vllm has 5 known vulnerabilities on the latest version (0.23.0). DepScope rates its health at 70/100 (moderate risk).

What is the latest version of vllm?

The latest version of vllm is 0.23.0, released 2026-06-15.

Does vllm have known vulnerabilities?

Yes. vllm has 5 known vulnerabilities. See depscope.dev/pkg/pypi/vllm for details.

No, vllm is actively maintained. Latest release: 0.23.0 (2026-06-15).

What are alternatives to vllm?

Popular alternatives to vllm in PyPI include: boto3, packaging, urllib3, certifi, idna.

What license does vllm use?

vllm is licensed under Apache-2.0.

vllm

pypiv0.23.0

A high-throughput and memory-efficient inference and serving engine for LLMs

License Apache-2.0permissive89 versions1 maintainers92 deps1,204,657 weekly dl

vllm-project/vllm

/ 100

Health

safe to use

[email protected] is safe to use (health: 70/100)

Health breakdown0 – 100

25/25

maintenance

17/20

popularity

15/25

security

15/15

maturity

12/15

community

0/15

popularity_floor

Vulnerabilities

5 medium

Advisories (5)

Severity	ID	Summary	Fixed in
medium	CVE-2026-53923	vLLM: GGUF dequantize kernel int truncation exposes uninitialized GPU memory in multi-tenant serving	—
medium	CVE-2026-54233	vLLM: OOM Denial of Service via Audio Decompression Bomb	—
medium	CVE-2026-54235	vLLM: temperature=NaN and temperature=Infinity bypass validation and propagate to GPU kernels	—
medium	CVE-2026-12491	vLLM: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations	—
medium	CVE-2026-54236	vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router	—

Quality signals

Publish security

API token

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/pypi/vllm