Lucene search
K

5 matches found

Snyk
Snyk
added 2025/08/21 2:46 p.m.6 views

Deserialization of Untrusted Data

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the convertparamvalue function in the Qwen3CoderToolParser class, which uses eval function to parse tool call...

8.8CVSS7.8AI score0.04016EPSS
Exploits0References2
OSV
OSV
added 2025/08/21 2:46 p.m.5 views

GHSA-79J6-G2M3-JGFW vLLM has remote code execution vulnerability in the tool call parser for Qwen3-Coder

Summary An unsafe deserialization vulnerability allows any authenticated user to execute arbitrary code on the server if they are able to get the model to pass the code as an argument to a tool call. Details vLLM's Qwen3 Coder tool parser contains a code execution path that uses Python's eval...

8.8CVSS8.4AI score0.04016EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/08/21 2:46 p.m.22 views

vLLM has remote code execution vulnerability in the tool call parser for Qwen3-Coder

Summary An unsafe deserialization vulnerability allows any authenticated user to execute arbitrary code on the server if they are able to get the model to pass the code as an argument to a tool call. Details vLLM's Qwen3 Coder tool parser contains a code execution path that uses Python's eval...

8.4AI score0.04016EPSS
Exploits0References4Affected Software1
PyPA
PyPA
added 2025/05/30 6:15 p.m.14 views

PYSEC-2025-50

vLLM, an inference and serving engine for large language models LLMs, has a Regular Expression Denial of Service ReDoS vulnerability in the file vllm/entrypoints/openai/toolparsers/pythonictoolparser.py of versions 0.6.4 up to but excluding 0.9.0. The root cause is the use of a highly complex and...

6.5CVSS7AI score0.00426EPSS
Exploits1References6Affected Software1
Snyk
Snyk
added 2025/05/28 5:49 p.m.6 views

Regular Expression Denial of Service (ReDoS)

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS through the pythonictoolparser.py. An attacker can cause severe performance degradation or make the servi...

6.9CVSS6.8AI score0.00426EPSS
Exploits1References2
Rows per page
Query Builder