{"package":"vllm","ecosystem":"pypi","latest_version":"0.19.0","description":"A high-throughput and memory-efficient inference and serving engine for LLMs","license":null,"homepage":"https://pypi.org/project/vllm/","repository":"https://github.com/vllm-project/vllm","downloads_weekly":0,"health":{"score":69,"risk":"moderate","breakdown":{"maintenance":25,"popularity":0,"security":17,"maturity":15,"community":12},"deprecated":false,"max_score":100},"vulnerabilities":{"count":4,"critical":0,"high":0,"medium":4,"low":0,"details":[{"vuln_id":"CVE-2024-11041","severity":"medium","summary":"vLLM Deserialization of Untrusted Data vulnerability","affected_versions":">=0","fixed_version":null,"source":"osv","published_at":"2025-03-20T12:32:41Z"},{"vuln_id":"CVE-2024-9053","severity":"medium","summary":"vLLM allows Remote Code Execution by Pickle Deserialization via AsyncEngineRPCServer() RPC server entrypoints","affected_versions":">=0","fixed_version":null,"source":"osv","published_at":"2025-03-20T12:32:50Z"},{"vuln_id":"CVE-2024-9052","severity":"medium","summary":"vLLM deserialization vulnerability in vllm.distributed.GroupCoordinator.recv_object","affected_versions":">=0","fixed_version":null,"source":"osv","published_at":"2025-03-20T12:32:50Z"},{"vuln_id":"CVE-2024-8939","severity":"medium","summary":"vLLM Denial of Service via the best_of parameter","affected_versions":">=0","fixed_version":null,"source":"osv","published_at":"2024-09-17T18:33:26Z"}]},"versions":{"latest":"0.19.0","total_count":81,"recent":["0.9.2","0.10.0","0.10.1","0.10.1.1","0.10.2","0.11.0","0.11.1","0.11.2","0.12.0","0.13.0","0.14.0","0.14.1","0.15.0","0.15.1","0.16.0","0.17.0","0.17.1","0.18.0","0.18.1","0.19.0"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":1,"first_published":null,"last_published":"2026-04-03T04:05:52.513885Z","dependencies_count":88,"dependencies":["regex","cachetools","psutil","sentencepiece","numpy","requests>=2.26.0","tqdm","blake3","py-cpuinfo","transformers<5,>=4.56.0","tokenizers>=0.21.1","protobuf!=6.30.*,!=6.31.*,!=6.32.*,!=6.33.0.*,!=6.33.1.*,!=6.33.2.*,!=6.33.3.*,!=6.33.4.*,>=5.29.6","fastapi[standard]>=0.115.0","aiohttp>=3.13.3","openai>=2.0.0","pydantic>=2.12.0","prometheus_client>=0.18.0","pillow","prometheus-fastapi-instrumentator>=7.0.0","tiktoken>=0.6.0","lm-format-enforcer==0.11.3","llguidance<1.4.0,>=1.3.0; platform_machine == \"x86_64\" or platform_machine == \"arm64\" or platform_machine == \"aarch64\" or platform_machine == \"s390x\" or platform_machine == \"ppc64le\"","outlines_core==0.2.11","diskcache==5.6.3","lark==1.2.2","xgrammar<1.0.0,>=0.1.32; platform_machine == \"x86_64\" or platform_machine == \"aarch64\" or platform_machine == \"arm64\" or platform_machine == \"s390x\" or platform_machine == \"ppc64le\"","typing_extensions>=4.10","filelock>=3.16.1","partial-json-parser","pyzmq>=25.0.0","msgspec","gguf>=0.17.0","mistral_common[image]>=1.10.0","opencv-python-headless>=4.13.0","pyyaml","six>=1.16.0; python_version > \"3.11\"","setuptools<81.0.0,>=77.0.3; python_version > \"3.11\"","einops","compressed-tensors==0.14.0.1","depyf==0.20.0","cloudpickle","watchfiles","python-json-logger","ninja","pybase64","cbor2","ijson","setproctitle","openai-harmony>=0.0.3","anthropic>=0.71.0","model-hosting-container-standards<1.0.0,>=0.1.13","mcp","opentelemetry-sdk>=1.27.0","opentelemetry-api>=1.27.0","opentelemetry-exporter-otlp>=1.27.0","opentelemetry-semantic-conventions-ai>=0.4.1","numba==0.61.2","torch==2.10.0","torchaudio==2.10.0","torchvision==0.25.0","flashinfer-python==0.6.6","flashinfer-cubin==0.6.6","nvidia-cudnn-frontend<1.19.0,>=1.13.0","nvidia-cutlass-dsl>=4.4.0.dev1","quack-kernels>=0.2.7","zentorch; extra == \"zen\"","pandas; extra == \"bench\"","matplotlib; extra == \"bench\"","seaborn; extra == \"bench\"","datasets; extra == \"bench\"","scipy; extra == \"bench\"","plotly; extra == \"bench\"","tensorizer==2.10.1; extra == \"tensorizer\"","fastsafetensors>=0.2.2; extra == \"fastsafetensors\"","instanttensor>=0.1.5; extra == \"instanttensor\"","runai-model-streamer[azure,gcs,s3]>=0.15.7; extra == \"runai\"","av; extra == \"audio\"","resampy; extra == \"audio\"","scipy; extra == \"audio\"","soundfile; extra == \"audio\"","mistral_common[audio]; extra == \"audio\"","petit-kernel; extra == \"petit-kernel\"","helion==0.3.2; extra == \"helion\"","smg-grpc-servicer[vllm]>=0.5.0; extra == \"grpc\"","opentelemetry-sdk>=1.26.0; extra == \"otel\"","opentelemetry-api>=1.26.0; extra == \"otel\"","opentelemetry-exporter-otlp>=1.26.0; extra == \"otel\"","opentelemetry-semantic-conventions-ai>=0.4.1; extra == \"otel\""]},"recommendation":{"action":"safe_to_use","issues":[],"use_version":"0.19.0","version_hint":null,"summary":"vllm@0.19.0 is safe to use (health: 69/100)"},"requested_version":null,"_cache":"miss","_response_ms":705,"_powered_by":"depscope.dev — free package intelligence for AI agents"}