VYPR

apk package

chainguard/tritonserver-backend-vllm-cuda-12.9

pkg:apk/chainguard/tritonserver-backend-vllm-cuda-12.9

Vulnerabilities (42)

  • CVE-2026-25990HigFeb 11, 2026
    affected < 25.9.0_git20251112-r7fixed 25.9.0_git20251112-r7

    Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.

  • CVE-2026-22778Feb 2, 2026
    affected < 25.9.0_git20260318-r0fixed 25.9.0_git20260318-r0

    vLLM is an inference and serving engine for large language models (LLMs). From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR f

  • CVE-2026-24779Jan 27, 2026
    affected < 25.9.0_git20260318-r0fixed 25.9.0_git20260318-r0

    vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.14.1, a Server-Side Request Forgery (SSRF) vulnerability exists in the `MediaConnector` class within the vLLM project's multimodal feature set. The load_from_url and load_from_url_async m

  • CVE-2026-24486Jan 27, 2026
    affected < 25.9.0_git20251112-r6fixed 25.9.0_git20251112-r6

    Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options `UPLOAD_DIR` and `UPLOAD_KEEP_FILENAME=True`. An attacker can write uploaded files to arbitrary locations on th

  • CVE-2026-0994HigJan 23, 2026
    affected < 25.9.0_git20251112-r6fixed 25.9.0_git20251112-r6

    A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling l

  • CVE-2026-24049Jan 22, 2026
    affected < 25.9.0_git20251112-r6fixed 25.9.0_git20251112-r6

    wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the fil

  • CVE-2026-22807Jan 21, 2026
    affected < 25.9.0_git20260318-r0fixed 25.9.0_git20260318-r0

    vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face `auto_map` dynamic modules during model resolution without gating on `trust_remote_code`, allowing attacker-controlled Python

  • CVE-2026-23949Jan 20, 2026
    affected < 25.9.0_git20251112-r6fixed 25.9.0_git20251112-r6

    jaraco.context, an open-source software package that provides some useful decorators and context managers, has a Zip Slip path traversal vulnerability in the `jaraco.context.tarball()` function starting in version 5.2.0 and prior to version 6.1.0. The vulnerability may allow atta

  • CVE-2026-22773Jan 10, 2026
    affected < 25.9.0_git20260318-r0fixed 25.9.0_git20260318-r0

    vLLM is an inference and serving engine for large language models (LLMs). In versions from 0.6.4 to before 0.12.0, users can crash the vLLM engine serving multimodal models that use the Idefics3 vision model implementation by sending a specially crafted 1x1 pixel image. This caus

  • CVE-2025-68131Dec 31, 2025
    affected < 25.9.0_git20251112-r4fixed 25.9.0_git20251112-r4

    cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag (28)

  • CVE-2025-68161Dec 18, 2025
    affected < 25.9.0_git20251112-r7fixed 25.9.0_git20251112-r7

    The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName co

  • CVE-2025-66471Dec 5, 2025
    affected < 25.9.0_git20251112-r2fixed 25.9.0_git20251112-r2

    urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chu

  • CVE-2025-66418Dec 5, 2025
    affected < 25.9.0_git20251112-r2fixed 25.9.0_git20251112-r2

    urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage a

  • CVE-2025-62164Nov 21, 2025
    affected < 25.9.0_git20251112-r1fixed 25.9.0_git20251112-r1

    vLLM is an inference and serving engine for large language models (LLMs). From versions 0.10.2 to before 0.11.1, a memory corruption vulnerability could lead to a crash (denial-of-service) and potentially remote code execution (RCE), exists in the Completions API endpoint. When p

  • CVE-2025-61620medOct 7, 2025
    affected < 25.9.0_git20251016-r0fixed 25.9.0_git20251016-r0

    ### Summary A resource-exhaustion (denial-of-service) vulnerability exists in multiple endpoints of the OpenAI-Compatible Server due to the ability to specify Jinja templates via the `chat_template` and `chat_template_kwargs` parameters. If an attacker can supply these parameter

  • CVE-2025-6242HigOct 7, 2025
    affected < 25.9.0_git20251016-r0fixed 25.9.0_git20251016-r0

    A Server-Side Request Forgery (SSRF) vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The load_from_url and load_from_url_async methods fetch and process media from user-provided URLs without adequate restrictions on the target ho

  • CVE-2025-59425Oct 7, 2025
    affected < 25.9.0_git20251016-r0fixed 25.9.0_git20251016-r0

    vLLM is an inference and serving engine for large language models (LLMs). Before version 0.11.0rc2, the API key support in vLLM performs validation using a method that was vulnerable to a timing attack. API key validation uses a string comparison that takes longer the more charac

  • CVE-2025-58446Sep 6, 2025
    affected < 25.7.1_git20251001-r1fixed 25.7.1_git20251001-r1

    xgrammar is an open-source library for efficient, flexible, and portable structured generation. A grammar optimizer introduced in 0.1.23 processes large grammars (>100k characters) at very low rates, and can be used for DOS of model providers. This issue is fixed in version 0.1.2

  • CVE-2025-9141higAug 21, 2025
    affected < 25.7.1_git20250821-r1fixed 25.7.1_git20250821-r1

    ### Summary An unsafe deserialization vulnerability allows any authenticated user to execute arbitrary code on the server if they are able to get the model to pass the code as an argument to a tool call. ### Details vLLM's [Qwen3 Coder tool parser](https://github.com/vllm-proje

  • CVE-2025-48956Aug 21, 2025
    affected < 25.7.1_git20250821-r1fixed 25.7.1_git20250821-r1

    vLLM is an inference and serving engine for large language models (LLMs). From 0.1.0 to before 0.10.1.1, a Denial of Service (DoS) vulnerability can be triggered by sending a single HTTP GET request with an extremely large header to an HTTP endpoint. This results in server memory

Page 2 of 3