VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
Advisories the vendor has revised
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image processors, retrieval side weights, or same-repository subfolder weights/config from an unpinned/default revision. This is a supply-chain integrity issue for pinned vLLM deployments. Operators can believe they are serving a reviewed model revision while vLLM resolves behavior-affecting nested or sibling artifacts outside that reviewed revision. This vulnerability is fixed in 0.22.0. This issue can lead to a supply-chain integrity compromise, where operators may unknowingly serve models with unreviewed or unintended behavior. Red Hat rates this issue as having Moderate impact. The flaw is a supply-chain integrity issue when operators pin a HuggingFace model revision but vLLM may still load nested artifacts from an unpinned revision. It affects Red Hat AI Inference Server, Red Hat OpenShift AI, and Red Hat Enterprise Linux AI images that ship vLLM versions prior to 0.22.0. KServe control-plane components that bundle vLLM as a library are not affected. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N). Weakness: CWE-829.
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.1, the vLLM Dockerfile is vulnerable to a dependency confusion attack through the flashinfer-jit-cache package. The package is installed from a custom index (flashinfer.ai/whl/) using --extra-index-url, but the package name was not registered on PyPI, and UV_INDEX_STRATEGY="unsafe-best-match" is set globally. An attacker who registers flashinfer-jit-cache on PyPI with version 0.6.11.post2 can execute arbitrary code as root during the Docker build and backdoor every resulting container image, enabling exfiltration of all user prompts, API credentials, and model data from production vLLM deployments This vulnerability is fixed in 0.22.1. CVE-2026-54232 is a build-time dependency confusion issue in upstream vLLM Dockerfiles before 0.22.1. It does not allow remote exploitation of a running vLLM inference service. Red Hat OpenShift AI is not affected. Red Hat AI Inference Server and RHEL AI CUDA images that include flashinfer-jit-cache are in scope for build-process review, but Red Hat has no evidence that shipped images were compromised. Red Hat severity: Moderate — CVSS 5.7 (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N). Weakness: CWE-426. Affected Red Hat products: Red Hat AI Inference Server; Red Hat Enterprise Linux AI (RHEL AI) 3. Red Hat does not currently list a fixing RHSA for this CVE.
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, vLLM's /v1/audio/transcriptions endpoint limits compressed upload size but not decoded PCM output. A 25MB OPUS file expands to ~14.9GB of float32 PCM at decode time. This vulnerability is fixed in 0.23.1rc0. A remote attacker could exploit a vulnerability in the `/v1/audio/transcriptions` endpoint. By uploading a specially crafted compressed audio file, such as an OPUS file, the attacker could cause the system to allocate an excessive amount of memory during the decoding process. This uncontrolled memory allocation can lead to a Denial of Service (DoS) condition, making the service unavailable to legitimate users. Red Hat rates this issue as having Moderate impact. A crafted audio upload to the vLLM /v1/audio/transcriptions endpoint can cause excessive decoded PCM allocation and denial of service. Affected components are vLLM serving images in Red Hat AI Inference Server, Red Hat OpenShift AI, and Red Hat Enterprise Linux AI bootc that ship vLLM prior to 0.23.1. KServe sidecars are not affected. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-770. Red Hat lists Red Hat OpenShift AI (RHOAI) as not affected. Red Hat does not currently list a fixing RHSA for this CVE.
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, the fix for CVE-2026-22778, which introduced a sanitize_message helper that strips object-repr memory addresses from error messages before they reach the client, is incomplete: several response paths echo str(exc) directly to clients without calling sanitize_message. The unsanitized sites include the Anthropic API router in vllm/entrypoints/anthropic/api_router.py (the POST /v1/messages and POST /v1/messages/count_tokens handlers), the Server-Sent Events streaming converter in vllm/entrypoints/anthropic/serving.py, and the realtime speech-to-text WebSocket in vllm/entrypoints/speech_to_text/realtime/connection.py. These paths catch the exception inside the route coroutine and construct the JSONResponse themselves, bypassing the sanitizing global FastAPI exception handler, and WebSocket frames do not traverse that handler chain at all. Using the same primitive as the parent issue, an unauthenticated attacker can send malformed image bytes through the Anthropic Messages API image content parts so that PIL.Image.open raises an UnidentifiedImageError whose message contains the BytesIO object repr, leaking the heap memory address verbatim in the error.message field of the response body. This vulnerability is fixed in 0.23.1rc0.
