MED
SEC031[SEC031] Catastrophic Backtracking Regex (ReDoS): Regex contains nested quantifiers like …
vllm/tool_parsers/pythonic_tool_parser.…:48
MED
SEC031[SEC031] Catastrophic Backtracking Regex (ReDoS): Regex contains nested quantifiers like …
vllm/tool_parsers/olmo3_tool_parser.py:50
MED
SEC031[SEC031] Catastrophic Backtracking Regex (ReDoS): Regex contains nested quantifiers like …
vllm/tool_parsers/llama4_pythonic_tool_…:46
MED
SEC014[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing ma…
vllm/entrypoints/openai/cli_args.py:265
MED
SEC011[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execut…
vllm/model_executor/models/adapters.py:95
MED
SEC034[SEC034] Log Injection / Log Forging — unsanitized user input in log: User input is logge…
benchmarks/multi_turn/benchmark_serving…:565
MED
SEC014[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing ma…
vllm/entrypoints/api_server.py:173
MED
SEC011[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execut…
vllm/renderers/embed_utils.py:29
MED
SEC007[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.
vllm/distributed/parallel_state.py:721
MED
SEC007[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.
vllm/compilation/caching.py:129
MED
SEC007[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.
benchmarks/kernels/graph_machete_bench.…:26
MED
SEC015[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. …
vllm/benchmarks/latency.py:103
MED
SEC015[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. …
benchmarks/benchmark_ngram_proposer.py:55
MED
SEC015[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. …
benchmarks/benchmark_prefix_caching.py:139
MED
ERR001[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even…
vllm/compilation/wrapper.py:245
MED
ERR001[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even…
vllm/env_override.py:578
MED
ERR001[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even…
setup.py:464
MED
DKR003Compose service `grafana` image uses the latest tag
examples/observability/prometheus_grafa…:13
MED
DKR003Compose service `prometheus` image uses the latest tag
examples/observability/prometheus_grafa…:4
MED
DKR017Dockerfile installs dependencies after copying the full source tree
docker/Dockerfile.nightly_torch:109
MED
DKR017Dockerfile installs dependencies after copying the full source tree
docker/Dockerfile:778
MED
DKR001Docker final stage has no non-root USER
docker/Dockerfile.rocm:567
MED
DKR001Docker final stage has no non-root USER
docker/Dockerfile:904
MED
DKR001Docker final stage has no non-root USER
docker/Dockerfile.xpu:115
MED
DKR001Docker final stage has no non-root USER
docker/Dockerfile.tpu:4
MED
DKR001Docker final stage has no non-root USER
docker/Dockerfile.rocm_base:313
MED
DKR001Docker final stage has no non-root USER
docker/Dockerfile.ppc64le:278
MED
DKR001Docker final stage has no non-root USER
docker/Dockerfile.nightly_torch:257
MED
DKR001Docker final stage has no non-root USER
docker/Dockerfile.cpu:240
MED
AIC001Parallel implementation file sits beside a canonical file
vllm/v1/executor/ray_executor_v2.py:1
MED
AIC001Parallel implementation file sits beside a canonical file
vllm/model_executor/models/mimo_v2.py:1
MED
AIC001Parallel implementation file sits beside a canonical file
vllm/model_executor/models/hyperclovax_…:1
MED
SEC017[SEC017] Unbounded Input to LLM/External API: User input is passed to an LLM or external …
examples/generate/multimodal/vision_lan…:391
MED
SEC017[SEC017] Unbounded Input to LLM/External API: User input is passed to an LLM or external …
.buildkite/scripts/tool_call/run-bfcl-e…:156
MED
SEC017[SEC017] Unbounded Input to LLM/External API: User input is passed to an LLM or external …
vllm/model_executor/models/granite_spee…:868
MED
DKR004Docker build secret exposed through ARG
docker/Dockerfile.rocm:65
MED
DKR014Dockerfile copies broad context with incomplete .dockerignore
docker/Dockerfile.xpu:101
MED
DKR014Dockerfile copies broad context with incomplete .dockerignore
docker/Dockerfile.tpu:14
MED
DKR014Dockerfile copies broad context with incomplete .dockerignore
docker/Dockerfile.s390x:228
MED
DKR004Docker build secret exposed through ARG
docker/Dockerfile.rocm_base:70
MED
DKR014Dockerfile copies broad context with incomplete .dockerignore
docker/Dockerfile.ppc64le:335
MED
DKR014Dockerfile copies broad context with incomplete .dockerignore
docker/Dockerfile.nightly_torch:105
MED
DKR014Dockerfile copies broad context with incomplete .dockerignore
docker/Dockerfile.cpu:115
MED
DKR014Dockerfile copies broad context with incomplete .dockerignore
docker/Dockerfile:436
MED
AGT012Agent control bridge may listen on a network interface without visible auth
examples/tool_calling/openai_responses_…:30
MED
AGT012Agent control bridge may listen on a network interface without visible auth
examples/deployment/chart-helm/values.y…:2
MED
AGT015Remote install command pipes network code directly to a shell
docs/getting_started/installation/cpu.s…:40
MED
SEC005[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.
