Security Advisories · vllm-project/vllm · GitHub

Security Advisories

View known security vulnerabilities and report new vulnerabilities privately to maintainers.

Report a vulnerability

Denial of Service by abusing outlines unbounded cache on disk
GHSA-mgrm-fgjv-mhv8 published Mar 19, 2025 by russellb

Moderate
Remote Code Execution via Mooncake Integration
GHSA-x3m8-f7g5-qhm7 published Mar 19, 2025 by russellb

Critical
vLLM using built-in hash() from Python 3.12 leads to predictable hash collisions in vLLM prefix cache
GHSA-rm76-4mrf-v9r8 published Feb 6, 2025 by russellb

Low
Malicious model to RCE by torch.load in hf_model_weights_iterator
GHSA-rh4j-5rhw-hr54 published Jan 27, 2025 by russellb

High