Vllm-project Vllm
34 CVEs affecting Vllm-project Vllm. Latest disclosed: 2026-05-26. Critical: 4, High: 11.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-32444 | Critical | 10.0 | 2025-04-30 | vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration… |
CVE-2026-22778 | Critical | 9.8 | 2026-02-02 | vLLM is an inference and serving engine for large language models (LLMs). From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpo… |
CVE-2025-47277 | Critical | 9.8 | 2025-05-20 | vLLM, an inference and serving engine for large language models (LLMs), has an issue in versions 0.6.5 through 0.8.4 that ONLY impacts environments using the `… |
CVE-2025-29783 | Critical | 9.1 | 2025-03-19 | vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. When vLLM is configured to use Mooncake, unsafe deserialization exposed d… |
CVE-2026-27893 | High | 8.8 | 2026-03-26 | vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.18.0, two model implementation file… |
CVE-2026-22807 | High | 8.8 | 2026-01-21 | vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face `auto… |
CVE-2025-62164 | High | 8.8 | 2025-11-21 | vLLM is an inference and serving engine for large language models (LLMs). From versions 0.10.2 to before 0.11.1, a memory corruption vulnerability could lead t… |
CVE-2025-30165 | High | 8.0 | 2025-05-06 | vLLM is an inference and serving engine for large language models. In a multi-node vLLM deployment using the V0 engine, vLLM uses ZeroMQ for some multi-node co… |
CVE-2025-59425 | High | 7.5 | 2025-10-07 | vLLM is an inference and serving engine for large language models (LLMs). Before version 0.11.0rc2, the API key support in vLLM performs validation using a met… |
CVE-2025-48956 | High | 7.5 | 2025-08-21 | vLLM is an inference and serving engine for large language models (LLMs). From 0.1.0 to before 0.10.1.1, a Denial of Service (DoS) vulnerability can be trigger… |
CVE-2025-30202 | High | 7.5 | 2025-04-30 | vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.5.2 and prior to 0.8.5 are vulnerable to denial… |
CVE-2025-24357 | High | 7.5 | 2025-01-27 | vLLM is a library for LLM inference and serving. vllm/model_executor/weight_utils.py implements hf_model_weights_iterator to load the model checkpoint, which i… |
CVE-2026-25960 | High | 7.1 | 2026-03-09 | vLLM is an inference and serving engine for large language models (LLMs). The SSRF protection fix for CVE-2026-24779 add in 0.15.1 can be bypassed in the load_… |
CVE-2026-24779 | High | 7.1 | 2026-01-27 | vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.14.1, a Server-Side Request Forgery (SSRF) vulnerability exists in… |
CVE-2025-66448 | High | 7.1 | 2025-12-01 | vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.11.1, vllm has a critical remote code execution vector in a config class n… |
CVE-2026-44223 | Medium | 6.5 | 2026-05-12 | vLLM is an inference and serving engine for large language models (LLMs). From to before 0.20.0, the extract_hidden_states speculative decoding proposer in vL… |
CVE-2026-44222 | Medium | 6.5 | 2026-05-12 | vLLM is an inference and serving engine for large language models (LLMs). From 0.6.1 to before 0.20.0, there is a a Token Injection vulnerability in vLLM’s mul… |
CVE-2026-34756 | Medium | 6.5 | 2026-04-06 | vLLM is an inference and serving engine for large language models (LLMs). From 0.1.0 to before 0.19.0, a Denial of Service vulnerability exists in the vLLM Ope… |
CVE-2026-34755 | Medium | 6.5 | 2026-04-06 | vLLM is an inference and serving engine for large language models (LLMs). From 0.7.0 to before 0.19.0, the VideoMediaIO.load_base64() method at vllm/multimodal… |
CVE-2026-22773 | Medium | 6.5 | 2026-01-10 | vLLM is an inference and serving engine for large language models (LLMs). In versions from 0.6.4 to before 0.12.0, users can crash the vLLM engine serving mult… |