10 matches found
EUVD-2025-15950
Malicious code in bioql PyPI...
CVE-2025-47277
vLLM, an inference and serving engine for large language models LLMs, has an issue in versions 0.6.5 through 0.8.4 that ONLY impacts environments using the PyNcclPipe KV cache transfer integration with the V0 engine. No other configurations are affected. vLLM supports the use of...
GHSA-HJQ4-87XH-G4FV vLLM Allows Remote Code Execution via PyNcclPipe Communication Service
Impacted Environments This issue ONLY impacts environments using the PyNcclPipe KV cache transfer integration with the V0 engine. No other configurations are affected. Summary vLLM supports the use of the PyNcclPipe class to establish a peer-to-peer communication domain for data transmission...
vLLM Allows Remote Code Execution via PyNcclPipe Communication Service
Impacted Environments This issue ONLY impacts environments using the PyNcclPipe KV cache transfer integration with the V0 engine. No other configurations are affected. Summary vLLM supports the use of the PyNcclPipe class to establish a peer-to-peer communication domain for data transmission...
Deserialization of Untrusted Data
Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the PyNcclPipe service if it is in use with the V0 engine. An attacker can execute arbitrary code on the...
CVE-2025-47277 vLLM Allows Remote Code Execution via PyNcclPipe Communication Service
vLLM, an inference and serving engine for large language models LLMs, has an issue in versions 0.6.5 through 0.8.4 that ONLY impacts environments using the PyNcclPipe KV cache transfer integration with the V0 engine. No other configurations are affected. vLLM supports the use of...
CVE-2025-47277
vLLM (versions 0.6.5–0.8.4) is affected only when using the PyNcclPipe KV cache transfer integration with the V0 engine. The issue stems from the PyTorch TCPStore binding defaulting to ALL interfaces; a workaround constrained the store to a private interface, and as of version 0.8.5 vLLM now bind...
CVE-2025-47277 vLLM Allows Remote Code Execution via PyNcclPipe Communication Service
vLLM, an inference and serving engine for large language models LLMs, has an issue in versions 0.6.5 through 0.8.4 that ONLY impacts environments using the PyNcclPipe KV cache transfer integration with the V0 engine. No other configurations are affected. vLLM supports the use of...
CVE-2025-47277 vLLM Allows Remote Code Execution via PyNcclPipe Communication Service
vLLM, an inference and serving engine for large language models LLMs, has an issue in versions 0.6.5 through 0.8.4 that ONLY impacts environments using the PyNcclPipe KV cache transfer integration with the V0 engine. No other configurations are affected. vLLM supports the use of...
vLLM 代码问题漏洞
vLLM is a vLLM open source high throughput and memory efficient inference and service engine for LLM. A code issue vulnerability exists in vLLM versions 0.6.5 through 0.8.4, which stems from PyNcclPipe KV cache transfers not properly limiting the scope of TCPStore interface access...