AI Threat Alert

vLLM Vulnerabilities

pip LLM Inference
61
Risk Score
43
Total CVEs
10
Critical
pip
Ecosystem
May 6, 2026
Last CVE
56%
Patch Rate
33d
Avg Time to Patch
80,213 stars 16,862 forks 4,958 issues 127 dependents Last push May 17, 2026
View on GitHub

Known Vulnerabilities (43 total, page 2 of 2)

Severity CVE ID Summary CVSS Published
HIGH CVE-2025-48956 vLLM: unauthenticated DoS via oversized HTTP header 7.5 Aug 21, 2025 MEDIUM CVE-2025-48944 vLLM: input validation DoS crashes inference worker 6.5 May 30, 2025 MEDIUM CVE-2025-48943 vLLM: ReDoS crashes inference server via malformed regex 6.5 May 30, 2025 MEDIUM CVE-2025-48942 vLLM: DoS via malformed JSON schema guided param 6.5 May 30, 2025 MEDIUM CVE-2025-48887 vLLM: ReDoS in tool parser causes service outage 6.5 May 30, 2025 HIGH CVE-2025-46722 vLLM: image hash collision enables multimodal cache leakage 7.3 May 29, 2025 LOW CVE-2025-46570 vLLM: timing side-channel leaks prompt cache data 2.6 May 29, 2025 CRITICAL CVE-2025-47277 vLLM: RCE via exposed TCPStore in distributed inference 9.8 May 20, 2025 HIGH CVE-2025-30165 vLLM: pickle RCE in multi-node inference deployments 8.0 May 6, 2025 HIGH CVE-2025-46560 vLLM: DoS via quadratic multimodal tokenizer input 7.5 Apr 30, 2025 CRITICAL CVE-2025-32444 vLLM: RCE via pickle deserialization on ZeroMQ 9.8 Apr 30, 2025 HIGH CVE-2025-30202 vLLM: ZeroMQ socket exposure enables DoS in multi-node 7.5 Apr 30, 2025 CRITICAL CVE-2024-9053 vllm: RCE via unsafe pickle deserialization in RPC server 9.8 Mar 20, 2025 CRITICAL CVE-2024-11041 vllm: RCE via unsafe pickle deserialization in MessageQueue 9.8 Mar 20, 2025 CRITICAL CVE-2025-29783 vLLM: RCE via unsafe deserialization in Mooncake KV 9.0 Mar 19, 2025 MEDIUM CVE-2025-29770 vLLM: DoS via unbounded grammar cache exhausts disk 6.5 Mar 19, 2025 LOW CVE-2025-25183 vLLM: hash collision enables prefix cache poisoning 2.6 Feb 7, 2025 HIGH CVE-2025-24357 vLLM: unsafe deserialization RCE via model loading 8.8 Jan 27, 2025

Showing 26–43 of 43

← Previous

Monitor vLLM in your stack

Get instant alerts when new vulnerabilities affect vLLM. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring