CVE-2026-47155

CVE-2026-47155 affects vLLM prior to 0.22.0. Description: revision pinning controls do not consistently apply to all artifacts loaded for a model, enabling loading of dynamic code, GGUF files, image processors, retrieval side weights, or same-repository subfolder weights/config from an unpinned/d...

Snorkel MultitaskClassifier.load uses an unsafe torch.load

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the MultitaskClassifier.load method of the MultitaskClassifier class. The method loads model weight files using torch.load without enabling the security-restrictive weightsonly=True parameter. This...

EUVD-2025-27190

Malicious code in bioql PyPI...

PT-2025-5340 · Vllm · Vllm

Name of the Vulnerable Software and Affected Versions: vLLM versions prior to 0.7.0 Description: The issue concerns the vLLM library, specifically the vllm/model executor/weight utils.py file, which implements hf model weights iterator to load model checkpoints downloaded from Hugging Face. It...