Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo

vllm-project/vllm

https://github.com/vllm-project/vllm · scanned 2026-05-16 13:37 UTC (3 weeks, 3 days ago) · 10 languages

1310 raw signals (345 security + 965 graph) 8/10 scanners ran 6th percentile · Python · huge (>500K LoC) System graph score 82 (lower by 23)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 3 weeks, 5 days ago · v1 · 45 actionable findings from 1 signal source. 187 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON
Combined
60.6
/100
Security checks
40
45 findings
System graph
82
100.0% cov · 0 findings
Critical
1
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-17-v4 calibration-aware
Component Sub-score Weight Contribution
structure_score 60.0 0.15 9.00
security_score 0.0 0.25 0.00
testing_score 100.0 0.20 20.00
documentation_score 86.0 0.15 12.90
practices_score 65.0 0.15 9.75
code_quality 70.0 0.10 7.00
Overall 1.00 58.6
Calibrated penalty buckets (security_score): agent: 3.2 · docker: 86.6 · threat: 75.1
Severity distribution — click a segment to filter
Active filters: excluding tests × Reset all
Severity: Critical 1 High 16 Medium 8 Low 10 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 45 System graph 0 Crowd 0 Layer: Cicd 16 Security 14 Software 7 Quality 8
Scan summary Quality grade C (59/100). Dimensions: maintainability 60. 345 findings (16 security). 1,190,989 lines analyzed.

Showing 35 of 45 actionable findings. 232 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

critical Security checks cicd CI/CD security conf 0.96 3 occurrences Docker image bakes a secret-like ENV value
Remove the secret from the Dockerfile, rotate the value if real, and inject runtime secrets through your platform secret manager.
2 files, 3 locations
docker/Dockerfile.rocm:89, 549 (2 hits)
docker/Dockerfile.rocm_base:104
CI/CD securitycontainers
high Security checks security path traversal conf 0.80 3 occurrences [SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.
Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads.
3 files, 3 locations
benchmarks/multi_turn/benchmark_serving_multi_turn.py:1532
benchmarks/multi_turn/convert_sharegpt_to_openai.py:140
vllm/distributed/kv_transfer/kv_connector/v1/example_connector.py:433
high Security checks security secrets conf 1.00 [SEC021] Shell Trace Around Secret Handling: Shell xtrace is enabled near secret handling. CI and deployment logs can echo every command and expand secret values, turning a safe secret-store lookup into a credential leak.
Disable xtrace before reading secrets, re-enable it only after secret handling, and rotate any secret exposed in logs.
.buildkite/scripts/cleanup-nightly-builds.sh:39
high Security checks security secrets conf 1.00 [SEC021] Shell Trace Around Secret Handling: Shell xtrace is enabled near secret handling. CI and deployment logs can echo every command and expand secret values, turning a safe secret-store lookup into a credential leak.
Disable xtrace before reading secrets, re-enable it only after secret handling, and rotate any secret exposed in logs.
.buildkite/scripts/upload-release-wheels-pypi.sh:40
high Security checks software File upload conf 1.00 [SEC032] Unrestricted File Upload — no extension/MIME validation: File upload accepts the user's filename without validating extension, content-type, or magic bytes. Attackers upload `.php`, `.jsp`, or executable files to a web-served directory, then visit the URL to trigger RCE. CWE-434. Examples: Apache Struts (CVE-2017-9805), countless WordPress plugin RCEs.
Validate THREE things server-side: 1. Extension allowlist: ALLOWED = {'.png', '.jpg', '.pdf'} ext = Path(file.filename).suffix.lower() if ext not in ALLOWED: abort(400) 2. Magic-byte check (don't trust the extension): import magic mime = magic.from_buffer(file…
benchmarks/kernels/graph_machete_bench.py:25
high Security checks software File upload conf 1.00 [SEC032] Unrestricted File Upload — no extension/MIME validation: File upload accepts the user's filename without validating extension, content-type, or magic bytes. Attackers upload `.php`, `.jsp`, or executable files to a web-served directory, then visit the URL to trigger RCE. CWE-434. Examples: Apache Struts (CVE-2017-9805), countless WordPress plugin RCEs.
Validate THREE things server-side: 1. Extension allowlist: ALLOWED = {'.png', '.jpg', '.pdf'} ext = Path(file.filename).suffix.lower() if ext not in ALLOWED: abort(400) 2. Magic-byte check (don't trust the extension): import magic mime = magic.from_buffer(file…
setup.py:738
high Security checks cicd CI/CD security conf 0.62 4 occurrences Docker build secret exposed through ARG
Replace secret ARG usage with `RUN --mount=type=secret,id=name ...` and pass the value with `docker build --secret`.
4 files, 4 locations
docker/Dockerfile:291
docker/Dockerfile.nightly_torch:125
docker/Dockerfile.rocm:25
docker/Dockerfile.rocm_base:23
CI/CD securitycontainers
high Security checks cicd CI/CD security conf 0.92 5 occurrences Dockerfile pipes a remote script into a shell
Download the artifact, verify its checksum or signature, pin the version, and then execute it.
5 files, 5 locations
docker/Dockerfile:148
docker/Dockerfile.cpu:31
docker/Dockerfile.ppc64le:57
docker/Dockerfile.s390x:76
docker/Dockerfile.xpu:58
CI/CD securitycontainers
low Security checks quality Error handling conf 1.00 3 occurrences [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.
Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types.
3 files, 3 locations
setup.py:464
vllm/compilation/wrapper.py:245
vllm/env_override.py:578
low Security checks security Injection conf 0.50 [SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.
Use subprocess with shell=False and a list of args. Never eval user input.
vllm/platforms/cpu.py:57
low Security checks security Injection conf 0.50 [SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.
Use subprocess with shell=False and a list of args. Never eval user input.
vllm/utils/cpu_resource_utils.py:167
low Security checks security Deserialization conf 1.00 3 occurrences [SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.
Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data.
3 files, 3 locations
benchmarks/kernels/graph_machete_bench.py:26
vllm/compilation/caching.py:129
vllm/distributed/parallel_state.py:721
medium Security checks security Crypto conf 1.00 [SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks.
Enable SSL verification. Use verify=True (default) for requests. Pin certificates if needed.
vllm/entrypoints/openai/cli_args.py:265
medium Security checks security Crypto conf 1.00 [SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks.
Enable SSL verification. Use verify=True (default) for requests. Pin certificates if needed.
vllm/entrypoints/api_server.py:173
high Security checks quality Quality conf 0.72 Agent control bridge may listen on a network interface without visible auth
Bind local agent bridges to 127.0.0.1 by default. If remote access is required, require a bearer token or mTLS, enforce origin/CSRF checks for browser clients, and document the threat model.
examples/tool_calling/openai_responses_client_with_mcp_tools.py:30
high Security checks quality Quality conf 0.72 Agent control bridge may listen on a network interface without visible auth
Bind local agent bridges to 127.0.0.1 by default. If remote access is required, require a bearer token or mTLS, enforce origin/CSRF checks for browser clients, and document the threat model.
examples/deployment/chart-helm/values.yaml:2
medium Security checks cicd CI/CD security conf 0.94 2 occurrences Compose service `prometheus` image uses the latest tag
Pin to a maintained version tag or digest and update it deliberately through dependency automation.
lines 4, 13
examples/observability/prometheus_grafana/docker-compose.yaml:4, 13 (2 hits)
CI/CD securitycontainers
medium Security checks cicd CI/CD security conf 0.76 Docker build secret exposed through ARG
Replace secret ARG usage with `RUN --mount=type=secret,id=name ...` and pass the value with `docker build --secret`.
docker/Dockerfile.rocm:65 CI/CD securitycontainers
medium Security checks cicd CI/CD security conf 0.76 Docker build secret exposed through ARG
Replace secret ARG usage with `RUN --mount=type=secret,id=name ...` and pass the value with `docker build --secret`.
docker/Dockerfile.rocm_base:70 CI/CD securitycontainers
high Security checks cicd CI/CD security conf 0.82 8 occurrences Docker final stage has no non-root USER
Add a non-root USER in the final runtime stage after files and permissions are prepared.
