Lucene search
K

4 matches found

CVE
CVE
added 2026/06/11 8:31 a.m.64 views

CVE-2026-5497

CVE-2026-5497 affects vLLM 0.8.0 and later, where VideoMediaIO.load_base64() can perform unbounded frame processing for video/jpeg data URLs, leading to an Out-of-Memory DoS. An attacker can craft a single API request with thousands of comma-separated base64 JPEG frames, causing the server to dec...

7.5CVSS5.5AI score0.00543EPSS
Exploits1References7Affected Software1
EUVD
EUVD
added 2026/04/06 3:40 p.m.8 views

EUVD-2026-19351

vLLM is an inference and serving engine for large language models LLMs. From 0.1.0 to before 0.19.0, a Denial of Service vulnerability exists in the vLLM OpenAI-compatible API server. Due to the lack of an upper bound validation on the n parameter in the ChatCompletionRequest and CompletionReques...

6.5CVSS5.9AI score0.0033EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/04/15 9:21 p.m.170 views

vLLM vulnerable to Denial of Service by abusing xgrammar cache

Impact This report is to highlight a vulnerability in XGrammar, a library used by the structured output feature in vLLM. The XGrammar advisory is here: https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-389x-67px-mjg3 The xgrammar library is the default backend used by vLLM to support...

6.8AI score
Exploits0References5Affected Software1
OSV
OSV
added 2025/03/19 4:15 p.m.7 views

PYSEC-2025-223

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. The outlines library is one of the backends used by vLLM to support structured output a.k.a. guided decoding. Outlines provides an optional cache for its compiled grammars on the local filesystem. This cache has...

6.5CVSS6.6AI score0.00421EPSS
Exploits0References3
Rows per page
Query Builder