VYPR

apk package

chainguard/py3.12-vllm-cuda-12.4

pkg:apk/chainguard/py3.12-vllm-cuda-12.4

Vulnerabilities (44)

  • CVE-2026-48746criJun 16, 2026
    affected < 0.18.1-r4fixed 0.18.1-r4

    ### Summary A vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API `AuthenticationMiddleware`, which was discovered during @x41sec's source code audit. It allows to use the API without providing the confi

  • CVE-2026-54274Jun 15, 2026
    affected < 0.18.1-r3fixed 0.18.1-r3

    ### Summary If an attacker sends large incomplete websocket frame payloads, it may be possible to bypass the usual size limits on memory use. ### Impact If a web application has WebSocket endpoints, it may be possible for an attacker to execute a DoS attack through excessive m

  • CVE-2026-54275lowJun 15, 2026
    affected < 0.18.1-r3fixed 0.18.1-r3

    ### Summary The `server_hostname` TLS SNI check can be bypassed when an existing connection is reused. ### Impact If an application makes multiple requests to the same domain, but with different per-request `server_hostname` parameters, then the later calls may succeed by reus

  • CVE-2026-54280lowJun 15, 2026
    affected < 0.18.1-r3fixed 0.18.1-r3

    ### Summary Payload resources are not closed correctly when a client disconnects in the middle of a write. ### Impact If a payload is using an open file or similar limited resource, then an attacker may be able to cause resource starvation temporarily until garbage collection

  • CVE-2026-54273Jun 15, 2026
    affected < 0.18.1-r3fixed 0.18.1-r3

    ### Summary No limit was present on the number of pipelined requests that could be queued. ### Impact An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS. ----- Patch: https://github.com/aio-libs/aiohttp/commit/dfd

  • CVE-2026-54278Jun 15, 2026
    affected < 0.18.1-r3fixed 0.18.1-r3

    ### Summary During cleanup it is possible for a compressed request body to be decompressed into memory in one chunk. ### Impact An attacker may be able to send a compressed payload in specific situations that could be decompressed into memory, potentially leading to DoS (a zip

  • CVE-2026-54277Jun 15, 2026
    affected < 0.18.1-r3fixed 0.18.1-r3

    ### Summary It is possible to bypass the max_line_size check in parts of an HTTP request in the C parser. ### Impact If using the optimised C parser (the default in pre-built wheels), then an attacker may be able to send oversized lines through the HTTP parser and use an exces

  • CVE-2026-54276Jun 15, 2026
    affected < 0.18.1-r3fixed 0.18.1-r3

    ### Summary ``DigestAuthMiddleware`` can send an authentication response after following a cross-origin redirect. ### Impact If the client follows a redirect (the default option) to an attacker controlled domain, the attacker may be able to extract the auth digest. This likel

  • CVE-2026-54279lowJun 15, 2026
    affected < 0.18.1-r3fixed 0.18.1-r3

    ### Summary Host-only cookies that are saved with ``CookieJar.save()`` and then restored later with ``CookieJar.load()`` lose their host-only status. ### Impact Host-only cookies that have been loaded from disk may get sent to subdomains that previously should have been disall

  • CVE-2026-50269lowJun 15, 2026
    affected < 0.18.1-r3fixed 0.18.1-r3

    ### Summary Attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. ### Impact In the unlikely situation that an application is passing user-controlled strings into `MultipartWriter.append(heade

  • CVE-2026-47265HigJun 2, 2026
    affected < 0.18.1-r3fixed 0.18.1-r3

    AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the `cookies` parameter on requests are sent after following a cross-origin redirect. If a developer uses the `cookies` parameter on a per-request basis then

  • CVE-2026-34993MedJun 2, 2026
    affected < 0.18.1-r3fixed 0.18.1-r3

    AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using ``CookieJar.load()`` with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is

  • CVE-2026-44223MedMay 12, 2026
    affected < 0.18.1-r2fixed 0.18.1-r2

    vLLM is an inference and serving engine for large language models (LLMs). From to before 0.20.0, the extract_hidden_states speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a RuntimeError that crashes the EngineCo

  • CVE-2026-7141MedApr 27, 2026
    affected < 0.18.1-r2fixed 0.18.1-r2

    A vulnerability was found in vllm up to 0.19.0. The affected element is the function has_mamba_layers of the file vllm/v1/kv_cache_interface.py of the component KV Block Handler. Performing a manipulation results in uninitialized resource. It is possible to initiate the attack re

  • CVE-2026-40192HigApr 15, 2026
    affected < 0.18.1-r1fixed 0.18.1-r1

    Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leadi

  • CVE-2026-34756MedApr 6, 2026
    affected < 0.18.1-r2fixed 0.18.1-r2

    vLLM is an inference and serving engine for large language models (LLMs). From 0.1.0 to before 0.19.0, a Denial of Service vulnerability exists in the vLLM OpenAI-compatible API server. Due to the lack of an upper bound validation on the n parameter in the ChatCompletionRequest a

  • CVE-2026-34755MedApr 6, 2026
    affected < 0.18.1-r2fixed 0.18.1-r2

    vLLM is an inference and serving engine for large language models (LLMs). From 0.7.0 to before 0.19.0, the VideoMediaIO.load_base64() method at vllm/multimodal/media/video.py splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame coun

  • CVE-2026-34753MedApr 6, 2026
    affected < 0.18.1-r2fixed 0.18.1-r2

    vLLM is an inference and serving engine for large language models (LLMs). From 0.16.0 to before 0.19.0, a server-side request forgery (SSRF) vulnerability in download_bytes_from_url allows any actor who can control batch input JSON to make the vLLM batch runner issue arbitrary HT

  • CVE-2026-34452MedMar 31, 2026
    affected < 0.18.1-r1fixed 0.18.1-r1

    The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the async local filesystem memory tool in the Anthropic Python SDK validated that model-supplied paths resolved inside the sandboxed memory director

  • CVE-2026-34450MedMar 31, 2026
    affected < 0.18.1-r1fixed 0.18.1-r1

    The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a sta

Page 1 of 3