VIR Vulnerability Intelligence Relay

Package impact

python PyPI / bentoml

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-44346 high 8.8 8.8 10h ago Dockerfile command injection via envs[*].name in bentofile.yaml (sibling fix-bypass of CVE-2026-33744 and CVE-2026-35043) python
CVE-2026-44345 high 8.8 8.8 17d ago BentoML Dockerfile command injection via docker.base_image (sister of pending GHSA-w2pm-x38x-jp44 / CVE-2026-33744 / CVE-2026-35043) python
CVE-2026-40610 medium 5.5 5.5 5d ago BentoML has Information Disclosure in `bentoml build` via symlink traversal in the build context python
CVE-2026-35044 unknown 2mo ago BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the Dockerfile generation function generate_containerfile() in src/bentoml/… python
CVE-2026-35043 unknown 2mo ago BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in src/bentoml/_internal/cloud/deployment.py was … python
CVE-2026-33744 unknown 2mo ago BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the `docker.system_packages` field in `bentofile.yaml` accepts arbitrary st… python
CVE-2026-27905 unknown 3mo ago BentoML Vulnerable to Arbitrary File Write via Symlink Path Traversal in Tar Extraction python
CVE-2026-24123 unknown 4mo ago BentoML has a Path Traversal via Bentofile Configuration python
CVE-2025-54381 unknown 10mo ago BentoML SSRF Vulnerability in File Upload Processing python
CVE-2025-32375 unknown 1y ago BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting… python
CVE-2025-27520 unknown 1y ago BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization python
CVE-2024-9070 unknown 1y ago BentoML deserialization vulnerability python
CVE-2024-9056 unknown 1y ago BentoML Denial of Service (DoS) via Multipart Boundary python
CVE-2024-2912 unknown 2y ago Insecure deserialization in BentoML python