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, ll temperature validation gates use comparison operators (<, >), which silently evaluate to False for NaN and for positive Infinity in Python's IEEE 754 float semantics. Both values pass every guard and propagate to GPU sampling kernels, where they produce undefined behavior or CUDA errors that can crash the inference worker. This vulnerability is fixed in 0.23.1rc0. This could allow an attacker to cause a Denial of Service (DoS) by providing specially crafted input. This Moderate impact flaw in vLLM, as used in Red Hat AI Inference Server, Red Hat OpenShift AI, and Red Hat Enterprise Linux AI, allows for a denial of service. Improper validation of floating-point values like Not-a-Number (NaN) or positive Infinity in temperature parameters can bypass security checks, leading to undefined behavior or CUDA errors that crash the inference worker. This could be exploited by providing specially crafted input to the LLM inference engine. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L). Weakness: CWE-1287. Affected Red Hat products: Red Hat AI Inference Server 3.2; Red Hat AI Inference Server; Red Hat Enterprise Linux AI (RHEL AI) 3; Red Hat OpenShift AI (RHOAI). Red Hat lists Red Hat OpenShift AI (RHOAI) as not affected.
vLLM is an inference and serving engine for large language models (LLMs). From 0.5.5 until 0.23.1rc0, integer truncation of tensor dimensions in vLLM's GGUF dequantize kernels (csrc/quantization/gguf/gguf_kernel.cu) causes partial tensor processing. The output tensor is allocated at full size via torch::empty (uninitialized memory), but the dequantize CUDA kernel processes only a truncated number of elements. The unfilled portion of the output tensor retains whatever was previously in GPU memory. In multi-tenant inference deployments, this residual GPU memory may contain tensor data from other users' inference requests, constituting information disclosure. This vulnerability is fixed in 0.23.1rc0. A flaw was found in vLLM. Red Hat rates this issue as having Low impact for Red Hat AI products. The upstream issue is limited information disclosure via integer truncation in vLLM sampling parameters. Red Hat OpenShift AI, Red Hat AI Inference Server, and Red Hat Enterprise Linux AI images are not considered affected because untrusted clients cannot control the vulnerable parameters in supported deployment models. Red Hat severity: Low — CVSS 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). Weakness: CWE-824.
WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnerable to an open redirect: WebOb joins the redirect target to the request URI using Python's urljoin, and since Python 3.10 the underlying urlsplit strips ASCII tab, carriage return, and newline characters before parsing, so a redirect target containing such characters can be reinterpreted as a protocol-relative URL whose authority is an attacker-controlled host. This bypasses the CVE-2024-42353 fix that escaped a leading double slash, allowing an attacker who influences the redirect location to send users to an arbitrary external site instead of the intended one. This vulnerability is fixed in 1.8.10. Due to improper normalization of the Location header, specifically how certain ASCII characters are handled, an attacker can cause a user to be redirected to an arbitrary external website instead of the intended destination. This open redirect vulnerability can lead to information disclosure and impact the integrity of user sessions. This is rated as Moderate (CVSS 6.1) because exploitation requires user interaction — a victim must click a crafted link that triggers the redirect (UI:R).
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer. This vulnerability is fixed in 6.13.1. A flaw was found in pypdf. This vulnerability can result in a Denial of Service (DoS) condition, making the affected system unresponsive. Red Hat rates this issue as Moderate severity (CVSS 5.9) because exploitation requires a specially crafted PDF containing thread/article objects to be processed by pypdf's merge functionality. Weakness: CWE-835. Affected Red Hat products: Exploit Intelligence; OpenShift Lightspeed; Red Hat Ansible Automation Platform 2; Red Hat Enterprise Linux AI (RHEL AI) 3; Red Hat OpenShift AI (RHOAI); Red Hat Quay 3. Red Hat does not currently list a fixing RHSA for this CVE.
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /FlateDecode filter with a PNG predictor. This vulnerability is fixed in 6.12.2. A flaw was found in pypdf (before 6.12.2). pypdf is vulnerable to denial of service when parsing a crafted PDF containing a /FlateDecode stream with a PNG predictor. An attacker who can supply such a document for processing may cause the application to hang on long runtimes. Red Hat exposure is in Python services that use pypdf for PDF ingestion, including Quay, OpenShift logging/observability tooling, and other containerized apps that bundle the library for document handling. Red Hat severity: Moderate — CVSS 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-770. Red Hat lists Exploit Intelligence; OpenShift Lightspeed; Red Hat Ansible Automation Platform 2; Red Hat Enterprise Linux AI (RHEL AI) 3; Red Hat OpenShift AI (RHOAI); Red Hat Quay 3 as not affected.
