Security Advisories · vllm-project/vllm · GitHub

Security Advisories

View known security vulnerabilities and report new vulnerabilities privately to maintainers.

Report a vulnerability

A series of simple Redos in vllm.
GHSA-j828-28rj-hfhp published May 28, 2025 by russellb

Moderate
clients can crash the openai server with invalid regex
GHSA-9hcf-v7m4-6m2j published May 28, 2025 by russellb

Moderate
Weakness in MultiModalHasher Image/video Hashing Implementation in vLLM
GHSA-c65p-x677-fgj6 published May 28, 2025 by russellb

Moderate
Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pythonic_tool_parser.py`
GHSA-w6q7-j642-7c25 published May 28, 2025 by russellb

Moderate
phi4mm: Quadratic Time Complexity in Input Token Processing leads to denial of service
GHSA-vc6m-hm49-g9qg published Apr 29, 2025 by russellb

Moderate
Remote Code Execution via Mooncake Integration
GHSA-hj4w-hm2g-p6w5 published Apr 29, 2025 by russellb

Critical
DOS: Remotely kill vllm over http with invalid JSON schema
GHSA-6qc9-v4r8-22xg published May 28, 2025 by russellb

Moderate
Denial of Service via ZeroMQ on Multi-node vLLM Deployment
GHSA-9f8f-2vmf-885j published Apr 29, 2025 by russellb

High
Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration
GHSA-9pcc-gvx5-r5wm published May 6, 2025 by russellb

High
Denial of Service by abusing xgrammar cache
GHSA-hf3c-wxg2-49q9 published Apr 15, 2025 by russellb

Moderate