-
-
Notifications
You must be signed in to change notification settings - Fork 10.6k
Security: vllm-project/vllm
Security Navigation
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
API key authentication vulnerable to timing attackGHSA-wr9h-g72x-mwhm published
Oct 7, 2025 by russellbHigh -
Resource-Exhaustion (DoS) through chat_template / chat_template_kwargs in OpenAI-Compatible ServerGHSA-6fvq-23cw-5628 published
Oct 7, 2025 by russellbModerate -
Remote code execution in the vllm tool call parser for Qwen3-CoderGHSA-79j6-g2m3-jgfw published
Aug 20, 2025 by russellbHigh -
Server-Side Request Forgery (SSRF) in `MediaConnector`GHSA-3f6c-7fw2-ppm4 published
Oct 7, 2025 by russellbHigh -
HTTP header size limits not enforced, allowing DoS from unauthenticated requestsGHSA-rxc4-3w6r-4v47 published
Aug 20, 2025 by russellbHigh -
DoS via Malformed pattern and type Fields in vLLM Tool SchemaGHSA-vrq3-r879-7m65 published
May 28, 2025 by russellbModerate -
Remote Code Execution via PyNcclPipe Communication ServiceGHSA-hjq4-87xh-g4fv published
May 20, 2025 by russellbCritical -
A series of simple Redos in vllm.GHSA-j828-28rj-hfhp published
May 28, 2025 by russellbModerate -
clients can crash the openai server with invalid regexGHSA-9hcf-v7m4-6m2j published
May 28, 2025 by russellbModerate -
Weakness in MultiModalHasher Image/video Hashing Implementation in vLLMGHSA-c65p-x677-fgj6 published
May 28, 2025 by russellbModerate