22 Total advisories
22 Vulnerabilities
0 Malware
Vulnerabilities
CRITICAL 9.8
CVE-2025-32375
CVE-2025-32375
CRITICAL 9.8
CVE-2025-32375
BentoML's runner server Vulnerable to Remote Code Execution (RCE) via Insecure Deserialization
HIGH 8.8
CVE-2026-44346
Dockerfile command injection via envs[*].name in bentofile.yaml (sibling fix-bypass of CVE-2026-33744 and CVE-2026-35043)
HIGH 8.8
CVE-2026-44345
BentoML Dockerfile command injection via docker.base_image (sister of pending GHSA-w2pm-x38x-jp44 / CVE-2026-33744 / CVE-2026-35043)
MEDIUM 5.5
CVE-2026-40610
BentoML has Information Disclosure in `bentoml build` via symlink traversal in the build context
HIGH 7.8
CVE-2026-35043
BentoML: Command Injection in cloud deployment setup script
HIGH 7.8
CVE-2026-33744
BentoML has Dockerfile Command Injection via system_packages in bentofile.yaml
HIGH 8.8
CVE-2026-35044
BentoML: SSTI via Unsandboxed Jinja2 in Dockerfile Generation
HIGH 8.8
CVE-2026-44345
CVE-2026-44345
HIGH 8.8
CVE-2026-44346
CVE-2026-44346
CRITICAL 9.6
CVE-2026-35044
CVE-2026-35044
HIGH 7.8
CVE-2026-35043
CVE-2026-35043
HIGH 7.8
CVE-2026-33744
CVE-2026-33744
UNKNOWN
CVE-2026-27905
BentoML Vulnerable to Arbitrary File Write via Symlink Path Traversal in Tar Extraction
HIGH 7.4
CVE-2026-24123
BentoML has a Path Traversal via Bentofile Configuration
HIGH 7.5
CVE-2024-9056
BentoML Denial of Service (DoS) via Multipart Boundary
CRITICAL 9.9
CVE-2025-54381
BentoML SSRF Vulnerability in File Upload Processing
MEDIUM 6.1
GHSA-564p-rx2q-4c8v
BentoML Open Redirect vulnerability
HIGH 7.5
GHSA-hh3j-9m59-p8vc
BentoML vulnerable to Uncontrolled Resource Consumption
CRITICAL 9.8
CVE-2025-27520
BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization
CRITICAL 9.8
CVE-2024-9070
BentoML deserialization vulnerability
CRITICAL 9.8
CVE-2024-2912
Insecure deserialization in BentoML
Ready to move
Start Securing
Free, no credit card | First findings in minutes