8 files, 8 locations
docker/Dockerfile:904
docker/Dockerfile.cpu:240
docker/Dockerfile.nightly_torch:257
docker/Dockerfile.ppc64le:278
docker/Dockerfile.rocm:567
docker/Dockerfile.rocm_base:313
docker/Dockerfile.tpu:4
docker/Dockerfile.xpu:115
CI/CD securitycontainers
medium Security checks cicd CI/CD security conf 0.76 7 occurrences Dockerfile copies broad context with incomplete .dockerignore
Tighten .dockerignore or replace COPY . with explicit COPY statements.
7 files, 7 locations
docker/Dockerfile:436
docker/Dockerfile.cpu:115
docker/Dockerfile.nightly_torch:105
docker/Dockerfile.ppc64le:335
docker/Dockerfile.s390x:228
docker/Dockerfile.tpu:14
docker/Dockerfile.xpu:101
CI/CD securitycontainers
medium Security checks cicd CI/CD security conf 0.90 Dockerfile installs dependencies after copying the full source tree
Copy dependency manifests first, install dependencies in a cached layer, then copy the rest of the source tree.
docker/Dockerfile.nightly_torch:109 CI/CD securitycontainers
medium Security checks cicd CI/CD security conf 0.90 Dockerfile installs dependencies after copying the full source tree
Copy dependency manifests first, install dependencies in a cached layer, then copy the rest of the source tree.
docker/Dockerfile:778 CI/CD securitycontainers
high Security checks quality Quality conf 0.82 3 occurrences Parallel implementation file sits beside a canonical file
Merge the intended change into the canonical file, update tests/imports, and delete the parallel implementation if it is not the active entry point.
3 files, 3 locations
vllm/model_executor/models/hyperclovax_vision_v2.py:1
vllm/model_executor/models/mimo_v2.py:1
vllm/v1/executor/ray_executor_v2.py:1
high Security checks software dependencies conf 0.70 Remote install command pipes network code directly to a shell
Publish a package-manager install path or add checksum/signature verification before execution. For docs, show the inspect-then-run flow and pin the downloaded artifact version.
docs/getting_started/installation/cpu.s390x.inc.md:40
low Security checks cicd CI/CD security conf 0.72 .dockerignore misses sensitive defaults
Add missing patterns such as .env, .git, private keys, certificates, dependency folders, and local databases.
.dockerignore CI/CD securitycontainers
high Security checks cicd CI/CD security conf 0.56 2 occurrences Compose service does not declare a runtime user
Set a non-root `user:` in Compose or ensure the final image stage has a non-root USER directive.
lines 4, 13
examples/observability/prometheus_grafana/docker-compose.yaml:4, 13 (2 hits)
CI/CD securitycontainers
high Security checks cicd CI/CD security conf 0.62 2 occurrences Compose service lacks no-new-privileges hardening
Add `security_opt: ["no-new-privileges:true"]` unless the service has a documented need for privilege escalation.
lines 4, 13
examples/observability/prometheus_grafana/docker-compose.yaml:4, 13 (2 hits)
CI/CD securitycontainers
low Security checks cicd CI/CD security conf 0.72 12 occurrences Dockerfile installs recommended OS packages
Add `--no-install-recommends` and explicitly list only packages the image needs.
6 files, 12 locations
docker/Dockerfile.rocm_base:46, 62, 109, 173 (4 hits)
docker/Dockerfile.nightly_torch:23, 47, 173 (3 hits)
docker/Dockerfile.rocm:33, 430 (2 hits)
docker/Dockerfile:765
docker/Dockerfile.tpu:8
docker/Dockerfile.xpu:125
CI/CD securitycontainers
high Security checks cicd CI/CD security conf 0.72 90 occurrences Dockerfile keeps pip download cache
Use `pip install --no-cache-dir ...` in container builds.
