5 matches found
Server-side Request Forgery (SSRF)
Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via inconsistent URL parsing between the validation layer and the HTTP client in the loadfromurl and loadfromurlasy...
GHSA-GGPF-24JW-3FCW vulnerabilities
Vulnerabilities for packages: tritonserver-backend-vllm...
Regular Expression Denial of Service (ReDoS)
Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in multiple locations in the code. An attacker can cause a denial of service by supplying specially craft...
Regular Expression Denial of Service (ReDoS)
Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS through the pythonictoolparser.py. An attacker can cause severe performance degradation or make the servi...
CVE-2025-25183
A flaw was found in the vllm package. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. The impact of a collision would be using a cache that was generated using different content...