26 matches found
cosmos-predict2 (>=1.0.6 <=1.0.9), entity-model (>=1.0.0 <=1.0.9) +19 more potentially affected by CVE-2025-33247 via megatron-core (>=0.10.0 <=0.15.2)
megatron-core PYPI version =0.10.0, =1.0.6, =1.0.0, =5.1.6, =1.0.0, =0.1.0rc0, =0.1.0rc1, =0.1.0, =1.0.0, =2.0.8, =1.0.0, =2.0.8, =1.0.0, =1.0.0, =1.0.7 and more Source cves: CVE-2025-33247 Source advisory: SNYK:PYTHON-MEGATRONCORE-15871031...
cosmos-predict2 (>=1.0.6 <=1.0.9), entity-model (>=1.0.0 <=1.0.9) +19 more potentially affected by CVE-2026-24152 via megatron-core (>=0.10.0 <=0.15.2)
megatron-core PYPI version =0.10.0, =1.0.6, =1.0.0, =5.1.6, =1.0.0, =0.1.0rc0, =0.1.0rc1, =0.1.0, =1.0.0, =2.0.8, =1.0.0, =2.0.8, =1.0.0, =1.0.0, =1.0.7 and more Source cves: CVE-2026-24152 Source advisory: SNYK:PYTHON-MEGATRONCORE-15871035...
CVE-2025-33240
NVIDIA Megatron Bridge contains a vulnerability in a data shuffling tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
CVE-2025-33239
NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
Arbitrary Code Injection
Overview megatron-bridge is a Megatron Bridge: Training Recipes for Megatron-based LLM and VLM models Affected versions of this package are vulnerable to Arbitrary Code Injection via the data shuffling tutorial process. An attacker can execute arbitrary code, escalate privileges, disclose sensiti...
nemo-eval (=0.2.0rc0), nemo-export-deploy (>=0.2.0 <=0.3.1) potentially affected by CVE-2025-33240 via megatron-bridge (=0.2.0rc6)
megatron-bridge PYPI version =0.2.0rc6 is affected by a known vulnerability. The following packages have a transitive dependency on megatron-bridge and may be impacted: - nemo-eval =0.2.0rc0 - nemo-export-deploy =0.2.0, =0.3.1 Source cves: CVE-2025-33240 Source advisory:...
Arbitrary Code Injection
Overview megatron-bridge is a Megatron Bridge: Training Recipes for Megatron-based LLM and VLM models Affected versions of this package are vulnerable to Arbitrary Code Injection via the data merging tutorial process. An attacker can execute arbitrary code, escalate privileges, disclose sensitive...
nemo-eval (=0.2.0rc0), nemo-export-deploy (>=0.2.0 <=0.3.1) potentially affected by CVE-2025-33239 via megatron-bridge (=0.2.0rc6)
megatron-bridge PYPI version =0.2.0rc6 is affected by a known vulnerability. The following packages have a transitive dependency on megatron-bridge and may be impacted: - nemo-eval =0.2.0rc0 - nemo-export-deploy =0.2.0, =0.3.1 Source cves: CVE-2025-33239 Source advisory:...
CVE-2025-33240
NVIDIA Megatron Bridge contains a vulnerability in a data shuffling tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
CVE-2025-33240
NVIDIA Megatron Bridge contains a vulnerability in a data shuffling tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
CVE-2025-33239
NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
CVE-2025-33239
NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
CVE-2025-33240
CVE-2025-33240 affects NVIDIA Megatron Bridge. The vulnerability is a data shuffling tutorial input handling flaw that could allow code injection, with potential for code execution, privilege escalation, information disclosure, and data tampering. NVIDIA’s security bulletin (and Red Hat/CIRCL/Sny...
CVE-2025-33240
NVIDIA Megatron Bridge contains a vulnerability in a data shuffling tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
CVE-2025-33240
NVIDIA Megatron Bridge contains a vulnerability in a data shuffling tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
CVE-2025-33239
NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
CVE-2025-33239
NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
CVE-2025-33239
CVE-2025-33239 affects NVIDIA Megatron Bridge. Reports confirm a vulnerability in the data merging tutorial that can be triggered by malicious input, with potential consequences including code execution, privilege escalation, information disclosure, and data tampering. Multiple sources (NVD/Red H...
PT-2026-20401
Name of the Vulnerable Software and Affected Versions NVIDIA Megatron Bridge affected versions not specified Description The software contains a flaw in a data shuffling tutorial that could allow code injection with malicious input. Exploitation may lead to code execution, privilege escalation,...
NVIDIA Megatron Bridge 代码注入漏洞
NVIDIA Megatron Bridge is a component developed by NVIDIA Corporation in the United States that connects Hugging Face and Megatron-Core. NVIDIA Megatron Bridge has a code injection vulnerability. This vulnerability arises from malicious inputs in the data shuffling tutorial, which may lead to cod...