Package impact
PyPI / bentoml
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44346 | high | 8.8 | 8.8 | 2d ago | BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a malicious bentofile.yaml containing a newline-injected value in envs[*].n… | |||
| CVE-2026-44345 | high | 8.8 | 8.8 | 18d ago | BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, src/bentoml/_internal/container/frontend/dockerfile/templates/base_v2.j2 in… | |||
| CVE-2026-40610 | medium | 5.5 | 5.5 | 7d ago | BentoML has Information Disclosure in `bentoml build` via symlink traversal in the build context |