Lucene search
K

4 matches found

CVE
CVE
added 2026/06/22 10:20 p.m.33 views

CVE-2026-47155

CVE-2026-47155 affects vLLM prior to 0.22.0. Description: revision pinning controls do not consistently apply to all artifacts loaded for a model, enabling loading of dynamic code, GGUF files, image processors, retrieval side weights, or same-repository subfolder weights/config from an unpinned/d...

6.5CVSS5.8AI score0.00146EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/10 5:11 p.m.9 views

GHSA-3WW4-5JV9-J5GM vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors

Summary vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image processors, retrieval side weights, or same-repository subfolder weights/config from an...

6.5CVSS5.6AI score0.00146EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48537

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.22.0 Description vLLM is an inference and serving engine for large language models. The software contains a supply-chain integrity issue where revision pinning controls are not consistently applied to all artifacts...

6.5CVSS5.8AI score0.00146EPSS
Exploits0References13
Veracode
Veracode
added 2025/11/20 7:44 a.m.5 views

Race Condition

Argo CD is vulnerable to a race condition. The vulnerability is due to a flaw in the repository credentials handler that triggers a server panic during concurrent operations on the same repository URL, which allows an attacker to crash the Argo CD server...

6.5CVSS6.9AI score0.00441EPSS
Exploits0References6Affected Software3
Rows per page
Query Builder