All 45 CVE vulnerabilities found in vLLM, with AI-generated Chinese analysis, references, and POCs.
This page provides a comprehensive aggregation of Common Weakness Enumerations (CWE) related to the vllm open-source large language model inference engine, managed by the vllm development community. It collects security vulnerabilities affecting this specific product, covering incidents from its initial release through to the most recently disclosed issues. By accessing this resource, users can track vendor advisories issued by the vllm team, understand the specific characteristics and risk profiles of the weakness classes present in the software, and look up the product’s historical vulnerability data to assess long-term security trends. The vllm project, widely used for high-throughput and memory-efficient LLM serving, requires rigorous monitoring due to its complex architecture involving kernel optimizations and custom memory management systems. Flaws in these components can lead to severe security implications, including arbitrary code execution, denial of service, and information disclosure. This collection serves as a central reference point for security researchers, system administrators, and developers who rely on vllm in production environments. It aims to facilitate transparency by consolidating disparate reports into a single, accessible format. Understanding these vulnerabilities is critical for applying appropriate patches and configuring the inference engine securely. The data presented here is derived from official release notes, community reports, and automated scanning results, ensuring a holistic view of the threat landscape associated with this specific implementation. Users are encouraged to review these entries to inform their risk assessment and mitigation strategies.
Vendor: vllm-project
All 45 known CVE vulnerabilities affecting vLLM with full Chinese analysis, references, and POCs where available.