VYPR

apk package

chainguard/py3.12-vllm-cuda-12.4

pkg:apk/chainguard/py3.12-vllm-cuda-12.4

Vulnerabilities (44)

  • CVE-2025-59425Oct 7, 2025
    affected < 0.11.0-r2fixed 0.11.0-r2

    vLLM is an inference and serving engine for large language models (LLMs). Before version 0.11.0rc2, the API key support in vLLM performs validation using a method that was vulnerable to a timing attack. API key validation uses a string comparison that takes longer the more charac

  • CVE-2025-53643Jul 14, 2025
    affected < 0.9.2-r1fixed 0.9.2-r1

    AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed

  • CVE-2025-48924Jul 11, 2025
    affected < 0.11.0-r3fixed 0.11.0-r3

    Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowErr

  • CVE-2025-48379Jul 1, 2025
    affected < 0.9.2-r0fixed 0.9.2-r0

    Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only aff

Page 3 of 3