threat
engine
.sh
Back
·
··:··
Home
/
Product
/
vllm
Product
vllm
36 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-44223
>= 0.18.0 and < 0.20.0
vLLM is an inference and serving engine for large language models (LLMs). From to before 0.20.0, the extract_hidden_states specul
6.5
MEDIUM
CVE-2026-44222
>= 0.6.1 and < 0.20.0
vLLM is an inference and serving engine for large language models (LLMs). From 0.6.1 to before 0.20.0, there is a Token Injectio
6.5
MEDIUM
CVE-2026-7141
<= 0.19.0
A vulnerability was found in vllm up to 0.19.0. The affected element is the function has_mamba_layers of the file vllm/v1/kv_cache
5.6
MEDIUM
CVE-2026-34756
>= 0.1.0 and < 0.19.0
vLLM is an inference and serving engine for large language models (LLMs). From 0.1.0 to before 0.19.0, a Denial of Service vulnera
6.5
MEDIUM
CVE-2026-34755
>= 0.7.0 and < 0.19.0
vLLM is an inference and serving engine for large language models (LLMs). From 0.7.0 to before 0.19.0, the VideoMediaIO.load_base6
6.5
MEDIUM
CVE-2026-34753
>= 0.16.0 and < 0.19.0
vLLM is an inference and serving engine for large language models (LLMs). From 0.16.0 to before 0.19.0, a server-side request forg
5.4
MEDIUM
CVE-2026-34760
>= 0.5.5 and < 0.18.0
vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before version 0.18.0, Librosa def
5.9
MEDIUM
CVE-2026-27893
>= 0.10.1 and < 0.18.0
vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.18.0,
8.8
HIGH
CVE-2026-25960
>= 0.15.1 and < 0.17.0
vLLM is an inference and serving engine for large language models (LLMs). The SSRF protection fix for CVE-2026-24779 add in 0.15.1
7.1
HIGH
CVE-2026-22778
>= 0.8.3 and < 0.14.1
vLLM is an inference and serving engine for large language models (LLMs). From 0.8.3 to before 0.14.1, when an invalid image is se
9.8
CRITICAL
CVE-2026-24779
< 0.14.1
vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.14.1, a Server-Side Request Forgery (
7.1
HIGH
CVE-2026-22807
>= 0.10.1 and < 0.14.0
vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.14.0,
8.8
HIGH
CVE-2026-22773
>= 0.6.4 and < 0.12.0
vLLM is an inference and serving engine for large language models (LLMs). In versions from 0.6.4 to before 0.12.0, users can crash
6.5
MEDIUM
CVE-2025-66448
< 0.11.1
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.11.1, vllm has a critical remote code executi
7.1
HIGH
CVE-2025-62426
>= 0.5.5 and < 0.11.1
vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before 0.11.1, the /v1/chat/comple
6.5
MEDIUM
CVE-2025-62372
>= 0.5.5 and < 0.11.1
vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before 0.11.1, users can crash the
6.5
MEDIUM
CVE-2025-62164
>= 0.10.2 and < 0.11.1
vLLM is an inference and serving engine for large language models (LLMs). From versions 0.10.2 to before 0.11.1, a memory corrupti
8.8
HIGH
CVE-2025-59425
< 0.11.0
vLLM is an inference and serving engine for large language models (LLMs). Before version 0.11.0rc2, the API key support in vLLM pe
7.5
HIGH
CVE-2025-48956
>= 0.1.0 and < 0.10.1.1
vLLM is an inference and serving engine for large language models (LLMs). From 0.1.0 to before 0.10.1.1, a Denial of Service (DoS)
7.5
HIGH
CVE-2025-48944
>= 0.8.0 and < 0.9.0
vLLM is an inference and serving engine for large language models (LLMs). In version 0.8.0 up to but excluding 0.9.0, the vLLM bac
6.5
MEDIUM
CVE-2025-48943
>= 0.8.0 and < 0.9.0
vLLM is an inference and serving engine for large language models (LLMs). Version 0.8.0 up to but excluding 0.9.0 have a Denial of
6.5
MEDIUM
CVE-2025-48942
>= 0.8.0 and < 0.9.0
vLLM is an inference and serving engine for large language models (LLMs). In versions 0.8.0 up to but excluding 0.9.0, hitting the
6.5
MEDIUM
CVE-2025-48887
>= 0.6.4 and < 0.9.0
vLLM, an inference and serving engine for large language models (LLMs), has a Regular Expression Denial of Service (ReDoS) vulnera
6.5
MEDIUM
CVE-2025-46722
>= 0.7.0 and < 0.9.0
vLLM is an inference and serving engine for large language models (LLMs). In versions starting from 0.7.0 to before 0.9.0, in the
4.2
MEDIUM
CVE-2025-46570
< 0.9.0
vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.9.0, when a new prompt is processed,
2.6
LOW
CVE-2025-47277
>= 0.6.5 and < 0.8.5
vLLM, an inference and serving engine for large language models (LLMs), has an issue in versions 0.6.5 through 0.8.4 that ONLY imp
9.8
CRITICAL
CVE-2025-30165
>= 0.5.2
vLLM is an inference and serving engine for large language models. In a multi-node vLLM deployment using the V0 engine, vLLM uses
8.0
HIGH
CVE-2025-46560
>= 0.8.0 and < 0.8.5
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.8.0 and prior to 0.
6.5
MEDIUM
CVE-2025-32444
>= 0.6.5 and < 0.8.5
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.
10.0
CRITICAL
CVE-2025-30202
>= 0.5.2 and < 0.8.5
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.5.2 and prior to 0.
7.5
HIGH
CVE-2024-9053
all versions
vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer() RPC server entrypoints. The core functional
9.8
CRITICAL
CVE-2024-11041
all versions
vllm-project vllm version v0.6.2 contains a vulnerability in the MessageQueue.dequeue() API function. The function uses pickle.loa
9.8
CRITICAL
CVE-2025-29783
>= 0.6.5 and < 0.8.0
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. When vLLM is configured to use Mooncake, uns
9.0
CRITICAL
CVE-2025-29770
< 0.8.0
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. The outlines library is one of the backends
6.5
MEDIUM
CVE-2025-25183
< 0.7.2
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead
2.6
LOW
CVE-2025-24357
< 0.7.0
vLLM is a library for LLM inference and serving. vllm/model_executor/weight_utils.py implements hf_model_weights_iterator to load
7.5
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin