Vllm-project

Vllm

18 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.2

CVE-2025-46722

  • EPSS 0.07%
  • Veröffentlicht 29.05.2025 16:36:12
  • Zuletzt bearbeitet 30.05.2025 16:31:03

vLLM is an inference and serving engine for large language models (LLMs). In versions starting from 0.7.0 to before 0.9.0, in the file vllm/multimodal/hasher.py, the MultiModalHasher class has a security and data integrity issue in its image hashing ...

2.6

CVE-2025-46570

  • EPSS 0.03%
  • Veröffentlicht 29.05.2025 16:32:42
  • Zuletzt bearbeitet 30.05.2025 16:31:03

vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.9.0, when a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the prefill process speeds up, which is reflected in the T...

9.8

CVE-2025-47277

Exploit
  • EPSS 0.35%
  • Veröffentlicht 20.05.2025 17:32:27
  • Zuletzt bearbeitet 13.08.2025 16:35:57

vLLM, an inference and serving engine for large language models (LLMs), has an issue in versions 0.6.5 through 0.8.4 that ONLY impacts environments using the `PyNcclPipe` KV cache transfer integration with the V0 engine. No other configurations are a...

8

CVE-2025-30165

  • EPSS 0.48%
  • Veröffentlicht 06.05.2025 16:53:52
  • Zuletzt bearbeitet 31.07.2025 18:05:30

vLLM is an inference and serving engine for large language models. In a multi-node vLLM deployment using the V0 engine, vLLM uses ZeroMQ for some multi-node communication purposes. The secondary vLLM hosts open a `SUB` ZeroMQ socket and connect to an...

9.8

CVE-2025-32444

Exploit
  • EPSS 2.27%
  • Veröffentlicht 30.04.2025 00:25:00
  • Zuletzt bearbeitet 28.05.2025 19:12:58

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration with mooncake, are vulnerable to remote code execution due to using pickle based serializat...

7.5

CVE-2025-46560

Exploit
  • EPSS 0.11%
  • Veröffentlicht 30.04.2025 00:24:53
  • Zuletzt bearbeitet 28.05.2025 19:15:56

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.8.0 and prior to 0.8.5 are affected by a critical performance vulnerability in the input preprocessing logic of the multimodal tokenizer. T...

7.5

CVE-2025-30202

Exploit
  • EPSS 0.15%
  • Veröffentlicht 30.04.2025 00:24:45
  • Zuletzt bearbeitet 14.05.2025 19:59:42

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.5.2 and prior to 0.8.5 are vulnerable to denial of service and data exposure via ZeroMQ on multi-node vLLM deployment. In a multi-node vLLM...

9.8

CVE-2024-9053

Exploit
  • EPSS 2.06%
  • Veröffentlicht 20.03.2025 10:09:33
  • Zuletzt bearbeitet 15.10.2025 13:15:57

vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer() RPC server entrypoints. The core functionality run_server_loop() calls the function _make_handler_coro(), which directly uses cloudpickle.loads() on received messa...