Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-w2pm-x38x-jp44
  • PyPI/bentoml
 Dockerfile command injection via envs[*].name in bentofile.yaml (sibling fix-bypass of CVE-2026-33744 and CVE-2026-35043) 11 May
  • Fix available
  • Severity - 8.8 (High)
GHSA-78f9-r8mh-4xm2
  • PyPI/bentoml
 BentoML Dockerfile command injection via docker.base_image (sister of pending GHSA-w2pm-x38x-jp44 / CVE-2026-33744 / CVE-2026-35043) 11 May
  • Fix available
  • Severity - 8.8 (High)
GHSA-mcfx-4vc6-qgxv
  • PyPI/bentoml
 BentoML has Information Disclosure in `bentoml build` via symlink traversal in the build context 07 May
  • Fix available
  • Severity - 5.5 (Medium)
PYSEC-2026-159
  • PyPI/bentoml
 See record for full details 06 Apr
  • Fix available
  • Severity - 9.6 (Critical)
PYSEC-2026-158
  • PyPI/bentoml
 See record for full details 06 Apr
  • Fix available
  • Severity - 7.8 (High)
GHSA-v959-cwq9-7hr6
  • PyPI/bentoml
 BentoML: SSTI via Unsandboxed Jinja2 in Dockerfile Generation 03 Apr
  • Fix available
  • Severity - 8.8 (High)
GHSA-fgv4-6jr3-jgfw
  • PyPI/bentoml
 BentoML: Command Injection in cloud deployment setup script 03 Apr
  • Fix available
  • Severity - 7.8 (High)
PYSEC-2026-157
  • PyPI/bentoml
 See record for full details 27 Mar
  • Fix available
  • Severity - 7.8 (High)
GHSA-jfjg-vc52-wqvf
  • PyPI/bentoml
 BentoML has Dockerfile Command Injection via system_packages in bentofile.yaml 26 Mar
  • Fix available
  • Severity - 7.8 (High)
GHSA-m6w7-qv66-g3mf
  • PyPI/bentoml
 BentoML Vulnerable to Arbitrary File Write via Symlink Path Traversal in Tar Extraction 03 Mar
  • Fix available
  • Severity - 8.6 (High)
GHSA-6r62-w2q3-48hf
  • PyPI/bentoml
 BentoML has a Path Traversal via Bentofile Configuration 26 Jan
  • Fix available
  • Severity - 7.4 (High)
GHSA-mrmq-3q62-6cc8
  • PyPI/bentoml
 BentoML SSRF Vulnerability in File Upload Processing 29 Jul 2025
  • Fix available
  • Severity - 9.9 (Critical)
PYSEC-2025-32
  • PyPI/bentoml
 See record for full details 09 Apr 2025
  • Fix available
  • Severity - 9.8 (Critical)
GHSA-7v4r-c989-xh26
  • PyPI/bentoml
 BentoML's runner server Vulnerable to Remote Code Execution (RCE) via Insecure Deserialization 09 Apr 2025
  • Fix available
  • Severity - 9.8 (Critical)
GHSA-33xw-247w-6hmc
  • PyPI/bentoml
 BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization 04 Apr 2025
  • Fix available
  • Severity - 9.8 (Critical)
GHSA-9g44-gwvm-hc44
  • PyPI/bentoml
 BentoML deserialization vulnerability 20 Mar 2025
  • No fix available
  • Severity - 9.8 (Critical)
Load more...(1 page left)