1079 matches found
GHSA-6V7P-G79W-8964 vulnerabilities
Vulnerabilities for packages: openstack-placement-2025.2-fips, dbt-bigquery, openstack-horizon-2025.2-fips, openstack-tempest-2026.1, request-1276, openstack-glance-2025.1-fips, azure-functions-host, mitmproxy, openstack-placement-2025.1-fips, pypy-3.11, openstack-placement-2026.1,...
GHSA-4XGF-CPJX-PC3J vulnerabilities
Vulnerabilities for packages: lmcache-cuda-12.8, azureml-inference-server-http-fips, tritonserver-backend-vllm-cuda-13.0, prefect, airflow-postgres-fips, azureml-inference-server-http, vllm-cuda-13.2, vllm-openai-cuda-13.0, airflow-core, semgrep, prefect-fips, open-webui, mcp-atlassian, litellm,...
CVE-2026-54235
vLLM is an inference and serving engine for large language models LLMs. Prior to 0.23.1rc0, ll temperature validation gates use comparison operators , which silently evaluate to False for NaN and for positive Infinity in Python's IEEE 754 float semantics. Both values pass every guard and propagat...
CVE-2026-54235 vLLM: temperature=NaN and temperature=Infinity bypass validation and propagate to GPU kernels
vLLM is an inference and serving engine for large language models LLMs. Prior to 0.23.1rc0, ll temperature validation gates use comparison operators , which silently evaluate to False for NaN and for positive Infinity in Python's IEEE 754 float semantics. Both values pass every guard and propagat...
GHSA-M6QW-4CW2-HM4M vulnerabilities
Vulnerabilities for packages: py3-vllm-cuda-12.9, py3.13-scanner-test-libraries-aiohttp, py3-vllm-cuda-13.0, py3-vllm-cuda-12.4, tritonserver-backend-vllm-cuda-12.9...
CVE-2026-50269 vulnerabilities
Vulnerabilities for packages: py3-vllm-cuda-12.9, py3.13-scanner-test-libraries-aiohttp, py3-vllm-cuda-13.0, py3-vllm-cuda-12.4, tritonserver-backend-vllm-cuda-12.9...
vLLM: GGUF dequantize kernel int truncation exposes uninitialized GPU memory in multi-tenant serving
Summary Integer truncation of tensor dimensions in vLLM's GGUF dequantize kernels csrc/quantization/gguf/ggufkernel.cu causes partial tensor processing. The output tensor is allocated at full size via torch::empty uninitialized memory, but the dequantize CUDA kernel processes only a truncated...
GHSA-6JV3-5F52-599M vulnerabilities
Vulnerabilities for packages: airflow-postgres-fips, airflow-core, wazuh-manager, wazuh-manager-fips, litellm, tritonserver-backend-vllm-cuda-12.9, airflow...
CVE-2026-53540 vulnerabilities
Vulnerabilities for packages: airflow-postgres-fips, airflow-core, wazuh-manager, wazuh-manager-fips, litellm, tritonserver-backend-vllm-cuda-12.9, airflow...
GHSA-V9PG-7XVM-68HF vulnerabilities
Vulnerabilities for packages: airflow-postgres-fips, airflow-core, wazuh-manager, wazuh-manager-fips, litellm, tritonserver-backend-vllm-cuda-12.9, airflow...
CVE-2026-53537 vulnerabilities
Vulnerabilities for packages: airflow-postgres-fips, airflow-core, wazuh-manager, wazuh-manager-fips, litellm, tritonserver-backend-vllm-cuda-12.9, airflow...
CVE-2026-53539 vulnerabilities
Vulnerabilities for packages: airflow-postgres-fips, airflow-core, wazuh-manager, wazuh-manager-fips, litellm, tritonserver-backend-vllm-cuda-12.9, airflow...
GHSA-JP82-JPQV-5VV3 vulnerabilities
Vulnerabilities for packages: tritonserver-backend-vllm-cuda-13.0, nemo, prefect, airflow-postgres-fips, airflow-core, semgrep, mlflow, prefect-fips, mlflow-fips, litellm, tritonserver-backend-vllm-cuda-12.9, airflow...
CVE-2026-54282 vulnerabilities
Vulnerabilities for packages: tritonserver-backend-vllm-cuda-13.0, nemo, prefect, airflow-postgres-fips, airflow-core, semgrep, mlflow, prefect-fips, mlflow-fips, litellm, tritonserver-backend-vllm-cuda-12.9, airflow...
CVE-2026-54283 vulnerabilities
Vulnerabilities for packages: tritonserver-backend-vllm-cuda-13.0, nemo, prefect, airflow-postgres-fips, airflow-core, semgrep, mlflow, prefect-fips, mlflow-fips, litellm, tritonserver-backend-vllm-cuda-12.9, airflow...
GHSA-82W8-QH3P-5JFQ vulnerabilities
Vulnerabilities for packages: tritonserver-backend-vllm-cuda-13.0, nemo, prefect, airflow-postgres-fips, airflow-core, semgrep, mlflow, prefect-fips, mlflow-fips, litellm, tritonserver-backend-vllm-cuda-12.9, airflow...
CVE-2026-54277 vulnerabilities
Vulnerabilities for packages: request-1276, authentik, authentik-fips, py3-vllm-cuda-12.9, text-generation-inference, mlflow, open-webui, apache-beam-python-3.11-sdk, tritonserver-backend-vllm-cuda-12.9, awx, metaflow-service-fips, apache-beam-python-3.13-sdk, py3.13-scanner-test-libraries-aiohtt...
GHSA-HPJ7-WQ8M-9HGP vulnerabilities
Vulnerabilities for packages: request-1276, authentik, authentik-fips, py3-vllm-cuda-12.9, text-generation-inference, mlflow, open-webui, apache-beam-python-3.11-sdk, tritonserver-backend-vllm-cuda-12.9, awx, metaflow-service-fips, apache-beam-python-3.13-sdk, py3.13-scanner-test-libraries-aiohtt...
GHSA-9X8Q-7H8H-WCW9 vulnerabilities
Vulnerabilities for packages: request-1276, authentik, authentik-fips, py3-vllm-cuda-12.9, text-generation-inference, mlflow, open-webui, apache-beam-python-3.11-sdk, tritonserver-backend-vllm-cuda-12.9, awx, metaflow-service-fips, apache-beam-python-3.13-sdk, py3.13-scanner-test-libraries-aiohtt...
GHSA-4FVR-RGM6-GQMC vulnerabilities
Vulnerabilities for packages: request-1276, authentik, authentik-fips, py3-vllm-cuda-12.9, text-generation-inference, mlflow, open-webui, apache-beam-python-3.11-sdk, tritonserver-backend-vllm-cuda-12.9, awx, metaflow-service-fips, apache-beam-python-3.13-sdk, py3.13-scanner-test-libraries-aiohtt...