Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

13 advisories

Loading
vLLM has SSRF Protection Bypass Moderate
CVE-2026-25960 was published for vllm (pip) Mar 9, 2026
RacerZ-fighting Credited to RacerZ-fighting, russellb, DarkLight1337, and Isotr0py russellb russellb
DarkLight1337 DarkLight1337 Isotr0py Isotr0py
vLLM has RCE In Video Processing Critical
CVE-2026-22778 was published for vllm (pip) Feb 2, 2026
dan-sec-ops Credited to dan-sec-ops, DarkLight1337, and russellb DarkLight1337 DarkLight1337
russellb russellb
vLLM affected by RCE via auto_map dynamic module loading during model initialization High
CVE-2026-22807 was published for vllm (pip) Jan 21, 2026
zaddy6 Credited to zaddy6, arthurgervais, DarkLight1337, and russellb arthurgervais arthurgervais
DarkLight1337 DarkLight1337 russellb russellb
vLLM is vulnerable to DoS in Idefics3 vision models via image payload with ambiguous dimensions Moderate
CVE-2026-22773 was published for vllm (pip) Jan 13, 2026
oxcabe Credited to oxcabe, Isotr0py, and DarkLight1337 Isotr0py Isotr0py
DarkLight1337 DarkLight1337
vLLM vulnerable to remote code execution via transformers_utils/get_config High
CVE-2025-66448 was published for vllm (pip) Dec 2, 2025
Vancir Credited to Vancir, Isotr0py, DarkLight1337, and russellb Isotr0py Isotr0py
DarkLight1337 DarkLight1337 russellb russellb
vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs` Moderate
CVE-2025-62426 was published for vllm (pip) Nov 20, 2025
russellb Credited to russellb, Isotr0py, and DarkLight1337 Isotr0py Isotr0py
DarkLight1337 DarkLight1337
vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs High
CVE-2025-62372 was published for vllm (pip) Nov 20, 2025
DarkLight1337 Credited to DarkLight1337, ywang96, Isotr0py, and russellb ywang96 ywang96
Isotr0py Isotr0py russellb russellb
vLLM deserialization vulnerability leading to DoS and potential RCE High
CVE-2025-62164 was published for vllm (pip) Nov 20, 2025
omriaxion Credited to omriaxion, russellb, DarkLight1337, Isotr0py, ywang96, and davidatom russellb russellb
DarkLight1337 DarkLight1337 Isotr0py Isotr0py ywang96 ywang96 davidatom davidatom
vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class High
CVE-2025-6242 was published for vllm (pip) Oct 7, 2025
kexinoh Credited to kexinoh, d3do-23, lonelyuan, huachenheli, DarkLight1337, russellb, and sidhpurwala-huzaifa d3do-23 d3do-23
lonelyuan lonelyuan huachenheli huachenheli DarkLight1337 DarkLight1337 russellb russellb sidhpurwala-huzaifa sidhpurwala-huzaifa
vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server Moderate
CVE-2025-61620 was published for vllm (pip) Oct 7, 2025
key-moon Credited to key-moon, Ga-ryo, ota42y, Alnusjaponica, Isotr0py, and DarkLight1337 Ga-ryo Ga-ryo
ota42y ota42y Alnusjaponica Alnusjaponica Isotr0py Isotr0py DarkLight1337 DarkLight1337
vLLM has a Weakness in MultiModalHasher Image Hashing Implementation Moderate
CVE-2025-46722 was published for vllm (pip) May 28, 2025
kexinoh Credited to kexinoh, DarkLight1337, and russellb DarkLight1337 DarkLight1337
russellb russellb
Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching Low
CVE-2025-46570 was published for vllm (pip) May 28, 2025
russellb Credited to russellb, dr75, and DarkLight1337 dr75 dr75
DarkLight1337 DarkLight1337
phi4mm: Quadratic Time Complexity in Input Token Processing​ leads to denial of service Moderate
CVE-2025-46560 was published for vllm (pip) Apr 29, 2025
kexinoh Credited to kexinoh, d3do-23, lonelyuan, russellb, DarkLight1337, and Isotr0py d3do-23 d3do-23
lonelyuan lonelyuan russellb russellb DarkLight1337 DarkLight1337 Isotr0py Isotr0py
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database