12 matches found
EUVD-2024-2882
Malicious code in bioql PyPI...
EUVD-2025-0192
Malicious code in bioql PyPI...
CVE-2025-24357
vLLM is a library for LLM inference and serving. vllm/modelexecutor/weightutils.py implements hfmodelweightsiterator to load the model checkpoint, which is downloaded from huggingface. It uses the torch.load function and the weightsonly parameter defaults to False. When torch.load loads malicious...
PYSEC-2025-58
vLLM is a library for LLM inference and serving. vllm/modelexecutor/weightutils.py implements hfmodelweightsiterator to load the model checkpoint, which is downloaded from huggingface. It uses the torch.load function and the weightsonly parameter defaults to False. When torch.load loads malicious...
CVE-2025-24357
The CVE-2025-24357 issue centers on vLLM’s hf_model_weights_iterator (vllm/model_executor/weight_utils.py) which loads checkpoints via torch.load with weights_only defaulting to False. If malicious pickle data is unpickled, arbitrary code could execute on the host. This vulnerability is highlight...
CVE-2025-24357 vLLM allows a malicious model RCE by torch.load in hf_model_weights_iterator
vLLM is a library for LLM inference and serving. vllm/modelexecutor/weightutils.py implements hfmodelweightsiterator to load the model checkpoint, which is downloaded from huggingface. It uses the torch.load function and the weightsonly parameter defaults to False. When torch.load loads malicious...
vLLM denial of service vulnerability
A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service...
GHSA-W2R7-9579-27HF vLLM denial of service vulnerability
A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service...
CVE-2024-8768
A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service...
CVE-2024-8768
A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service...
PT-2024-39237 · Unknown · Vllm Library
Name of the Vulnerable Software and Affected Versions: vLLM library affected versions not specified Description: A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service. Recommendations: At the moment,...
CVE-2024-8768
A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service. Mitigation Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example...