huntr: vllm-project/vllm

vllm-project / vllm

A high-throughput and memory-efficient inference and serving engine for LLMs

Submit a report

FIRST INTERACTION

WITHIN34 DAYS

REVIEW

WITHIN35 DAYS

FIX

WITHINN/A DAYS

vllm-project

vLLM Server Unsafe Deserialization Leads to Arbitrary Code Execution

Mar 22nd 2025

racerz-fighting•

not applicable

vllm-project

Remote Code Execution in Insecure Pickle Deserialization via recv_obj() in class...

Feb 20th 2025

duplicate

Critical

vllm-project

vLLM Server Unsafe Deserialization Leads to Arbitrary Code Execution

Feb 1st 2025

informative

Critical

vllm-project

Remote Code Execution by Pickle Deserialization via MessageQueue.dequeue() Broad...

Dec 30th 2024

Critical

•$1500

Critical

•$1500•CVE-2024-11041

vllm-project

"POST /v1/completions" and "POST /v1/embeddings" Denials of Service

Dec 16th 2024

High

•$750

High

•$750•CVE-2024-11040

vllm-project

vllm has Cloudpickle deserializes arbitrary command execution

Dec 7th 2024

duplicate

Critical

vllm-project

Remote Code Execution by Pickle Deserialization via AsyncEngineRPCServer() RPC s...

Dec 6th 2024

Critical

•$1500

Critical

•$1500•CVE-2024-9053

vllm-project

Remote Code Execution by Pickle Deserialization via recv_object() distributed tr...

Dec 6th 2024

Critical

•$1500

Critical

•$1500•CVE-2024-9052

vllm-project

Command Injection in nccl_integrity_check function

Jun 12th 2024

informative

High

vllm-project

Malicious model to RCE by torch.load in hf_model_weights_iterator (as well as th...

May 28th 2024

informative

Critical

CRITICAL

$0

HIGH

$0

MEDIUM

$0

LOW

$0