Security: vllm-project/vllm
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
vLLM image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and ExpectationsGHSA-8jr5-v98p-w75m published
Jun 11, 2026 by jperezdealgabaModerate -
Remote code execution via transformers_utils/get_configGHSA-8fr4-5q9j-m8gm published
Dec 1, 2025 by russellbHigh -
DoS with incorrect shape of multimodal embedding inputsGHSA-pmqf-x6x8-p7qw published
Nov 20, 2025 by russellbModerate -
prompt_embeds deserialization allows DoS and potential RCEGHSA-mrw7-hf4f-83pf published
Nov 20, 2025 by russellbHigh -
DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`GHSA-69j4-grxj-j64p published
Nov 20, 2025 by russellbModerate -
API key authentication vulnerable to timing attackGHSA-wr9h-g72x-mwhm published
Oct 7, 2025 by russellbHigh -
Resource-Exhaustion (DoS) through chat_template / chat_template_kwargs in OpenAI-Compatible ServerGHSA-6fvq-23cw-5628 published
Oct 7, 2025 by russellbModerate -
Downmix Implementation Differences as Attack Vectors Against Audio AI ModelsGHSA-6c4r-fmh3-7rh8 published
Mar 30, 2026 by russellbModerate -
Remote code execution in the vllm tool call parser for Qwen3-CoderGHSA-79j6-g2m3-jgfw published
Aug 20, 2025 by russellbHigh -
Remote DoS via Special-Token PlaceholdersGHSA-hpv8-x276-m59f published
Apr 27, 2026 by russellbModerate