---
title: "GitChameleon trust report"
type: "trust-report"
slug: "nizarislah-gitchameleon"
canonical_url: "https://www.graphcanon.com/tools/nizarislah-gitchameleon/trust"
computed_at: "2026-07-11T23:45:36.401Z"
maintenance_label: "Slowing"
security_status: "findings"
---

# GitChameleon trust report

_Sourced [trust signals](/glossary/trust-and-signals/trust-signal) from public GitHub metadata and optional dependency [security scans](/glossary/trust-and-signals/security-scan). Not a security guarantee._

## Maintenance

- Label: Slowing (36% recency signal)
- Days since last push: 358
- Methodology: github_public_v1

## Provenance

- GitHub repo id: 871284013
- Not a fork
- Owner type: User
- Computed at: 2026-07-11T23:45:36.401Z
- Methodology: github_public_v1

## Security scan

- Status: Findings present (3 critical, 10 high, 12 medium, 23 low) · last scan 2026-07-11T23:45:36.847Z

### Findings

- **high**: vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class (vllm@0.6.3 · CVE-2025-6242 · requirements.txt)
- **medium**: vLLM: Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server (vllm@0.6.3 · CVE-2026-34756 · requirements.txt)
- **medium**: vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors (vllm@0.6.3 · CVE-2026-47155 · requirements.txt)
- **low**: Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching (vllm@0.6.3 · CVE-2025-46570 · requirements.txt)
- **medium**: vLLM: GGUF dequantize kernel int truncation exposes uninitialized GPU memory in multi-tenant serving (vllm@0.6.3 · CVE-2026-53923 · requirements.txt)
- **medium**: vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs` (vllm@0.6.3 · CVE-2025-62426 · requirements.txt)
- **medium**: vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server (vllm@0.6.3 · CVE-2025-61620 · requirements.txt)
- **medium**: vLLM: OOM Denial of Service via Audio Decompression Bomb (vllm@0.6.3 · CVE-2026-54233 · requirements.txt)
- **medium**: vLLM: temperature=NaN and temperature=Infinity bypass validation and propagate to GPU kernels (vllm@0.6.3 · CVE-2026-54235 · requirements.txt)
- **high**: vLLM vulnerable to remote code execution via transformers_utils/get_config (vllm@0.6.3 · CVE-2025-66448 · requirements.txt)
- **critical**: vLLM: OpenAI auth bypass (vllm@0.6.3 · CVE-2026-48746 · requirements.txt)
- **medium**: vllm has Improper Resource Shutdown or Release (vllm@0.6.3 · CVE-2026-9540 · requirements.txt)
- **high**: Data exposure via ZeroMQ on multi-node vLLM deployment (vllm@0.6.3 · CVE-2025-30202 · requirements.txt)
- **high**: Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration (vllm@0.6.3 · CVE-2025-30165 · requirements.txt)
- **critical**: CVE-2025-24357 Malicious model remote code execution fix bypass with PyTorch < 2.6.0 (vllm@0.6.3 · requirements.txt)
- **medium**: vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router (vllm@0.6.3 · CVE-2026-54236 · requirements.txt)
- **medium**: vLLM Vulnerable to Remote DoS via Special-Token Placeholders (vllm@0.6.3 · CVE-2026-44222 · requirements.txt)
- **medium**: vLLM vulnerable to Regular Expression Denial of Service (vllm@0.6.3 · CVE-2025-71379 · requirements.txt)
- **medium**: vLLM denial of service via outlines unbounded cache on disk (vllm@0.6.3 · CVE-2025-29770 · requirements.txt)
- **critical**: vLLM deserialization vulnerability in vllm.distributed.GroupCoordinator.recv_object (vllm@0.6.3 · CVE-2024-9052 · requirements.txt)
- **high**: vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs (vllm@0.6.3 · CVE-2025-62372 · requirements.txt)
- **high**: vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution (vllm@0.6.3 · CVE-2026-41523 · requirements.txt)
- **high**: vLLM vulnerable to Server-Side Request Forgery (SSRF) through MediaConnector (vllm@0.6.3 · CVE-2026-24779 · requirements.txt)
- **high**: vllm: Malicious model to RCE by torch.load in hf_model_weights_iterator (vllm@0.6.3 · CVE-2025-24357 · requirements.txt)
- **low**: vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache (vllm@0.6.3 · CVE-2025-25183 · requirements.txt)
- **high**: vllm API endpoints vulnerable to Denial of Service Attacks (vllm@0.6.3 · CVE-2025-48956 · requirements.txt)
- **high**: vLLM is vulnerable to timing attack at bearer auth (vllm@0.6.3 · CVE-2025-59425 · requirements.txt)
- **low**: vLLM makes Use of Uninitialized Resource (vllm@0.6.3 · CVE-2026-7141 · requirements.txt)
- **low**: PYSEC-2025-223 (vllm@0.6.3 · CVE-2025-29770 · requirements.txt)
- **low**: PYSEC-2025-42 (vllm@0.6.3 · CVE-2025-32444 · requirements.txt)
- **low**: PYSEC-2025-43 (vllm@0.6.3 · CVE-2025-46722 · requirements.txt)
- **low**: PYSEC-2025-50 (vllm@0.6.3 · CVE-2025-48887 · requirements.txt)
- **low**: PYSEC-2025-53 (vllm@0.6.3 · CVE-2025-46570 · requirements.txt)
- **low**: PYSEC-2025-58 (vllm@0.6.3 · CVE-2025-24357 · requirements.txt)
- **low**: PYSEC-2025-62 (vllm@0.6.3 · CVE-2025-25183 · requirements.txt)
- **low**: vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class (vllm@0.6.3 · CVE-2025-6242 · requirements.txt)
- **low**: vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs` (vllm@0.6.3 · CVE-2025-62426 · requirements.txt)
- **low**: vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server (vllm@0.6.3 · CVE-2025-61620 · requirements.txt)
- **low**: vLLM vulnerable to remote code execution via transformers_utils/get_config (vllm@0.6.3 · CVE-2025-66448 · requirements.txt)
- **low**: Data exposure via ZeroMQ on multi-node vLLM deployment (vllm@0.6.3 · CVE-2025-30202 · requirements.txt)
- **low**: Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration (vllm@0.6.3 · CVE-2025-30165 · requirements.txt)
- **low**: vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs (vllm@0.6.3 · CVE-2025-62372 · requirements.txt)
- **low**: vLLM vulnerable to Server-Side Request Forgery (SSRF) through MediaConnector (vllm@0.6.3 · CVE-2026-24779 · requirements.txt)
- **low**: vllm API endpoints vulnerable to Denial of Service Attacks (vllm@0.6.3 · CVE-2025-48956 · requirements.txt)
- **low**: vLLM is vulnerable to timing attack at bearer auth (vllm@0.6.3 · CVE-2025-59425 · requirements.txt)
- **low**: PYSEC-2026-226 (vllm@0.6.3 · CVE-2026-48746 · requirements.txt)
- **low**: PYSEC-2026-227 (vllm@0.6.3 · CVE-2026-54232 · requirements.txt)
- **low**: vLLM deserialization vulnerability in vllm.distributed.GroupCoordinator.recv_object (vllm@0.6.3 · CVE-2024-9052 · requirements.txt)