vllm/platforms/cpu.py:57
MED
SEC005[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.
vllm/utils/cpu_resource_utils.py:167
LOW
AIC003Duplicated implementation block across source files
csrc/cpu/sgl-kernels/moe_int4.cpp:15
LOW
AIC003Duplicated implementation block across source files
csrc/cpu/sgl-kernels/moe_fp8.cpp:17
LOW
AIC003Duplicated implementation block across source files
csrc/cpu/sgl-kernels/moe_fp8.cpp:1
LOW
AIC003Duplicated implementation block across source files
csrc/cpu/sgl-kernels/moe.cpp:259
LOW
AIC003Duplicated implementation block across source files
csrc/cpu/sgl-kernels/gemm_int8.cpp:262
LOW
AIC003Duplicated implementation block across source files
csrc/cpu/sgl-kernels/gemm_int4.cpp:667
LOW
AIC003Duplicated implementation block across source files
csrc/cpu/sgl-kernels/gemm.h:180
LOW
AIC003Duplicated implementation block across source files
csrc/cpu/micro_gemm/cpu_micro_gemm_amx.…:39
LOW
AIC003Duplicated implementation block across source files
csrc/cpu/cpu_types_x86.hpp:652
LOW
AIC003Duplicated implementation block across source files
csrc/cpu/cpu_types_x86.hpp:651
LOW
AIC003Duplicated implementation block across source files
csrc/cpu/cpu_types_x86.hpp:32
LOW
AIC003Duplicated implementation block across source files
csrc/cpu/cpu_types_vxe.hpp:528
LOW
AIC003Duplicated implementation block across source files
csrc/cpu/cpu_types_vxe.hpp:7
LOW
AIC003Duplicated implementation block across source files
csrc/cpu/cpu_types_vsx.hpp:500
LOW
AIC003Duplicated implementation block across source files
csrc/cpu/cpu_types_scalar.hpp:292
LOW
AIC003Duplicated implementation block across source files
csrc/cpu/cpu_attn_vxe.hpp:190
LOW
AIC003Duplicated implementation block across source files
csrc/cpu/cpu_attn_vsx.hpp:174
LOW
AIC003Duplicated implementation block across source files
csrc/cpu/cpu_attn_rvv.hpp:106
LOW
AIC003Duplicated implementation block across source files
csrc/cpu/cpu_attn_vxe.hpp:233
LOW
AIC003Duplicated implementation block across source files
csrc/cpu/cpu_attn_vxe.hpp:62
LOW
AIC003Duplicated implementation block across source files
csrc/cpu/cpu_attn_vsx.hpp:90
LOW
AIC003Duplicated implementation block across source files
csrc/cpu/cpu_attn_vec16.hpp:117
LOW
AIC003Duplicated implementation block across source files
csrc/cpu/cpu_attn_vec16.hpp:5
LOW
AIC003Duplicated implementation block across source files
csrc/cpu/cpu_attn_vec.hpp:189
LOW
AIC003Duplicated implementation block across source files
csrc/cpu/cpu_attn_vec.hpp:151
LOW
AIC003Duplicated implementation block across source files
vllm/tokenizers/deepseek_v4.py:45
LOW
AIC003Duplicated implementation block across source files
vllm/renderers/deepseek_v4.py:21
LOW
AIC003Duplicated implementation block across source files
vllm/model_executor/models/mimo_v2.py:30
LOW
AIC003Duplicated implementation block across source files
vllm/model_executor/models/mimo_v2.py:27
LOW
AIC003Duplicated implementation block across source files
vllm/model_executor/models/hy_v3.py:24
LOW
DKR010Dockerfile leaves apt package indexes in the image layer
docker/Dockerfile.rocm:33
LOW
DKR010Dockerfile leaves apt package indexes in the image layer
docker/Dockerfile.xpu:125
LOW
DKR010Dockerfile leaves apt package indexes in the image layer
docker/Dockerfile.xpu:8
LOW
DKR010Dockerfile leaves apt package indexes in the image layer
docker/Dockerfile.rocm_base:173
LOW
DKR010Dockerfile leaves apt package indexes in the image layer
docker/Dockerfile.rocm_base:109
LOW
DKR010Dockerfile leaves apt package indexes in the image layer
docker/Dockerfile.rocm_base:46
LOW
DKR010Dockerfile leaves apt package indexes in the image layer
docker/Dockerfile.nightly_torch:173
LOW
DKR010Dockerfile leaves apt package indexes in the image layer
docker/Dockerfile.nightly_torch:23
LOW
DKR010Dockerfile leaves apt package indexes in the image layer
docker/Dockerfile.cpu:31
LOW
DKR010Dockerfile leaves apt package indexes in the image layer
docker/Dockerfile:765
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.rocm:532
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.rocm:524
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.rocm:519
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.rocm:442
LOW
DKR011Dockerfile installs recommended OS packages
docker/Dockerfile.rocm:430
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.rocm:425
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.rocm:397
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.rocm:393
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.rocm:365
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.rocm:327
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.rocm:241
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.rocm:161
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.rocm:118
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.rocm:37
LOW
DKR011Dockerfile installs recommended OS packages
docker/Dockerfile.rocm:33
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile:867
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.xpu:174
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.xpu:159
LOW
DKR011Dockerfile installs recommended OS packages
docker/Dockerfile.xpu:125
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.xpu:118
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.xpu:109
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.xpu:85
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.tpu:34
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.tpu:31
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.tpu:26
LOW
DKR011Dockerfile installs recommended OS packages
docker/Dockerfile.tpu:8
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.s390x:266
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.s390x:235
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.s390x:201
