PYSEC-2025-54

vLLM is an inference and serving engine for large language models LLMs. In versions 0.8.0 up to but excluding 0.9.0, hitting the /v1/completions API with a invalid jsonschema as a Guided Param kills the vllm server. This vulnerability is similar GHSA-9hcf-v7m4-6m2j/CVE-2025-48943, but for regex...

PYSEC-2025-50

vLLM, an inference and serving engine for large language models LLMs, has a Regular Expression Denial of Service ReDoS vulnerability in the file vllm/entrypoints/openai/toolparsers/pythonictoolparser.py of versions 0.6.4 up to but excluding 0.9.0. The root cause is the use of a highly complex and...

vLLM 安全漏洞

vLLM is a high throughput and memory efficient inference and service engine for LLM from the vLLM open source. A security vulnerability exists in vLLM versions prior to 0.6.4 through 0.9.0 that stems from a complex regular expression used in tool call detection that could lead to a regular...

vLLM 输入验证错误漏洞

vLLM is a high throughput and memory efficient inference and service engine for LLM from the vLLM open source. An input validation error vulnerability exists in vLLM versions prior to 0.8.0 through 0.9.0, which stems from accidental or malformed inputs in the pattern and type fields that are not...

Merge Hijacking: Backdoor Attacks to Model Merging of Large Language Models

Model merging for Large Language Models LLMs directly fuses the parameters of different models finetuned on various tasks, creating a unified model for multi-domain tasks. However, due to potential vulnerabilities in models available on open-source platforms, model merging is susceptible to...

Incomplete Comparison with Missing Factors

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Incomplete Comparison with Missing Factors due to the implementation of image hashing in hasher.py. An attacker can achieve hash collisions and...

Red-Teaming Text-To-Image Systems by Rule-Based Preference Modeling

Text-to-image T2I models raise ethical and safety concerns due to their potential to generate inappropriate or harmful images. Evaluating these models' security through red-teaming is vital, yet white-box approaches are limited by their need for internal access, complicating their use with...

JavaSith: a Client-Side Framework for Analyzing Potentially Malicious Extensions in Browsers, VS Code, and NPM Packages

Modern software supply chains face an increasing threat from malicious code hidden in trusted components such as browser extensions, IDE extensions, and open-source packages. This paper introduces JavaSith, a novel client-side framework for analyzing potentially malicious extensions in web...

The Feasibility of Topic-Based Watermarking on Academic Peer Reviews

Large language models LLMs are increasingly integrated into academic workflows, with many conferences and journals permitting their use for tasks such as language refinement and literature summarization. However, their use in peer review remains prohibited due to concerns around confidentiality...

Exemplifying Emerging Phishing: QR-Based Browser-In-The-Browser (BiTB) Attack

Lately, cybercriminals constantly formulate productive approaches to exploit individuals. This article exemplifies an innovative attack, namely QR-based Browser-in-The-Browser BiTB, using proficiencies of Large Language Model LLM i.e. Google Gemini. The presented attack is a fusion of two emergin...

Benchmarking Poisoning Attacks against Retrieval-Augmented Generation

Retrieval-Augmented Generation RAG has proven effective in mitigating hallucinations in large language models by incorporating external knowledge during inference. However, this integration introduces new security vulnerabilities, particularly to poisoning attacks. Although prior work has explore...

CVE-2024-3102

A JSON Injection vulnerability exists in the mintplex-labs/anything-llm application, specifically within the username parameter during the login process at the /api/request-token endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacks...

CVE-2024-56516

free-one-api allows users to access large language model reverse engineering libraries through the standard OpenAI API format. In versions up to and including 1.0.1, MD5 is used to hash passwords before sending them to the backend. MD5 is a cryptographically broken hashing algorithm and is no...

An Attack to Break Permutation-Based Private Third-Party Inference Schemes for LLMs

Recent advances in Large Language Models LLMs have led to the widespread adoption of third-party inference services, raising critical privacy concerns. Existing methods of performing private third-party inference, such as Secure Multiparty Computation SMPC, often rely on cryptographic methods...

A Critical Evaluation of Defenses against Prompt Injection Attacks

Large Language Models LLMs are vulnerable to prompt injection attacks, and several defenses have recently been proposed, often claiming to mitigate these attacks successfully. However, we argue that existing studies lack a principled approach to evaluating these defenses. In this paper, we argue...

An End-To-End Model for Logits Based Large Language Models Watermarking

The rise of LLMs has increased concerns over source tracing and copyright protection for AIGC, highlighting the need for advanced detection technologies. Passive detection methods usually face high false positives, while active watermarking techniques using logits or sampling manipulation offer...

Securing RAG: a Risk Assessment and Mitigation Framework

Retrieval Augmented Generation RAG has emerged as the de facto industry standard for user-facing NLP applications, offering the ability to integrate data without re-training or fine-tuning Large Language Models LLMs. This capability enhances the quality and accuracy of responses but also introduc...

Alignment under Pressure: the Case for Informed Adversaries When Evaluating LLM Defenses

Large language models LLMs are rapidly deployed in real-world applications ranging from chatbots to agentic systems. Alignment is one of the main approaches used to defend against attacks such as prompt injection and jailbreaks. Recent defenses report near-zero Attack Success Rates ASR even again...

From Nuclear Safety to LLM Security: Applying Non-Probabilistic Risk Management Strategies to Build Safe and Secure LLM-Powered Systems

Large language models LLMs offer unprecedented and growing capabilities, but also introduce complex safety and security challenges that resist conventional risk management. While conventional probabilistic risk analysis PRA requires exhaustive risk enumeration and quantification, the novelty and...

vLLM 代码问题漏洞

vLLM is a vLLM open source high throughput and memory efficient inference and service engine for LLM. A code issue vulnerability exists in vLLM versions 0.6.5 through 0.8.4, which stems from PyNcclPipe KV cache transfers not properly limiting the scope of TCPStore interface access...