to full system takeover.
CVE-2026-54233 Vulnerability in vllm (CVE-2026-54233)
vulnerability in vllm (CVE-2026-54233). Risk of unauthorized operations or information disclosure. Exploitable via ``SpeechToTextProcessor``.
CVE-2026-54236 Vulnerability in vllm (CVE-2026-54236)
vulnerability in vllm (CVE-2026-54236). Risk of unauthorized operations or information disclosure. Exploitable via `POST /v1/messages`.
CVE-2026-53923 Information Disclosure in vllm (CVE-2026-53923)
vulnerability in vllm (CVE-2026-53923). Confidential information can be exposed externally. Exploitable via ``to_cuda_ggml_t``.
CVE-2026-54235 Vulnerability in vllm (CVE-2026-54235)
vulnerability in vllm (CVE-2026-54235). Risk of unauthorized operations or information disclosure. Exploitable via ``False``.
CVE-2026-48746 Vulnerability in vllm (CVE-2026-48746)
vulnerability in vllm (CVE-2026-48746). Confidential information can be exposed externally. Exploitable via ``AuthenticationMiddleware``. Mitigation: upgrade to `0.22.0` or later.
CVE-2026-41523 Code Injection in vllm (CVE-2026-41523)
code injection in vllm (CVE-2026-41523). Successful exploitation can lead to full system takeover. Exploitable via ``assert``. Mitigation: upgrade to `0.22.0` or later.
CVE-2026-5497 vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS)...
vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS)...
CVE-2026-47155 Vulnerability in vllm (CVE-2026-47155)
vulnerability in vllm (CVE-2026-47155). Data can be tampered with by attackers. Exploitable via ``main``. Mitigation: upgrade to `0.22.0` or later.
CVE-2026-44222 Vulnerability in vllm (CVE-2026-44222)
vulnerability in vllm (CVE-2026-44222). Risk of unauthorized operations or information disclosure. Exploitable via ``image_grid_thw``. Mitigation: upgrade to `0.20.0` or later.
CVE-2026-44223 Vulnerability in vllm (CVE-2026-44223)
vulnerability in vllm (CVE-2026-44223). Risk of unauthorized operations or information disclosure. Exploitable via ``extract_hidden_states``. Mitigation: upgrade to `0.20.0` or later.
CVE-2026-34756 Vulnerability in dos (CVE-2026-34756)
vulnerability in dos (CVE-2026-34756). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.19.0` or later.
CVE-2026-34755 Vulnerability in vllm (CVE-2026-34755)
vulnerability in vllm (CVE-2026-34755). Risk of unauthorized operations or information disclosure. Exploitable via `POST /v1/chat/completions`. Mitigation: upgrade to `0.19.0` or later.
CVE-2026-34760 Vulnerability in vllm (CVE-2026-34760)
vulnerability in vllm (CVE-2026-34760). Data can be tampered with by attackers.
CVE-2026-27893 Vulnerability in vllm (CVE-2026-27893)
vulnerability in vllm (CVE-2026-27893). Successful exploitation can lead to full system takeover.
CVE-2026-25960 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-25960)
SSRF in ssrf (CVE-2026-25960). Confidential information can be exposed externally.
CVE-2026-22778 Vulnerability in vllm (CVE-2026-22778)
vulnerability in vllm (CVE-2026-22778). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.14.1` or later.
CVE-2026-24779 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-24779)
SSRF in ssrf (CVE-2026-24779). Confidential information can be exposed externally. Exploitable via ``MediaConnector``.
CVE-2026-22807 Code Injection in vllm (CVE-2026-22807)
code injection in vllm (CVE-2026-22807). Successful exploitation can lead to full system takeover. Exploitable via ``auto_map``.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →