AI Component

Inference

Inference-layer vulnerabilities target the serving infrastructure that runs ML models in production — including vLLM, TensorRT, Triton, and custom serving endpoints.

537

Total CVEs

Pages

Page 21 of 27

Current

Severity	CVE	Headline	Package	CVSS
MEDIUM	CVE-2025-48942	vLLM: DoS via malformed JSON schema guided param	vllm	6.5
MEDIUM	CVE-2025-48943	vLLM: ReDoS crashes inference server via malformed regex	vllm	6.5
MEDIUM	CVE-2025-48944	vLLM: input validation DoS crashes inference worker	vllm	6.5
HIGH	CVE-2025-48956	vLLM: unauthenticated DoS via oversized HTTP header	vllm	7.5
HIGH	CVE-2025-59425	vLLM: timing attack enables API key bypass	vllm	7.5
HIGH	CVE-2025-6242	vLLM: SSRF in media loader exposes internal network	vllm	7.1
MEDIUM	CVE-2025-62372	vllm: security flaw enables exploitation	vllm	6.5
MEDIUM	CVE-2025-62426	vllm: Resource Exhaustion enables DoS	vllm	6.5
HIGH	CVE-2025-66448	vllm: Code Injection enables RCE	vllm	8.8
HIGH	CVE-2026-22773	vllm: Resource Exhaustion enables DoS	vllm	7.5
CRITICAL	CVE-2026-22807	vllm: Code Injection enables RCE	vllm	9.8
HIGH	CVE-2026-24779	vllm: SSRF allows internal network access	vllm	7.1
CRITICAL	CVE-2026-22778	vllm: security flaw enables exploitation	vllm	9.8
MEDIUM	CVE-2024-28224	Ollama: DNS rebinding exposes LLM API to remote access	ollama	6.6
HIGH	CVE-2024-37032	Ollama: path traversal enables RCE via model blob API	ollama	8.8
HIGH	CVE-2024-45436	Ollama: ZIP path traversal exposes host filesystem	ollama	7.5
HIGH	CVE-2024-39719	Ollama: file existence oracle via api/create errors	ollama	7.5
HIGH	CVE-2024-39720	Ollama: OOB read in GGUF parser enables remote DoS	ollama	8.2
HIGH	CVE-2024-39721	Ollama: DoS via /dev/random causes goroutine exhaustion	ollama	7.5
HIGH	CVE-2024-39722	Ollama: path traversal exposes server filesystem	ollama	7.5

Page 21 of 27

Previous Next

Related AI Components

Framework API Agent Model Training Data RAG

Inference

Related AI Components

Weekly CISO Take + top threats