Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-55574 |
|
Vulnerability in vllm (CVE-2026-55574)
vulnerability in vllm (CVE-2026-55574). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55514 |
|
Vulnerability in vllm (CVE-2026-55514)
vulnerability in vllm (CVE-2026-55514). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54234 |
|
Vulnerability in dos (CVE-2026-54234)
vulnerability in dos (CVE-2026-54234). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55646 |
|
Vulnerability in vllm (CVE-2026-55646)
vulnerability in vllm (CVE-2026-55646). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54232 |
|
Vulnerability in vllm (CVE-2026-54232)
vulnerability in vllm (CVE-2026-54232). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.22.1` or later.
|
| CVE-2025-71379 |
|
Vulnerability in dos (CVE-2025-71379)
vulnerability in dos (CVE-2025-71379). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56340 |
|
Vulnerability in dos (CVE-2026-56340)
vulnerability in dos (CVE-2026-56340). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54233 |
|
Vulnerability in vllm (CVE-2026-54233)
vulnerability in vllm (CVE-2026-54233). Risk of unauthorized operations or information disclosure. Exploitable via ``SpeechToTextProcessor``.
|
| CVE-2026-54236 |
|
Vulnerability in vllm (CVE-2026-54236)
vulnerability in vllm (CVE-2026-54236). Risk of unauthorized operations or information disclosure. Exploitable via `POST /v1/messages`.
|
| CVE-2026-53923 |
|
Information Disclosure in vllm (CVE-2026-53923)
vulnerability in vllm (CVE-2026-53923). Confidential information can be exposed externally. Exploitable via ``to_cuda_ggml_t``.
|
| CVE-2026-54235 |
|
Vulnerability in vllm (CVE-2026-54235)
vulnerability in vllm (CVE-2026-54235). Risk of unauthorized operations or information disclosure. Exploitable via ``False``.
|
| CVE-2026-48746 |
|
Vulnerability in vllm (CVE-2026-48746)
vulnerability in vllm (CVE-2026-48746). Confidential information can be exposed externally. Exploitable via ``AuthenticationMiddleware``. Mitigation: upgrade to `0.22.0` or later.
|
| CVE-2026-41523 |
|
Code Injection in vllm (CVE-2026-41523)
code injection in vllm (CVE-2026-41523). Successful exploitation can lead to full system takeover. Exploitable via ``assert``. Mitigation: upgrade to `0.22.0` or later.
|
| CVE-2026-5497 |
|
vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS)...
vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS)...
|
| CVE-2026-47155 |
|
Vulnerability in vllm (CVE-2026-47155)
vulnerability in vllm (CVE-2026-47155). Data can be tampered with by attackers. Exploitable via ``main``. Mitigation: upgrade to `0.22.0` or later.
|
| CVE-2026-44222 |
|
Vulnerability in vllm (CVE-2026-44222)
vulnerability in vllm (CVE-2026-44222). Risk of unauthorized operations or information disclosure. Exploitable via ``image_grid_thw``. Mitigation: upgrade to `0.20.0` or later.
|
| CVE-2026-44223 |
|
Vulnerability in vllm (CVE-2026-44223)
vulnerability in vllm (CVE-2026-44223). Risk of unauthorized operations or information disclosure. Exploitable via ``extract_hidden_states``. Mitigation: upgrade to `0.20.0` or later.
|
| CVE-2026-34756 |
|
Vulnerability in dos (CVE-2026-34756)
vulnerability in dos (CVE-2026-34756). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.19.0` or later.
|
| CVE-2026-34755 |
|
Vulnerability in vllm (CVE-2026-34755)
vulnerability in vllm (CVE-2026-34755). Risk of unauthorized operations or information disclosure. Exploitable via `POST /v1/chat/completions`. Mitigation: upgrade to `0.19.0` or later.
|
| CVE-2026-34760 |
|
Vulnerability in vllm (CVE-2026-34760)
vulnerability in vllm (CVE-2026-34760). Data can be tampered with by attackers.
|
| CVE-2026-27893 |
|
Vulnerability in vllm (CVE-2026-27893)
vulnerability in vllm (CVE-2026-27893). Successful exploitation can lead to full system takeover.
|
| CVE-2026-25960 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-25960)
SSRF in ssrf (CVE-2026-25960). Confidential information can be exposed externally.
|
| CVE-2026-22778 |
|
Vulnerability in vllm (CVE-2026-22778)
vulnerability in vllm (CVE-2026-22778). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.14.1` or later.
|
| CVE-2026-24779 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-24779)
SSRF in ssrf (CVE-2026-24779). Confidential information can be exposed externally. Exploitable via ``MediaConnector``.
|
| CVE-2026-22807 |
|
Code Injection in vllm (CVE-2026-22807)
code injection in vllm (CVE-2026-22807). Successful exploitation can lead to full system takeover. Exploitable via ``auto_map``.
|