---
title: "cceval trust report"
type: "trust-report"
slug: "amazon-science-cceval"
canonical_url: "https://www.graphcanon.com/tools/amazon-science-cceval/trust"
computed_at: "2026-07-11T23:46:07.057Z"
maintenance_label: "Slowing"
security_status: "findings"
---

# cceval trust report

_Sourced [trust signals](/glossary/trust-and-signals/trust-signal) from public GitHub metadata and optional dependency [security scans](/glossary/trust-and-signals/security-scan). Not a security guarantee._

## Maintenance

- Label: Slowing (36% recency signal)
- Days since last push: 330
- Methodology: github_public_v1

## Provenance

- GitHub repo id: 705470018
- Not a fork
- Owner type: Organization
- Computed at: 2026-07-11T23:46:07.057Z
- Methodology: github_public_v1

## Security scan

- Status: Findings present (5 critical, 7 high, 8 medium, 21 low) · last scan 2026-07-11T23:46:07.567Z

### Findings

- **medium**: vLLM: Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server (vllm@0.3.3 · CVE-2026-34756 · requirements.txt)
- **medium**: vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors (vllm@0.3.3 · CVE-2026-47155 · requirements.txt)
- **low**: Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching (vllm@0.3.3 · CVE-2025-46570 · requirements.txt)
- **critical**: vLLM Deserialization of Untrusted Data vulnerability (vllm@0.3.3 · CVE-2024-11041 · requirements.txt)
- **medium**: vLLM: OOM Denial of Service via Audio Decompression Bomb (vllm@0.3.3 · CVE-2026-54233 · requirements.txt)
- **medium**: vLLM: temperature=NaN and temperature=Infinity bypass validation and propagate to GPU kernels (vllm@0.3.3 · CVE-2026-54235 · requirements.txt)
- **high**: vLLM vulnerable to remote code execution via transformers_utils/get_config (vllm@0.3.3 · CVE-2025-66448 · requirements.txt)
- **critical**: vLLM: OpenAI auth bypass (vllm@0.3.3 · CVE-2026-48746 · requirements.txt)
- **medium**: vllm has Improper Resource Shutdown or Release (vllm@0.3.3 · CVE-2026-9540 · requirements.txt)
- **critical**: vLLM allows Remote Code Execution by Pickle Deserialization via AsyncEngineRPCServer() RPC server entrypoints (vllm@0.3.3 · CVE-2024-9053 · requirements.txt)
- **critical**: CVE-2025-24357 Malicious model remote code execution fix bypass with PyTorch < 2.6.0 (vllm@0.3.3 · requirements.txt)
- **medium**: vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router (vllm@0.3.3 · CVE-2026-54236 · requirements.txt)
- **medium**: vLLM denial of service via outlines unbounded cache on disk (vllm@0.3.3 · CVE-2025-29770 · requirements.txt)
- **critical**: vLLM deserialization vulnerability in vllm.distributed.GroupCoordinator.recv_object (vllm@0.3.3 · CVE-2024-9052 · requirements.txt)
- **high**: vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution (vllm@0.3.3 · CVE-2026-41523 · requirements.txt)
- **high**: vLLM vulnerable to Server-Side Request Forgery (SSRF) through MediaConnector (vllm@0.3.3 · CVE-2026-24779 · requirements.txt)
- **high**: vllm: Malicious model to RCE by torch.load in hf_model_weights_iterator (vllm@0.3.3 · CVE-2025-24357 · requirements.txt)
- **low**: vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache (vllm@0.3.3 · CVE-2025-25183 · requirements.txt)
- **high**: vllm API endpoints vulnerable to Denial of Service Attacks (vllm@0.3.3 · CVE-2025-48956 · requirements.txt)
- **high**: vLLM denial of service vulnerability (vllm@0.3.3 · CVE-2024-8768 · requirements.txt)
- **medium**: vLLM Denial of Service via the best_of parameter (vllm@0.3.3 · CVE-2024-8939 · requirements.txt)
- **high**: vLLM is vulnerable to timing attack at bearer auth (vllm@0.3.3 · CVE-2025-59425 · requirements.txt)
- **low**: vLLM makes Use of Uninitialized Resource (vllm@0.3.3 · CVE-2026-7141 · requirements.txt)
- **low**: PYSEC-2025-222 (vllm@0.3.3 · CVE-2024-9053 · requirements.txt)
- **low**: PYSEC-2025-223 (vllm@0.3.3 · CVE-2025-29770 · requirements.txt)
- **low**: PYSEC-2025-42 (vllm@0.3.3 · CVE-2025-32444 · requirements.txt)
- **low**: PYSEC-2025-43 (vllm@0.3.3 · CVE-2025-46722 · requirements.txt)
- **low**: PYSEC-2025-50 (vllm@0.3.3 · CVE-2025-48887 · requirements.txt)
- **low**: PYSEC-2025-53 (vllm@0.3.3 · CVE-2025-46570 · requirements.txt)
- **low**: PYSEC-2025-58 (vllm@0.3.3 · CVE-2025-24357 · requirements.txt)
- **low**: PYSEC-2025-62 (vllm@0.3.3 · CVE-2025-25183 · requirements.txt)
- **low**: vLLM vulnerable to remote code execution via transformers_utils/get_config (vllm@0.3.3 · CVE-2025-66448 · requirements.txt)
- **low**: vLLM vulnerable to Server-Side Request Forgery (SSRF) through MediaConnector (vllm@0.3.3 · CVE-2026-24779 · requirements.txt)
- **low**: vllm API endpoints vulnerable to Denial of Service Attacks (vllm@0.3.3 · CVE-2025-48956 · requirements.txt)
- **low**: vLLM denial of service vulnerability (vllm@0.3.3 · CVE-2024-8768 · requirements.txt)
- **low**: vLLM Denial of Service via the best_of parameter (vllm@0.3.3 · CVE-2024-8939 · requirements.txt)
- **low**: vLLM is vulnerable to timing attack at bearer auth (vllm@0.3.3 · CVE-2025-59425 · requirements.txt)
- **low**: PYSEC-2026-226 (vllm@0.3.3 · CVE-2026-48746 · requirements.txt)
- **low**: PYSEC-2026-227 (vllm@0.3.3 · CVE-2026-54232 · requirements.txt)
- **low**: vLLM Deserialization of Untrusted Data vulnerability (vllm@0.3.3 · CVE-2024-11041 · requirements.txt)
- **low**: vLLM deserialization vulnerability in vllm.distributed.GroupCoordinator.recv_object (vllm@0.3.3 · CVE-2024-9052 · requirements.txt)

