vLLM Vulnerabilities

pip LLM Inference

AI Threat Alert tracks 75 known vulnerabilities in vLLM, 11 rated critical — an AI/ML llm inference in the pip ecosystem. Each CVE includes CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis.

Data sources
61
Risk Score
75
Total CVEs
11
Critical
pip
Ecosystem
Jun 22, 2026
Last CVE
23%
Patch Rate
51d
Avg Time to Patch
84,601 stars 18,589 forks 5,482 issues 130 dependents Last push Jun 28, 2026
View on GitHub

Known Vulnerabilities (75 total, page 2 of 3)

Severity CVE ID Summary CVSS Published
HIGH CVE-2026-5121 libarchive: integer overflow in zisofs hits vllm containers 7.5 Mar 30, 2026 HIGH CVE-2026-4424 libarchive: RAR heap OOB read leaks memory in vLLM stacks 7.5 Mar 19, 2026 HIGH CVE-2026-5497 vLLM: unauthenticated OOM DoS via video frame parsing 7.5 Jun 11, 2026 MEDIUM CVE-2026-47155 vLLM: revision pin bypass loads unreviewed artifacts 6.5 Jun 10, 2026 UNKNOWN CVE-2026-4944 vllm: trust_remote_code bypass enables RCE via HuggingFace -- May 28, 2026 MEDIUM CVE-2026-9540 vllm: unauthenticated DoS in OpenAI-compatible serving path 5.3 May 26, 2026 HIGH CVE-2026-46517 LMDeploy: hardcoded trust_remote_code enables RCE 7.8 May 21, 2026 MEDIUM CVE-2026-44223 vLLM: speculative decoding DoS via penalty params 6.5 May 6, 2026 MEDIUM CVE-2026-44222 vLLM: token injection DoS via multimodal placeholders 6.5 May 5, 2026 MEDIUM CVE-2026-7141 vllm: uninitialized KV cache memory leaks inference data 5.6 Apr 27, 2026 MEDIUM CVE-2026-34753 vLLM: SSRF in batch API exposes cloud metadata endpoints 5.4 Apr 3, 2026 MEDIUM CVE-2026-34755 vLLM: OOM DoS via unbounded video frame decoding 6.5 Apr 3, 2026 MEDIUM CVE-2026-34756 vLLM: DoS via unbounded n parameter causes OOM crash 6.5 Apr 3, 2026 HIGH CVE-2026-27893 vLLM: trust_remote_code bypass enables RCE 8.8 Mar 27, 2026 CRITICAL CVE-2024-9052 vLLM: RCE via pickle deserialization in distributed API 9.8 Mar 20, 2025 MEDIUM GHSA-hf3c-wxg2-49q9 vLLM: DoS via unbounded XGrammar schema cache 6.5 Apr 15, 2025 CRITICAL GHSA-ggpf-24jw-3fcw vLLM: RCE via malicious model, PyTorch < 2.6 bypass 9.8 Apr 23, 2025 MEDIUM GHSA-j828-28rj-hfhp vllm: ReDoS in inference endpoints enables DoS 4.3 May 28, 2025 HIGH CVE-2025-9141 vLLM: RCE via eval() in Qwen3 Coder tool parser 8.8 Aug 21, 2025 MEDIUM CVE-2025-61620 vllm: DoS via Jinja template injection in chat API 6.5 Oct 7, 2025 HIGH GHSA-mcmc-2m55-j8jj vllm: Input Validation flaw enables exploitation 8.8 Jan 8, 2026 CRITICAL CVE-2026-25960 vllm: SSRF allows internal network access 9.8 Mar 9, 2026 CRITICAL CVE-2026-22778 vllm: security flaw enables exploitation 9.8 Feb 2, 2026 HIGH CVE-2026-24779 vllm: SSRF allows internal network access 7.1 Jan 27, 2026 CRITICAL CVE-2026-22807 vllm: Code Injection enables RCE 9.8 Jan 21, 2026

Showing 26–50 of 75

Frequently asked questions

What is vLLM?

vLLM is an AI/ML llm inference tracked by AI Threat Alert for security vulnerabilities in the pip ecosystem.

How many known vulnerabilities does vLLM have?

vLLM has 75 known CVEs, 11 of them critical, tracked from NVD and GitHub Advisory.

Which ecosystem is vLLM distributed in?

vLLM is distributed via the pip ecosystem and categorized as llm inference.

Where does the vLLM vulnerability data come from?

Vulnerability data is sourced from NVD and GitHub Advisory, enriched with CVSS, EPSS, exploit signals, and patch status for each CVE.

How do I assess the risk of vLLM?

Review each CVE below — every entry shows CVSS severity, EPSS exploit probability, exploitation signals, and whether a patched version is available.

Monitor vLLM in your stack

Get instant alerts when new vulnerabilities affect vLLM. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring