Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/06/22 10:20 p.m.25 views

CVE-2026-47155 vLLM: Artifact Pin Decay in vLLM allows pinned deployments to load unpinned code, weights, and processors

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.0, vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image...

6.5CVSS0.00146EPSS
Exploits0References4
CVE
CVE
added 2026/06/22 10:20 p.m.32 views

CVE-2026-47155

CVE-2026-47155 affects vLLM prior to 0.22.0. Description: revision pinning controls do not consistently apply to all artifacts loaded for a model, enabling loading of dynamic code, GGUF files, image processors, retrieval side weights, or same-repository subfolder weights/config from an unpinned/d...

6.5CVSS5.8AI score0.00146EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/10 5:11 p.m.10 views

vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors

Summary vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image processors, retrieval side weights, or same-repository subfolder weights/config from an...

6.5CVSS5.6AI score0.00146EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/10 5:11 p.m.9 views

GHSA-3WW4-5JV9-J5GM vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors

Summary vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image processors, retrieval side weights, or same-repository subfolder weights/config from an...

6.5CVSS5.6AI score0.00146EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.13 views

PT-2026-48537

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.22.0 Description vLLM is an inference and serving engine for large language models. The software contains a supply-chain integrity issue where revision pinning controls are not consistently applied to all artifacts...

6.5CVSS5.8AI score0.00146EPSS
Exploits0References13
BDU FSTEC
BDU FSTEC
added 2019/06/21 12:0 a.m.2 views

The vulnerability of the COM object dfact.dll in the MasterSCADA software package allows a hacker to trigger an emergency termination of the program.

The vulnerability of the COM object dfact.dll in the image processing method of the SetImage classes BmpImager, GifImager, AviImager, JpgImager in the MasterSCADA software package arises due to the use of a insecure memory allocation function on the stack allocaprobe16. Exploiting this...

3.7CVSS5.5AI score
Exploits0Affected Software1
Rows per page
Query Builder