Package impact
PIP / vllm
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44223 | medium | 6.5 | 6.5 | 22d ago | vLLM is an inference and serving engine for large language models (LLMs). From to before 0.20.0, the extract_hidden_states speculative decoding proposer in vLLM returns a tensor with an incorrect sh… | |||
| CVE-2026-7141 | medium | 5.6 | 5.6 | 1mo ago | vLLM makes Use of Uninitialized Resource |