9 files, 90 locations
docker/Dockerfile.rocm:37, 118, 161, 241, 327, 365, 393, 397, +7 more (15 hits)
docker/Dockerfile:201, 257, 418, 512, 609, 631, 643, 675, +6 more (14 hits)
docker/Dockerfile.nightly_torch:38, 71, 79, 82, 109, 188, 204, 208, +5 more (13 hits)
docker/Dockerfile.rocm_base:61, 110, 148, 176, 178, 189, 199, 221, +5 more (13 hits)
docker/Dockerfile.cpu:61, 112, 150, 165, 175, 187, 199, 213, +1 more (9 hits)
docker/Dockerfile.ppc64le:57, 86, 132, 164, 228, 238, 302, 324, +1 more (9 hits)
docker/Dockerfile.s390x:36, 44, 97, 110, 129, 189, 201, 235, +1 more (9 hits)
docker/Dockerfile.xpu:85, 109, 118, 159, 174 (5 hits)
CI/CD securitycontainers
low Security checks cicd CI/CD security conf 0.74 10 occurrences Dockerfile leaves apt package indexes in the image layer
End the apt install layer with `rm -rf /var/lib/apt/lists/*`.
6 files, 10 locations
docker/Dockerfile.rocm_base:46, 109, 173 (3 hits)
docker/Dockerfile.nightly_torch:23, 173 (2 hits)
docker/Dockerfile.xpu:8, 125 (2 hits)
docker/Dockerfile:765
docker/Dockerfile.cpu:31
docker/Dockerfile.rocm:33
CI/CD securitycontainers
low Security checks quality Quality conf 0.64 Duplicate top-level symbol appears in a patch-style file
Keep one authoritative implementation, update imports to point at it, and remove or rename the duplicate symbol.
vllm/model_executor/models/deepseek_v2.py:1
low Security checks quality Quality conf 0.64 Duplicate top-level symbol appears in a patch-style file
Keep one authoritative implementation, update imports to point at it, and remove or rename the duplicate symbol.
vllm/model_executor/models/hunyuan_v1.py:1
low Security checks quality Quality conf 0.60 30 occurrences Duplicated implementation block across source files
Duplicate implementation blocks are maintenance debt. Keep them visible, but they are not a high-severity defect unless the duplicated logic is security-sensitive or drifting.
12 files, 22 locations
csrc/cpu/cpu_attn_vxe.hpp:62, 190, 233 (3 hits)
csrc/cpu/cpu_types_x86.hpp:32, 651, 652 (3 hits)
csrc/cpu/cpu_attn_vec.hpp:151, 189 (2 hits)
csrc/cpu/cpu_attn_vec16.hpp:5, 117 (2 hits)
csrc/cpu/cpu_attn_vsx.hpp:90, 174 (2 hits)
csrc/cpu/cpu_types_vxe.hpp:7, 528 (2 hits)
csrc/cpu/sgl-kernels/moe_fp8.cpp:1, 17 (2 hits)
vllm/model_executor/models/mimo_v2.py:27, 30 (2 hits)
duplicationquality
high Security checks quality Quality conf 0.62 7 occurrences Source file name looks like an AI patch artifact
Rename it to the domain concept it implements or merge it into the existing module it was meant to change.
7 files, 7 locations
vllm/model_executor/models/deepseek_v2.py:1
vllm/model_executor/models/hunyuan_v1.py:1
vllm/model_executor/models/hy_v3.py:1
vllm/renderers/deepseek_v32.py:1
vllm/tokenizers/deepseek_v32.py:1
vllm/transformers_utils/configs/deepseek_v4.py:1
vllm/transformers_utils/configs/hy_v3.py:1
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/cea585c0-944b-4614-9116-8abca2930bfe/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/cea585c0-944b-4614-9116-8abca2930bfe/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.