12 matches found
EUVD-2024-2882
Malicious code in bioql PyPI...
EUVD-2025-0192
Malicious code in bioql PyPI...
CVE-2025-24357
vLLM is a library for LLM inference and serving. vllm/modelexecutor/weightutils.py implements hfmodelweightsiterator to load the model checkpoint, which is downloaded from huggingface. It uses the torch.load function and the weightsonly parameter defaults to False. When torch.load loads malicious...
PYSEC-2025-58
vLLM is a library for LLM inference and serving. vllm/modelexecutor/weightutils.py implements hfmodelweightsiterator to load the model checkpoint, which is downloaded from huggingface. It uses the torch.load function and the weightsonly parameter defaults to False. When torch.load loads malicious...
CVE-2025-24357
The CVE-2025-24357 issue centers on vLLM’s hf_model_weights_iterator (vllm/model_executor/weight_utils.py) which loads checkpoints via torch.load with weights_only defaulting to False. If malicious pickle data is unpickled, arbitrary code could execute on the host. This vulnerability is highlight...
CVE-2025-24357 vLLM allows a malicious model RCE by torch.load in hf_model_weights_iterator
vLLM is a library for LLM inference and serving. vllm/modelexecutor/weightutils.py implements hfmodelweightsiterator to load the model checkpoint, which is downloaded from huggingface. It uses the torch.load function and the weightsonly parameter defaults to False. When torch.load loads malicious...
GHSA-W2R7-9579-27HF vLLM denial of service vulnerability
A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service...
vLLM denial of service vulnerability
A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service...
CVE-2024-8768
A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service...
CVE-2024-8768
A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service...
PT-2024-39237 · Unknown · Vllm Library
Name of the Vulnerable Software and Affected Versions: vLLM library affected versions not specified Description: A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service. Recommendations: At the moment,...
CVE-2024-8768
A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service. Mitigation Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example...