Vllm-Project Vllm vulnerabilities
4 known vulnerabilities affecting vllm-project/vllm-project_vllm.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2
Vulnerabilities
Page 1 of 1
CVE-2024-11041P2CRITICALCVSS 9.8≥ unspecified, ≤ latest2025-03-20
CVE-2024-11041 [CRITICAL] CWE-502 CVE-2024-11041: vllm-project vllm version v0.6.2 contains a vulnerability in the MessageQueue.dequeue() API function
vllm-project vllm version v0.6.2 contains a vulnerability in the MessageQueue.dequeue() API function. The function uses pickle.loads to parse received sockets directly, leading to a remote code execution vulnerability. An attacker can exploit this by sending a malicious payload to the MessageQueue, causing the victim's machine to execute arbitrary
nvd
CVE-2024-9053P2CRITICALCVSS 9.8≥ unspecified, ≤ latest2025-03-20
CVE-2024-9053 [CRITICAL] CWE-502 CVE-2024-9053: vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer() RPC server en
vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer() RPC server entrypoints. The core functionality run_server_loop() calls the function _make_handler_coro(), which directly uses cloudpickle.loads() on received messages without any sanitization. This can result in remote code execution by deserializing malicious pic
nvd
CVE-2025-66448P3HIGHCVSS 8.8≥ unspecified, ≤ latest2025-12-01
CVE-2025-66448 [HIGH] CWE-94 CVE-2025-66448: vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.11.1, vllm has
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named Nemotron_Nano_VL_Config. When vllm loads a model config that contains an auto_map entry, the config class resolves that mapping with get_class_from_dynamic_module(...) and immediately instant
nvd
CVE-2026-5497P3HIGHCVSS 7.5≥ unspecified, < 0.19.02026-06-11
CVE-2026-5497 [HIGH] CWE-400 CVE-2026-5497: vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS) attac
vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS) attack due to unbounded frame count processing in the `VideoMediaIO.load_base64()` method. When processing `video/jpeg` data URLs, the method splits the base64 data string on commas to extract individual JPEG frames without enforcing a frame count limit. An at
nvd