## Method and caveats

These are heuristics from public GitHub data and optional dependency scans, sourced and dated. 
"No criticals found on 2026-07-11" is not a guarantee of safety.
See the full methodology: [/trust-methodology](/trust-methodology.md).

## Common questions

### Is GitChameleon maintained?

GraphCanon rates GitChameleon "Slowing" (36% maintenance signal from public GitHub metadata, computed today). Last push was 358 days ago. This is a recency heuristic, not a guarantee the project will stay maintained.

### Is GitChameleon safe to use?

Last scanned today (deps profile). Status: 3 critical, 10 high, 12 medium, 23 low - 3 critical, 10 high, 12 medium, 23 low finding(s) in the latest scan. GraphCanon does not claim the project is safe or vulnerability-free; review findings on the trust report. GraphCanon does not certify GitChameleon as safe - review maintenance, provenance, and scan findings on this page before adopting.

### Is GitChameleon a fork?

No. GitChameleon is not flagged as a fork in GitHub metadata at the time of the last refresh.

### Does GitChameleon have known security vulnerabilities?

Last scanned today (deps profile). Status: 3 critical, 10 high, 12 medium, 23 low - 3 critical, 10 high, 12 medium, 23 low finding(s) in the latest scan. GraphCanon does not claim the project is safe or vulnerability-free; review findings on the trust report.

### How often is the GitChameleon trust report updated?

Trust signals refresh on GitHub ingest/refresh cycles and optional dependency/MCP scans. This report was computed today (methodology github_public_v1).

### What does GraphCanon never claim about GitChameleon?

We never publish a composite safety grade, pen-test endorsement, or "verified secure" label for GitChameleon. Signals are sourced heuristics with explicit limits - see [trust methodology](/trust-methodology).

### How does GraphCanon assess trust for GitChameleon?

Signals are sourced from public GitHub metadata and optional dependency/MCP manifest scans, each tagged with methodology version and computed date. GraphCanon does not publish a composite safety grade. Read [trust methodology](/trust-methodology) for full scope and limits.

---

**Machine-readable endpoints**

- JSON: [`/api/graphcanon/tools/nizarislah-gitchameleon/trust`](/api/graphcanon/tools/nizarislah-gitchameleon/trust)
- LLM index: [/llms.txt](/llms.txt)
- Full corpus: [/llms-full.txt](/llms-full.txt)

_GraphCanon - The knowledge graph for AI development. https://www.graphcanon.com/_
