bentoml vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-44346Highbentoml: Dockerfile command injection via envs[*].name in bentofile.yaml (sibling fix-bypass of…CVE-2026-44345Highbentoml: BentoML Dockerfile command injection via docker.base_image (sister of pending GHSA-w2pm-x38x-jp44 /…CVE-2026-40610Mediumbentoml: BentoML has Information Disclosure in `bentoml build` via symlink traversal in the build contextCVE-2026-35044Highbentoml: BentoML: SSTI via Unsandboxed Jinja2 in Dockerfile GenerationCVE-2026-35043Highbentoml: BentoML: Command Injection in cloud deployment setup scriptCVE-2026-33744Highbentoml: BentoML has Dockerfile Command Injection via system_packages in bentofile.yamlCVE-2026-27905Highbentoml: BentoML Vulnerable to Arbitrary File Write via Symlink Path Traversal in Tar ExtractionCVE-2026-24123Highbentoml: BentoML has a Path Traversal via Bentofile ConfigurationCVE-2025-54381Criticalbentoml: BentoML SSRF Vulnerability in File Upload Processing CVE-2025-32375Criticalbentoml: BentoML's runner server Vulnerable to Remote Code Execution (RCE) via Insecure DeserializationCVE-2025-27520Criticalbentoml: BentoML Allows Remote Code Execution (RCE) via Insecure DeserializationCVE-2024-9070Criticalbentoml: BentoML deserialization vulnerabilityCVE-2024-9056Highbentoml: BentoML Denial of Service (DoS) via Multipart BoundaryGHSA-564P-RX2Q-4C8VMediumbentoml: BentoML Open Redirect vulnerabilityGHSA-HH3J-9M59-P8VCHighbentoml: BentoML vulnerable to Uncontrolled Resource ConsumptionCVE-2024-2912Criticalbentoml: Insecure deserialization in BentoML

Stop the waste.
Protect your environment with Kodem.