Live data from GitHub and PyPI, updated daily.
Data last fetched: 2026-06-29
10 active CVEs reported via OSV.dev
vLLM affected by RCE via auto_map dynamic module loading during model initialization
vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class
vLLM: Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server
vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors
Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching
vLLM has RCE In Video Processing
vLLM: GGUF dequantize kernel int truncation exposes uninitialized GPU memory in multi-tenant serving
vLLM Deserialization of Untrusted Data vulnerability
vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`
vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server
Get SLA-backed support, security patches, and direct access to senior engineers for vLLM — without relying on volunteer maintainers.