Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,758
Maven
5,000+
npm
4,364
NuGet
766
pip
4,132
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4 advisories

Loading
vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs` Moderate
CVE-2025-62426 was published for vllm (pip) Nov 20, 2025
russellb Isotr0py
DarkLight1337
Credited to russellb, Isotr0py, and DarkLight1337
vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server Moderate
CVE-2025-61620 was published for vllm (pip) Oct 7, 2025
key-moon Ga-ryo
ota42y Alnusjaponica Isotr0py DarkLight1337
Credited to key-moon, Ga-ryo, ota42y, Alnusjaponica, Isotr0py, and DarkLight1337
vLLM has a Weakness in MultiModalHasher Image Hashing Implementation Moderate
CVE-2025-46722 was published for vllm (pip) May 28, 2025
kexinoh DarkLight1337
russellb
Credited to kexinoh, DarkLight1337, and russellb
phi4mm: Quadratic Time Complexity in Input Token Processing​ leads to denial of service Moderate
CVE-2025-46560 was published for vllm (pip) Apr 29, 2025
kexinoh d3do-23
lonelyuan russellb DarkLight1337 Isotr0py
Credited to kexinoh, d3do-23, lonelyuan, russellb, DarkLight1337, and Isotr0py
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database