vLLM Vulnerabilities

pip LLM Inference

AI Threat Alert tracks 75 known vulnerabilities in vLLM, 11 rated critical — an AI/ML llm inference in the pip ecosystem. Each CVE includes CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis.

Data sources
61
Risk Score
75
Total CVEs
11
Critical
pip
Ecosystem
Jun 22, 2026
Last CVE
23%
Patch Rate
51d
Avg Time to Patch
84,601 stars 18,589 forks 5,482 issues 130 dependents Last push Jun 28, 2026
View on GitHub

Known Vulnerabilities (75 total, page 3 of 3)

Severity CVE ID Summary CVSS Published
HIGH CVE-2026-22773 vllm: Resource Exhaustion enables DoS 7.5 Jan 10, 2026 HIGH CVE-2025-66448 vllm: Code Injection enables RCE 8.8 Dec 1, 2025 MEDIUM CVE-2025-62426 vllm: Resource Exhaustion enables DoS 6.5 Nov 21, 2025 MEDIUM CVE-2025-62372 vllm: security flaw enables exploitation 6.5 Nov 21, 2025 HIGH CVE-2025-62164 vllm: Input Validation flaw enables exploitation 8.8 Nov 21, 2025 HIGH CVE-2025-6242 vLLM: SSRF in media loader exposes internal network 7.1 Oct 7, 2025 HIGH CVE-2025-59425 vLLM: timing attack enables API key bypass 7.5 Oct 7, 2025 HIGH CVE-2025-48956 vLLM: unauthenticated DoS via oversized HTTP header 7.5 Aug 21, 2025 MEDIUM CVE-2025-48944 vLLM: input validation DoS crashes inference worker 6.5 May 30, 2025 MEDIUM CVE-2025-48943 vLLM: ReDoS crashes inference server via malformed regex 6.5 May 30, 2025 MEDIUM CVE-2025-48942 vLLM: DoS via malformed JSON schema guided param 6.5 May 30, 2025 MEDIUM CVE-2025-48887 vLLM: ReDoS in tool parser causes service outage 6.5 May 30, 2025 HIGH CVE-2025-46722 vLLM: image hash collision enables multimodal cache leakage 7.3 May 29, 2025 LOW CVE-2025-46570 vLLM: timing side-channel leaks prompt cache data 2.6 May 29, 2025 CRITICAL CVE-2025-47277 vLLM: RCE via exposed TCPStore in distributed inference 9.8 May 20, 2025 HIGH CVE-2025-30165 vLLM: pickle RCE in multi-node inference deployments 8.0 May 6, 2025 HIGH CVE-2025-46560 vLLM: DoS via quadratic multimodal tokenizer input 7.5 Apr 30, 2025 CRITICAL CVE-2025-32444 vLLM: RCE via pickle deserialization on ZeroMQ 9.8 Apr 30, 2025 HIGH CVE-2025-30202 vLLM: ZeroMQ socket exposure enables DoS in multi-node 7.5 Apr 30, 2025 CRITICAL CVE-2024-9053 vllm: RCE via unsafe pickle deserialization in RPC server 9.8 Mar 20, 2025 CRITICAL CVE-2024-11041 vllm: RCE via unsafe pickle deserialization in MessageQueue 9.8 Mar 20, 2025 CRITICAL CVE-2025-29783 vLLM: RCE via unsafe deserialization in Mooncake KV 9.0 Mar 19, 2025 MEDIUM CVE-2025-29770 vLLM: DoS via unbounded grammar cache exhausts disk 6.5 Mar 19, 2025 LOW CVE-2025-25183 vLLM: hash collision enables prefix cache poisoning 2.6 Feb 7, 2025 HIGH CVE-2025-24357 vLLM: unsafe deserialization RCE via model loading 8.8 Jan 27, 2025

Showing 51–75 of 75

Frequently asked questions

What is vLLM?

vLLM is an AI/ML llm inference tracked by AI Threat Alert for security vulnerabilities in the pip ecosystem.

How many known vulnerabilities does vLLM have?

vLLM has 75 known CVEs, 11 of them critical, tracked from NVD and GitHub Advisory.

Which ecosystem is vLLM distributed in?

vLLM is distributed via the pip ecosystem and categorized as llm inference.

Where does the vLLM vulnerability data come from?

Vulnerability data is sourced from NVD and GitHub Advisory, enriched with CVSS, EPSS, exploit signals, and patch status for each CVE.

How do I assess the risk of vLLM?

Review each CVE below — every entry shows CVSS severity, EPSS exploit probability, exploitation signals, and whether a patched version is available.

Monitor vLLM in your stack

Get instant alerts when new vulnerabilities affect vLLM. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring