vllm 0.10.1 vulnerabilities

Known vulnerabilities in the vllm package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
H Deserialization of Untrusted Data vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the `convert_param_value` function in the `Qwen3CoderToolParser` class, which uses eval() function to parse tool call parameters. An attacker can execute arbitrary code on the server by supplying malicious input. Note: This is exploitable if tool calling is enabled, the `qwen3_coder` parser is specified, and the parameter type is not explicitly defined or recognized. How to fix Deserialization of Untrusted Data? Upgrade `vllm` to version 0.10.1.1 or higher.	[0.10.0,0.10.1.1)
H Allocation of Resources Without Limits or Throttling vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to an `HTTP GET` request with an extremely large header being sent. An attacker can exhaust server memory and cause a crash or unresponsiveness by sending such a request. The attack does not require authentication, making it exploitable by any remote user. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `vllm` to version 0.10.1.1 or higher.	[,0.10.1.1)
H Deserialization of Untrusted Data vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the `SUB` ZeroMQ socket, where the deserialization is performed using the unsafe `pickle` library. An attacker on the same cluster can execute arbitrary code on the remote machine by sending maliciously crafted deserialized payloads. Note The V0 engine is off by default since v0.8.0, and the V1 engine is not affected. Due to the V0 engine's deprecated status and the invasive nature of a fix, the developers recommend ensuring a secure network environment if the V0 engine with multi-host tensor parallelism is still in use. How to fix Deserialization of Untrusted Data? There is no fixed version for `vllm`.	[0.5.2,)
H Deserialization of Untrusted Data vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the `MessageQueue.dequeue()` API function. An attacker can execute arbitrary code by sending a malicious payload to the message queue. How to fix Deserialization of Untrusted Data? There is no fixed version for `vllm`.	[0,)

Vulnerability

Vulnerable Version

Deserialization of Untrusted Data

vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the convert_param_value function in the Qwen3CoderToolParser class, which uses eval() function to parse tool call parameters. An attacker can execute arbitrary code on the server by supplying malicious input.

Note: This is exploitable if tool calling is enabled, the qwen3_coder parser is specified, and the parameter type is not explicitly defined or recognized.

How to fix Deserialization of Untrusted Data?

Upgrade vllm to version 0.10.1.1 or higher.

[0.10.0,0.10.1.1)

Allocation of Resources Without Limits or Throttling

vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to an HTTP GET request with an extremely large header being sent. An attacker can exhaust server memory and cause a crash or unresponsiveness by sending such a request. The attack does not require authentication, making it exploitable by any remote user.

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade vllm to version 0.10.1.1 or higher.

[,0.10.1.1)

Deserialization of Untrusted Data

vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the SUB ZeroMQ socket, where the deserialization is performed using the unsafe pickle library. An attacker on the same cluster can execute arbitrary code on the remote machine by sending maliciously crafted deserialized payloads.

Note The V0 engine is off by default since v0.8.0, and the V1 engine is not affected. Due to the V0 engine's deprecated status and the invasive nature of a fix, the developers recommend ensuring a secure network environment if the V0 engine with multi-host tensor parallelism is still in use.

How to fix Deserialization of Untrusted Data?

There is no fixed version for vllm.

[0.5.2,)

Deserialization of Untrusted Data

vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs

Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the MessageQueue.dequeue() API function. An attacker can execute arbitrary code by sending a malicious payload to the message queue.

How to fix Deserialization of Untrusted Data?

There is no fixed version for vllm.

[0,)

vllm@0.10.1 vulnerabilities

A high-throughput and memory-efficient inference and serving engine for LLMs

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities

How to fix?