Lucene search
K

7 matches found

Github Security Blog
Github Security Blog
added 2026/06/10 5:11 p.m.10 views

vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors

Summary vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image processors, retrieval side weights, or same-repository subfolder weights/config from an...

6.5CVSS5.6AI score0.00146EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48537

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.22.0 Description vLLM is an inference and serving engine for large language models. The software contains a supply-chain integrity issue where revision pinning controls are not consistently applied to all artifacts...

6.5CVSS5.8AI score0.00146EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.14 views

PT-2026-38410

Name of the Vulnerable Software and Affected Versions Diffusers versions prior to 0.38.0 Description A bypass of the trust remote code security gate in the DiffusionPipeline.from pretrained function allows arbitrary remote code execution, even when trust remote code is set to False or left as...

8.8CVSS6.3AI score0.00865EPSS
Exploits1References9
OSV
OSV
added 2026/01/21 4:12 p.m.2 views

GHSA-2PC9-4J83-QJMR vLLM affected by RCE via auto_map dynamic module loading during model initialization

Summary vLLM loads Hugging Face automap dynamic modules during model resolution without gating on trustremotecode, allowing attacker-controlled Python code in a model repo/path to execute at server startup. --- Impact An attacker who can influence the model repo/path local directory or remote...

8.8CVSS6AI score0.00737EPSS
Exploits1References6
OSV
OSV
added 2021/09/23 11:18 p.m.12 views

GHSA-XPWJ-7V8Q-MCGJ Deno's static imports inside dynamically imported modules do not adhere to permission checks

Impact Modules that are dynamically imported through import or new Worker might have been able to bypass network and file system permission checks when statically importing other modules. In Deno 1.5.x and 1.6.x only programs dynamically importing especially transitively untrusted code are...

9.8CVSS9.8AI score0.01113EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2016/10/12 12:0 a.m.35 views

openSUSE Security Update : nodejs (openSUSE-2016-1172)

This update brings the new upstream nodejs LTS version 4.6.0, fixing bugs and security issues : - Nodejs embedded openssl version update + upgrade to 1.0.2j CVE-2016-6304, CVE-2016-2183, CVE-2016-2178, CVE-2016-6306, CVE-2016-7052 + remove support for dynamic 3rd party engine modules - http:...

9.3CVSS7.4AI score0.95707EPSS
Exploits8References10
Tenable Nessus
Tenable Nessus
added 2013/01/25 12:0 a.m.28 views

SuSE 11.1 Security Update : net-snmp (SAT Patch Number 6517)

This update to net-snmp resolves the following issues : - Specially crafted SNMP GET requests could cause a denial of service application crash via a heap-based out-out-bounds read flaw which could be exploited remotely. CVE-2012-2141 - The snmpd agent should read shared memory information from...

3.5CVSS7.9AI score0.02167EPSS
Exploits0References6
Rows per page
Query Builder