557 matches found
MAL-2025-9198 Malicious code in @patrten/nemo-cupiditate-labore (npm)
The package @patrten/nemo-cupiditate-labore was found to contain malicious code...
MAL-2025-7714 Malicious code in @crabas0npm2/reprehenderit-dolor-nemo (npm)
The package @crabas0npm2/reprehenderit-dolor-nemo was found to contain malicious code...
MAL-2025-7404 Malicious code in @crabas0npm/nemo-error-dolore (npm)
The package @crabas0npm/nemo-error-dolore was found to contain malicious code...
MAL-2025-7883 Malicious code in @erboladaiteas/harum-nemo-dignissimos (npm)
The package @erboladaiteas/harum-nemo-dignissimos was found to contain malicious code...
MAL-2025-9403 Malicious code in @taktikangea/blanditiis-nemo (npm)
The package @taktikangea/blanditiis-nemo was found to contain malicious code...
MAL-2025-9640 Malicious code in @waitfortea2024/nemo-nisi-sint (npm)
The package @waitfortea2024/nemo-nisi-sint was found to contain malicious code...
MAL-2025-9450 Malicious code in @taktikangea/nemo-fugiat-at-accusamus (npm)
The package @taktikangea/nemo-fugiat-at-accusamus was found to contain malicious code...
MAL-2025-9449 Malicious code in @taktikangea/nemo-deleniti-vitae (npm)
The package @taktikangea/nemo-deleniti-vitae was found to contain malicious code...
MAL-2025-7403 Malicious code in @crabas0npm/nemo-amet-autem (npm)
The package @crabas0npm/nemo-amet-autem was found to contain malicious code...
MAL-2025-7244 Malicious code in @crabas0npm/dignissimos-inventore-nemo (npm)
The package @crabas0npm/dignissimos-inventore-nemo was found to contain malicious code...
Malicious code in @crabas0npm/nemo-sapiente-iste (npm)
The package @crabas0npm/nemo-sapiente-iste was found to contain malicious code...
MAL-2025-7519 Malicious code in @crabas0npm/rem-atque-nemo (npm)
The package @crabas0npm/rem-atque-nemo was found to contain malicious code...
CVE-2025-23303
NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering...
CVE-2025-23304
NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously crafted metadata. A successful exploit of this vulnerability may lead to remote code execution and data tampering...
CVE-2025-23304
NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously crafted metadata. A successful exploit of this vulnerability may lead to remote code execution and data tampering...
CVE-2025-23303
NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering...
Deserialization of Untrusted Data
Overview nemo-toolkit is a NeMo - a toolkit for Conversational AI Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the deserialization of untrusted data. An attacker can execute arbitrary code and tamper with data by providing specially crafted input th...
fast-whisper-diarizer (>=0.1.2 <=0.1.32), faster-whisper-hotkey (>=0.2.7 <=0.4.3) +7 more potentially affected by CVE-2025-23303 via nemo-toolkit (>=2.0.0rc0 <=2.3.0)
nemo-toolkit PYPI version =2.0.0rc0, =0.1.2, =0.2.7, =1.0.0, =0.1.0, =1.0.0, =1.0.7 Source cves: CVE-2025-23303 Source advisory: SNYK:PYTHON-NEMOTOOLKIT-12089392...
fast-whisper-diarizer (>=0.1.2 <=0.1.32), faster-whisper-hotkey (>=0.2.7 <=0.4.3) +7 more potentially affected by CVE-2025-23304 via nemo-toolkit (>=2.0.0rc0 <=2.3.0)
nemo-toolkit PYPI version =2.0.0rc0, =0.1.2, =0.2.7, =1.0.0, =0.1.0, =1.0.0, =1.0.7 Source cves: CVE-2025-23304 Source advisory: SNYK:PYTHON-NEMOTOOLKIT-11953977...
Directory Traversal
Overview nemo-toolkit is a NeMo - a toolkit for Conversational AI Affected versions of this package are vulnerable to Directory Traversal via the model loading process. An attacker can execute arbitrary code and tamper with data by supplying a .nemo file containing maliciously crafted metadata...