Vllm Security Vulnerabilities (CVEs)
Track 18 security vulnerabilities affecting Vllm products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability in vLLM allows attackers to leak heap memory addresses by sending invalid images to the multimodal endpoint, which reduces ASLR ent...
Feb 2, 2026A Server-Side Request Forgery (SSRF) vulnerability in vLLM's MediaConnector class allows attackers to bypass host restrictions and make the server sen...
Jan 27, 2026This vulnerability allows arbitrary code execution on vLLM servers during model loading. Attackers who can influence the model repository or path (loc...
Jan 21, 2026This vulnerability allows remote attackers to crash vLLM servers running multimodal models with Idefics3 vision implementation by sending a specially ...
Jan 10, 2026This vulnerability in vLLM allows remote code execution when loading model configurations containing auto_map entries. Attackers can create a seemingl...
Dec 1, 2025A memory corruption vulnerability in vLLM's Completions API endpoint allows attackers to send malicious prompt embeddings that bypass bounds checks an...
Nov 21, 2025This vulnerability allows users to crash the vLLM inference engine by passing malformed multimodal embedding inputs with correct dimensionality but in...
Nov 21, 2025This vulnerability in vLLM allows attackers to send specially crafted requests to the /v1/chat/completions and /tokenize endpoints that can block API ...
Nov 21, 2025This CVE describes a Regular Expression Denial of Service (ReDoS) vulnerability in vLLM versions 0.8.0 through 0.9.0. Attackers can crash vLLM servers...
May 30, 2025This vulnerability in vLLM's image hashing function allows hash collisions where different-sized images with identical pixel data produce the same has...
May 29, 2025This vulnerability in vLLM versions 0.6.5 through 0.8.4 exposes the TCPStore interface on ALL network interfaces instead of only the specified private...
May 20, 2025This vulnerability allows remote code execution in multi-node vLLM deployments using the V0 engine. Attackers can exploit unsafe pickle deserializatio...
May 6, 2025CVE-2025-30202 exposes vLLM's internal state data and enables denial of service attacks in multi-node deployments. The vulnerability allows unauthoriz...
Apr 30, 2025This vulnerability allows remote code execution on vLLM instances using mooncake integration via insecure pickle deserialization over ZeroMQ sockets. ...
Apr 30, 2025CVE-2024-11041 is a critical remote code execution vulnerability in vLLM v0.6.2 where the MessageQueue.dequeue() function uses insecure pickle.loads()...
Mar 20, 2025CVE-2025-29783 is a remote code execution vulnerability in vLLM when configured with Mooncake for distributed key-value storage. Attackers can exploit...
Mar 19, 2025This vulnerability in vLLM's outlines library cache allows denial of service attacks. A malicious user can send numerous short decoding requests with ...
Mar 19, 2025This vulnerability in vLLM allows remote code execution when loading malicious model checkpoints from Hugging Face. Attackers can execute arbitrary co...
Jan 27, 2025Why Monitor Vllm Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 18+ known vulnerabilities affecting Vllm products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Vllm packages in under 60 seconds. No agents required - completely agentless scanning that works across Vllm deployments.
Free vulnerability database: Access detailed information about every Vllm CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Vllm CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
