VYPR

Vendor CVEs

Vllm

All CVEs

54 total · sorted by risk
  • CVE-2025-29783Mar 19, 2025
    risk 0.00cvss epss 0.01

    vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. When vLLM is configured to use Mooncake, unsafe deserialization exposed directly over ZMQ/TCP on all network interfaces will allow attackers to execute remote code on distributed hosts. This is…

  • CVE-2025-29770Mar 19, 2025
    risk 0.00cvss epss 0.00

    vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. The outlines library is one of the backends used by vLLM to support structured output (a.k.a. guided decoding). Outlines provides an optional cache for its compiled grammars on the local…

  • CVE-2025-25183Feb 7, 2025
    risk 0.00cvss epss 0.00

    vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. Prefix caching makes use…

  • CVE-2025-24357Jan 27, 2025
    risk 0.00cvss epss 0.01

    vLLM is a library for LLM inference and serving. vllm/model_executor/weight_utils.py implements hf_model_weights_iterator to load the model checkpoint, which is downloaded from huggingface. It uses the torch.load function and the weights_only parameter defaults to False. When…

Page 2 of 2