vllm vulnerabilities

A high-throughput and memory-efficient inference and serving engine for LLMs

0.10.1.1

2 years ago

22 days ago

Known vulnerabilities in the vllm package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
H Deserialization of Untrusted Data	[0.10.0,0.10.1.1)
H Allocation of Resources Without Limits or Throttling	[,0.10.1.1)
M Regular Expression Denial of Service (ReDoS)	[0.6.3,0.9.0)
M Timing Attack	[,0.9.0)
H Improper Input Validation	[0.8.0,0.9.0)
M Incomplete Comparison with Missing Factors	[0.7.0,0.9.0)
H Uncaught Exception	[0.8.0,0.9.0)
M Regular Expression Denial of Service (ReDoS)	[0.6.4,0.9.0)
H Uncaught Exception	[0.8.0,0.9.0)
C Deserialization of Untrusted Data	[0.6.5,0.8.5)
H Deserialization of Untrusted Data	[0.5.2,)
H Inefficient Algorithmic Complexity	[0.8.0,0.8.5)
C Deserialization of Untrusted Data	[0.6.5,0.8.5)
M Binding to an Unrestricted IP Address	[0.5.2,0.8.5)
H Deserialization of Untrusted Data	[0,)
C Deserialization of Untrusted Data	[,0.6.2)
H Allocation of Resources Without Limits or Throttling	[,0.8.0)
C Deserialization of Untrusted Data	[0.6.5,0.8.0)
L Use of Weak Hash	[,0.7.2)
H Deserialization of Untrusted Data	[,0.7.0)
M Uncontrolled Resource Consumption ('Resource Exhaustion')	[,0.6.3)
H Improper Validation of Syntactic Correctness of Input	[,0.5.5)

65 VERSIONS IN TOTAL