pypi:vllmThis dossier links the stable identity pypi:vllm to 3 exact observed versions across 3 public repositories.
A package identity or provider interface in published code does not prove configuration, an account, procurement, data transfer or an API call.
ecosystem:name + exact version + evidence pathPublication age and licenses come from deps.dev metadata. They are context—not a maintenance, legal or portability verdict.
03 May 202521 Aug 202504 Oct 2025uba-ki-lab/coding-agent-usage-simulationuv.lockuba-ki-lab/llm-questionnaire-benchmarking-frameworkuv.lockuba-ki-lab/llm-testframeworkuv.lockvLLM affected by RCE via auto_map dynamic module loading during model initialization
17 Jul 2026vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class
07 Jul 2026vLLM: Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server
17 Jul 2026vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors
17 Jul 2026Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching
04 Feb 2026vLLM has RCE In Video Processing
17 Jul 2026vLLM: GGUF dequantize kernel int truncation exposes uninitialized GPU memory in multi-tenant serving
17 Jul 2026vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`
17 Jul 2026vLLM: Processing differential in multi-channel audio downmixing enables hidden-input/moderation bypass for audio models
17 Jul 2026vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server
07 Jul 2026vLLM: OOM Denial of Service via Audio Decompression Bomb
17 Jul 2026vLLM DOS: Remotely kill vllm over http with invalid JSON schema
04 Feb 2026vLLM has Hardcoded Trust Override in Model Files Enables RCE Despite Explicit User Opt-Out
17 Jul 2026vLLM: temperature=NaN and temperature=Infinity bypass validation and propagate to GPU kernels
17 Jul 2026vLLM vulnerable to remote code execution via transformers_utils/get_config
17 Jul 2026vLLM: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations
17 Jul 2026vLLM: OpenAI auth bypass
17 Jul 2026vllm has Improper Resource Shutdown or Release
13 Jul 2026vLLM allows clients to crash the openai server with invalid regex
04 Feb 2026Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration
17 Jul 2026vLLM has a Weakness in MultiModalHasher Image Hashing Implementation
04 Feb 2026vLLM is vulnerable to DoS in Idefics3 vision models via image payload with ambiguous dimensions
08 Jun 2026vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router
13 Jul 2026vLLM Vulnerable to Remote DoS via Special-Token Placeholders
17 Jul 2026vLLM vulnerable to Regular Expression Denial of Service
08 Jul 2026vLLM introduced enhanced protection for CVE-2025-62164
27 Jun 2026vLLM deserialization vulnerability leading to DoS and potential RCE
17 Jul 2026vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs
17 Jul 2026vLLM: Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing
17 Jul 2026vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution
17 Jul 2026vLLM vulnerable to Server-Side Request Forgery (SSRF) through MediaConnector
17 Jul 2026vLLM: ReDoS via structured_outputs.regex compiled without timeout in xgrammar and outlines backends
17 Jul 2026vllm API endpoints vulnerable to Denial of Service Attacks
17 Jul 2026vLLM Tool Schema allows DoS via Malformed pattern and type Fields
17 Jul 2026vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pythonic_tool_parser.py`
10 Jun 2026vLLM is vulnerable to timing attack at bearer auth
17 Jul 2026vLLM makes Use of Uninitialized Resource
13 Jul 2026Not reported
26 Jun 2026Not reported
13 Jul 2026Only exact npm and PyPI tuples are enriched. Reported SPDX expressions are metadata; no compatibility, obligation or legal conclusion is inferred.
Retrieval, parsing, matching and publishing use no generative AI model.i6eal (2026): vLLM — exact AI dependency evidence dossier, data state 19 Jul 2026. https://i6eal.de/en/tools/ki-abhaengigkeitsatlas/paket/vllm-571f04fc/
We build source-backed data products with stable identities, reproducible joins and boundaries that remain visible.
These tools complement the current result.