GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,269
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,487
Swift
61
Unreviewed advisories
All unreviewed
5,000+
16 advisories
Filter by severity
vLLM: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations
Moderate
CVE-2026-12491
was published
for
vllm
(pip)
Jun 17, 2026
vLLM: Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing
Moderate
CVE-2026-34755
was published
for
vllm
(pip)
Apr 3, 2026
vLLM affected by RCE via auto_map dynamic module loading during model initialization
High
CVE-2026-22807
was published
for
vllm
(pip)
Jan 21, 2026
vLLM is vulnerable to DoS in Idefics3 vision models via image payload with ambiguous dimensions
Moderate
CVE-2026-22773
was published
for
vllm
(pip)
Jan 13, 2026
vLLM vulnerable to remote code execution via transformers_utils/get_config
High
CVE-2025-66448
was published
for
vllm
(pip)
Dec 2, 2025
vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`
Moderate
CVE-2025-62426
was published
for
vllm
(pip)
Nov 20, 2025
vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs
High
CVE-2025-62372
was published
for
vllm
(pip)
Nov 20, 2025
vLLM deserialization vulnerability leading to DoS and potential RCE
High
CVE-2025-62164
was published
for
vllm
(pip)
Nov 20, 2025
vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class
High
CVE-2025-6242
was published
for
vllm
(pip)
Oct 7, 2025
vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server
Moderate
CVE-2025-61620
was published
for
vllm
(pip)
Oct 7, 2025
vLLM has a Weakness in MultiModalHasher Image Hashing Implementation
Moderate
CVE-2025-46722
was published
for
vllm
(pip)
May 28, 2025
Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching
Low
CVE-2025-46570
was published
for
vllm
(pip)
May 28, 2025
phi4mm: Quadratic Time Complexity in Input Token Processing leads to denial of service
Moderate
CVE-2025-46560
was published
for
vllm
(pip)
Apr 29, 2025
ProTip!
Advisories are also available from the
GraphQL API