18 matches found
CVE-2026-55514
vLLM is a library for LLM inference and serving. From 0.12.0 to before 0.24.0, sending a pure prompt embeds payload in a /v1/completions request with a model using M-RoPE causes EngineCore to fail an assertion and fatally crash, shutting down the entire server application. Any remote user who is...
CVE-2026-55514
vLLM is a library for LLM inference and serving. From 0.12.0 to before 0.24.0, sending a pure prompt embeds payload in a /v1/completions request with a model using M-RoPE causes EngineCore to fail an assertion and fatally crash, shutting down the entire server application. Any remote user who is...
CVE-2026-55514
CVE-2026-55514 affects the vLLM library (inference/serving) from versions 0.12.0 through older than 0.24.0. Sending a pure prompt embeds payload in a /v1/completions request for a model using M-RoPE triggers an EngineCore assertion, causing a fatal crash that shuts down the entire server applicat...
PYSEC-2026-387 LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint
BerriAI/litellm is vulnerable to Server-Side Template Injection SSTI via the /completions endpoint. The vulnerability arises from the hfchattemplate method processing the chattemplate parameter from the tokenizerconfig.json file through the Jinja template engine without proper sanitization...
CVE-2026-45349
Open WebUI had a broken access control issue for the completions API ( /api/chat/completions ) allowing a user to continue another user’s conversation if they knew the other user’s Chat ID. This privacy/policy bypass could expose private conversations. The issue affects prior to version 0.9.0 and...
GHSA-GFM2-XM6C-37QC Open WebUI has Broken Access Control for Completions API
Summary Any user X can continue the conversation of any other user Y, as long as the Chat ID of Y is known. User X does not even need to be an admin to do so. Details A user just needs to use the API endpoint: /api/chat/completions with their own API key generated in OWUI and the Chat ID of anoth...
QuantumNous/new-api has an SSRF Filter Bypass via 0.0.0.0
SSRF Filter Bypass via 0.0.0.0 Summary The SSRF protection introduced in v0.9.0.5 CVE-2025-59146 and hardened in v0.9.6 CVE-2025-62155 does not block the unspecified address 0.0.0.0. A regular non-admin user holding any valid API token can send a multimodal request to /v1/chat/completions,...
CVE-2025-62426
A vulnerability in vLLM allows an authenticated user to trigger unintended tokenization during chat template processing by supplying crafted chattemplatekwargs to the /v1/chat/completions or /tokenize endpoints. By forcing the server to tokenize very large inputs, an attacker can block the API...
CVE-2025-62164 VLLM deserialization vulnerability leading to DoS and potential RCE
vLLM is an inference and serving engine for large language models LLMs. From versions 0.10.2 to before 0.11.1, a memory corruption vulnerability could lead to a crash denial-of-service and potentially remote code execution RCE, exists in the Completions API endpoint. When processing user-supplied...
CVE-2025-62164 VLLM deserialization vulnerability leading to DoS and potential RCE
vLLM is an inference and serving engine for large language models LLMs. From versions 0.10.2 to before 0.11.1, a memory corruption vulnerability could lead to a crash denial-of-service and potentially remote code execution RCE, exists in the Completions API endpoint. When processing user-supplied...
GHSA-MRW7-HF4F-83PF vLLM deserialization vulnerability leading to DoS and potential RCE
Summary A memory corruption vulnerability that leading to a crash denial-of-service and potentially remote code execution RCE exists in vLLM versions 0.10.2 and later, in the Completions API endpoint. When processing user-supplied prompt embeddings, the endpoint loads serialized tensors using...
PT-2025-47648
Name of the Vulnerable Software and Affected Versions vLLM versions 0.10.2 through 0.11.0 Description vLLM is an inference and serving engine for large language models LLMs. A memory corruption issue exists in the Completions API endpoint, specifically when processing user-supplied prompt...
EUVD-2024-1088
Malicious code in bioql PyPI...
SQL Injection
Overview airda is an airda Affected versions of this package are vulnerable to SQL Injection via the execute function in the /v1/chat/completions file when processing the question argument. An attacker can access or modify sensitive data, or disrupt application functionality by sending crafted...
vLLM 安全漏洞
vLLM is a high throughput and memory efficient inference and service engine for LLM from the vLLM open source. A security vulnerability exists in vLLM versions prior to 0.8.0 through 0.9.0, which stems from the use of an invalid jsonschema call to the /v1/completions API that could cause the serv...
GHSA-W2R7-9579-27HF vLLM denial of service vulnerability
A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service...
CVE-2024-2952 Server-Side Template Injection in BerriAI/litellm
BerriAI/litellm is vulnerable to Server-Side Template Injection SSTI via the /completions endpoint. The vulnerability arises from the hfchattemplate method processing the chattemplate parameter from the tokenizerconfig.json file through the Jinja template engine without proper sanitization...
CVE-2024-2952
CVE-2024-2952 affects BerriAI/litellm. The vulnerability is an SSTI in the /completions endpoint: the hf_chat_template method processes the chat_template parameter from tokenizer_config.json using the Jinja template engine without proper sanitization, enabling attackers to craft malicious tokeniz...