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.s390x:189
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.s390x:129
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.s390x:110
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.s390x:97
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.s390x:44
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.s390x:36
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.rocm_base:314
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.rocm_base:267
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.rocm_base:263
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.rocm_base:260
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.rocm_base:238
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.rocm_base:221
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.rocm_base:199
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.rocm_base:189
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.rocm_base:178
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.rocm_base:176
LOW
DKR011Dockerfile installs recommended OS packages
docker/Dockerfile.rocm_base:173
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.rocm_base:148
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.rocm_base:110
LOW
DKR011Dockerfile installs recommended OS packages
docker/Dockerfile.rocm_base:109
LOW
DKR011Dockerfile installs recommended OS packages
docker/Dockerfile.rocm_base:62
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.rocm_base:61
LOW
DKR011Dockerfile installs recommended OS packages
docker/Dockerfile.rocm_base:46
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.rocm:498
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.rocm:421
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.ppc64le:342
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.ppc64le:324
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.ppc64le:302
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.ppc64le:238
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.ppc64le:228
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.ppc64le:164
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.ppc64le:132
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.ppc64le:86
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.ppc64le:57
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.nightly_torch:277
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.nightly_torch:268
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.nightly_torch:250
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.nightly_torch:237
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.nightly_torch:216
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.nightly_torch:208
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.nightly_torch:204
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.nightly_torch:188
LOW
DKR011Dockerfile installs recommended OS packages
docker/Dockerfile.nightly_torch:173
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.nightly_torch:109
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.nightly_torch:82
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.nightly_torch:79
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.nightly_torch:71
LOW
DKR011Dockerfile installs recommended OS packages
docker/Dockerfile.nightly_torch:47
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.nightly_torch:38
LOW
DKR011Dockerfile installs recommended OS packages
docker/Dockerfile.nightly_torch:23
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.cpu:249
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.cpu:213
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.cpu:199
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.cpu:187
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.cpu:175
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.cpu:165
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.cpu:150
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.cpu:112
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile.cpu:61
LOW
DKR008.dockerignore misses sensitive defaults
.dockerignore
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile:838
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile:798
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile:778
LOW
DKR011Dockerfile installs recommended OS packages
docker/Dockerfile:765
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile:722
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile:699
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile:675
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile:643
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile:631
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile:609
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile:512
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile:418
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile:257
LOW
DKR012Dockerfile keeps pip download cache
docker/Dockerfile:201
LOW
AIC005Duplicate top-level symbol appears in a patch-style file
vllm/model_executor/models/deepseek_v2.…:1
LOW
AIC005Duplicate top-level symbol appears in a patch-style file
vllm/model_executor/models/hunyuan_v1.py:1
LOW
DKC010Compose service lacks no-new-privileges hardening
examples/observability/prometheus_grafa…:13
LOW
DKC010Compose service lacks no-new-privileges hardening
examples/observability/prometheus_grafa…:4
LOW
AIC002Source file name looks like an AI patch artifact
vllm/transformers_utils/configs/hy_v3.py:1
LOW
AIC002Source file name looks like an AI patch artifact
vllm/transformers_utils/configs/deepsee…:1
LOW
DKC006Compose service does not declare a runtime user
examples/observability/prometheus_grafa…:13
LOW
DKC006Compose service does not declare a runtime user
examples/observability/prometheus_grafa…:4