## Method and caveats

These are heuristics from public GitHub data and optional dependency scans, sourced and dated. 
"No criticals found on 2026-07-11" is not a guarantee of safety.
See the full methodology: [/trust-methodology](/trust-methodology.md).

## Common questions

### Is cceval maintained?

GraphCanon rates cceval "Slowing" (36% maintenance signal from public GitHub metadata, computed today). Last push was 330 days ago. This is a recency heuristic, not a guarantee the project will stay maintained.

### Is cceval safe to use?

Last scanned today (deps profile). Status: 5 critical, 7 high, 8 medium, 21 low - 5 critical, 7 high, 8 medium, 21 low finding(s) in the latest scan. GraphCanon does not claim the project is safe or vulnerability-free; review findings on the trust report. GraphCanon does not certify cceval as safe - review maintenance, provenance, and scan findings on this page before adopting.

### Is cceval a fork?

No. cceval is not flagged as a fork in GitHub metadata at the time of the last refresh.

### Does cceval have known security vulnerabilities?

Last scanned today (deps profile). Status: 5 critical, 7 high, 8 medium, 21 low - 5 critical, 7 high, 8 medium, 21 low finding(s) in the latest scan. GraphCanon does not claim the project is safe or vulnerability-free; review findings on the trust report.

### How often is the cceval trust report updated?

Trust signals refresh on GitHub ingest/refresh cycles and optional dependency/MCP scans. This report was computed today (methodology github_public_v1).

### What does GraphCanon never claim about cceval?

We never publish a composite safety grade, pen-test endorsement, or "verified secure" label for cceval. Signals are sourced heuristics with explicit limits - see [trust methodology](/trust-methodology).

### How does GraphCanon assess trust for cceval?

Signals are sourced from public GitHub metadata and optional dependency/MCP manifest scans, each tagged with methodology version and computed date. GraphCanon does not publish a composite safety grade. Read [trust methodology](/trust-methodology) for full scope and limits.

---

**Machine-readable endpoints**

- JSON: [`/api/graphcanon/tools/amazon-science-cceval/trust`](/api/graphcanon/tools/amazon-science-cceval/trust)
- LLM index: [/llms.txt](/llms.txt)
- Full corpus: [/llms-full.txt](/llms-full.txt)

_GraphCanon - The knowledge graph for AI development. https://www.graphcanon.com/_