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting the text of a page which contains a form XObject with self-references. This vulnerability is fixed in 6.12.2. A flaw was found in pypdf. An attacker can craft a malicious PDF document containing a form XObject with self-references. When a user attempts to extract text from a page within this crafted PDF, it can lead to excessive memory consumption. This vulnerability may result in a Denial of Service (DoS) due to resource exhaustion. Moderate: A flaw in pypdf and python-PyPDF2 can lead to a denial of service due to excessive memory consumption. This occurs when processing a specially crafted PDF document containing self-referencing form XObjects during text extraction. The vulnerability requires user interaction to trigger the text extraction process. Red Hat severity: Moderate — CVSS 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-835. Affected Red Hat products: Exploit Intelligence; OpenShift Lightspeed; Red Hat Ansible Automation Platform 2; Red Hat Enterprise Linux AI (RHEL AI) 3; Red Hat OpenShift AI (RHOAI); Red Hat Quay 3. Red Hat does not currently list a fixing RHSA for this CVE.
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0. A flaw was found in pypdf (before 6.13.0). A crafted PDF with outlines can trigger an infinite loop when merged into a PdfWriter, causing denial of service. An attacker who can supply such a document for merge processing may hang the application indefinitely. Red Hat exposure mirrors other pypdf consumers: Python services that merge or rewrite PDFs using the library in Quay, observability, and hybrid platform containers. Red Hat severity: Moderate — CVSS 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-835. Red Hat lists Exploit Intelligence; OpenShift Lightspeed; Red Hat Ansible Automation Platform 2; Red Hat Enterprise Linux AI (RHEL AI) 3; Red Hat OpenShift AI (RHOAI); Red Hat Quay 3 as not affected.
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode. This vulnerability is fixed in 6.13.0. This vulnerability results in a Denial of Service (DoS), making the affected system unresponsive. This Moderate impact flaw in pypdf affects Red Hat products that process untrusted PDF files and extract text in layout mode. An attacker could provide a specially crafted PDF, leading to an infinite loop and a Denial of Service. The vulnerability requires specific processing conditions, contributing to its Moderate severity. Affected method: extract_text(extraction_mode="layout") Red Hat severity: Moderate — CVSS 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-835. Affected Red Hat products: Exploit Intelligence; OpenShift Lightspeed; Red Hat Ansible Automation Platform 2; Red Hat Enterprise Linux AI (RHEL AI) 3; Red Hat OpenShift AI (RHOAI); Red Hat Quay 3. Red Hat does not currently list a fixing RHSA for this CVE.
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing literals, it may still be possible to inject arbitrary IMAP commands inside non-synchronizing literals. A server without support for non-synchronizing literals may interpret the "+}\r\n" as the end of a malformed command line and respond with a tagged BAD. In that case, the contents of the literal will be interpreted as one or more new pipelined commands, allowing a CRLF command injection attack to succeed. This affects criteria for #search and #uid_search; search_keys for #sort, #thread, #uid_sort, and #uid_thread; and attr for #fetch and #uid_fetch. This vulnerability is fixed in 0.6.5 and 0.5.15. This command injection could enable unauthorized actions on the IMAP server. This Moderate flaw in the Net::IMAP Ruby library allows for command injection against IMAP servers that lack support for non-synchronizing literals. An attacker could exploit this by providing specially crafted input, leading to the execution of arbitrary IMAP commands and potential unauthorized actions.
Net::IMAP: Denial of Service via malformed command input. Red Hat rates this moderate (CVSS 5.9). Weakness: CWE-88. Red Hat lists fixing advisory RHSA-2026:34293 with package ruby4-0-main-4.0.0-33.4.hum1, ruby3-4-main-3.4.8-31.3.hum1, ruby3-3-main-3.3.10-23.2.hum1.
opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 2.8.0, W3CBaggagePropagator.extract() in @opentelemetry/core does not enforce size limits when parsing inbound baggage HTTP headers. The W3C Baggage specification recommends a maximum of 8,192 bytes and 180 entries; these limits were only enforced on the outbound (inject()) path, not on the inbound (extract()) path. Parsing oversized baggage causes memory allocation proportional to the header size without any cap. This vulnerability is fixed in 2.8.0. This vulnerability allows a remote attacker to trigger uncontrolled memory allocation by sending oversized baggage HTTP headers. The system's inability to enforce size limits during inbound baggage parsing can lead to resource exhaustion, resulting in a Denial of Service (DoS). Red Hat products ship @opentelemetry/core as a transitive dependency in several components, but the vulnerable W3CBaggagePropagator.extract() code path has limited practical impact. Node.js enforces a default --max-http-header-size of 16,384 bytes, which caps the total size of all HTTP headers before they reach the propagator. The baggage header is already parsed and in memory by the HTTP layer; the additional allocation from the propagator is only the overhead of splitting into entry objects, not an unbounded read.
Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the HTTP request path is not validated before being used to reconstruct request.url. Because request.url is rebuilt by concatenating {scheme}://{host}{path} and re-parsing the result, a path that does not begin with / (for example @google.com) moves the authority boundary during re-parsing, so request.url.hostname and request.url.netloc become attacker-controlled. Code that reads request.url.hostname (rather than the Host header or scope) can therefore be misled into trusting an attacker-supplied host. This vulnerability is fixed in 1.3.0. A remote attacker could craft a malicious HTTP request path that does not begin with a forward slash, causing the framework to misinterpret the authority boundary. This could lead to `request.url.hostname` and `request.url.netloc` becoming attacker-controlled, potentially misleading applications that rely on these values into trusting an attacker-supplied host. Red Hat rates this issue as having Low impact for Red Hat AI products. Bundled Starlette versions in Red Hat OpenShift AI, Red Hat AI Inference Server, and Red Hat Enterprise Linux AI are either not vulnerable or the flawed path validation is not reachable in supported deployments. Red Hat severity: Low — CVSS 4.8 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). Weakness: CWE-1286.
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined requests that could be queued. An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS. This vulnerability is fixed in 3.14.1. An attacker could exploit this vulnerability by sending an unlimited number of pipelined requests, causing the system to consume excessive amounts of memory. This could lead to a Denial of Service (DoS), making the affected system unavailable to legitimate users. This vulnerability is rated Moderate because an unauthenticated remote attacker can trigger denial of service against an affected aiohttp HTTP/1 server by sending a large number of pipelined requests, causing excessive memory consumption. Exploitation requires aiohttp to be deployed as an HTTP/1 server that accepts pipelined requests from untrusted clients. Many Red Hat products ship aiohttp as a bundled dependency for client libraries, internal automation, or services that do not expose this server behavior to untrusted users. In those configurations, practical risk may be lower, but affected packages should still be updated to aiohttp 3.14.1 or later when fixes are released. Red Hat severity: Moderate — CVSS 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-770.
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, during cleanup it is possible for a compressed request body to be decompressed into memory in one chunk. An attacker may be able to send a compressed payload in specific situations that could be decompressed into memory, potentially leading to DoS (a zip bomb edge case). This vulnerability is fixed in 3.14.1. This could potentially lead to a Denial of Service (DoS) condition, where the affected system becomes unresponsive or unavailable. Exploitation requires aiohttp deployed as a network-facing HTTP server that accepts compressed request bodies. Many Red Hat products ship aiohttp as a bundled dependency for client libraries, internal automation, or services that do not expose this server path to untrusted users. In those configurations, practical risk may be lower, but affected packages should still be updated to aiohttp 3.14.1 or later when fixes are released. Red Hat severity: Moderate — CVSS 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-409.
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, it is possible to bypass the max_line_size check in parts of an HTTP request in the C parser. If using the optimised C parser (the default in pre-built wheels), then an attacker may be able to send oversized lines through the HTTP parser and use an excessive amount of memory, potentially leading to DoS. This vulnerability is fixed in 3.14.1. A remote attacker can exploit this vulnerability by sending oversized lines within an HTTP request. This bypasses the max_line_size check in the C parser, causing the system to use an excessive amount of memory. This can lead to a Denial of Service (DoS) condition, making the affected system unavailable. Exploitation requires aiohttp to be deployed as a network-facing HTTP server using the optimised C parser (the default in pre-built wheels). Many Red Hat products ship aiohttp as a bundled dependency for client libraries, internal automation, or services that do not expose this server/parser path to untrusted users. In those configurations, practical risk may be lower, but affected packages should still be updated to aiohttp 3.14.1 or later when fixes are released. Red Hat severity: Moderate — CVSS 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-131.
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the server_hostname TLS SNI check can be bypassed when an existing connection is reused. This vulnerability is fixed in 3.14.1. This vulnerability allows a remote attacker to bypass the Transport Layer Security (TLS) Server Name Indication (SNI) check. This occurs when an application reuses an existing connection for multiple requests to the same domain but with different server_hostname parameters. Consequently, later requests may succeed by reusing the existing connection, even if they should have been rejected due to the TLS SNI check, potentially leading to unintended information disclosure or integrity issues. Exploitation requires an application using aiohttp as an HTTPS client with connection pooling enabled, issuing multiple requests to the same host with differing server_hostname overrides. Many Red Hat products ship aiohttp as a bundled dependency without this usage pattern. Affected packages should still be updated to aiohttp 3.14.1 or later when fixes are released. Red Hat severity: Moderate — CVSS 4.8 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). Weakness: CWE-367.