| CVE-2026-44346 |
high |
8.8 |
8.8 |
|
|
|
7d ago |
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a malicious bentofile.yaml containing a newline-injected value in envs[*].n… |
| CVE-2026-44345 |
high |
8.8 |
8.8 |
|
|
|
24d ago |
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, src/bentoml/_internal/container/frontend/dockerfile/templates/base_v2.j2 in… |
| CVE-2026-40610 |
medium |
5.5 |
5.5 |
|
|
|
12d ago |
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.38 and prior, the build packaging workflow follows attacker-controlled symli… |
| CVE-2025-32375 |
unknown |
— |
1.0 |
|
|
|
1y ago |
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting… |
| CVE-2025-27520 |
unknown |
— |
1.0 |
|
|
|
1y ago |
BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization |
| CVE-2026-35044 |
unknown |
— |
— |
|
|
|
2mo ago |
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the Dockerfile generation function generate_containerfile() in src/bentoml/… |
| CVE-2026-35043 |
unknown |
— |
— |
|
|
|
2mo ago |
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in src/bentoml/_internal/cloud/deployment.py was … |
| CVE-2026-33744 |
unknown |
— |
— |
|
|
|
2mo ago |
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the `docker.system_packages` field in `bentofile.yaml` accepts arbitrary st… |
| CVE-2026-27905 |
unknown |
— |
— |
|
|
|
3mo ago |
BentoML Vulnerable to Arbitrary File Write via Symlink Path Traversal in Tar Extraction |
| CVE-2026-24123 |
unknown |
— |
— |
|
|
|
4mo ago |
BentoML has a Path Traversal via Bentofile Configuration |
| CVE-2025-54381 |
unknown |
— |
— |
|
|
|
10mo ago |
BentoML SSRF Vulnerability in File Upload Processing |
| CVE-2024-9070 |
unknown |
— |
— |
|
|
|
1y ago |
BentoML deserialization vulnerability |
| CVE-2024-9056 |
unknown |
— |
— |
|
|
|
1y ago |
BentoML Denial of Service (DoS) via Multipart Boundary |
| CVE-2024-2912 |
unknown |
— |
— |
|
|
|
2y ago |
Insecure deserialization in BentoML |
