555 matches found
MAL-2026-2491 Malicious code in @not-nemo/crypto-tracker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f3d07c3fa41dbb4ad057bb2b346b271dcbef43545376e8a8ad252d64abd7e25 The package @not-nemo/crypto-tracker was found to contain malicious code. Source: ghsa-malware...
Malicious code in @not-nemo/crypto-tracker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f3d07c3fa41dbb4ad057bb2b346b271dcbef43545376e8a8ad252d64abd7e25 The package @not-nemo/crypto-tracker was found to contain malicious code. Source: ghsa-malware...
CVE-2026-24165
NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...
CVE-2026-24164
Summary: CVE-2026-24164 affects NVIDIA BioNeMo Framework. A deserialization of untrusted data could be exploited to achieve code execution, denial of service, information disclosure, or data tampering. The NVIDIA security bulletin states affected versions require updating to include commit e5e58c...
NVIDIA BioNeMo 代码问题漏洞
NVIDIA BioNeMo is a generative AI model development and training platform for the biomedical field developed by NVIDIA Corporation. NVIDIA BioNeMo has code vulnerabilities, which stem from the deserialization of unreliable data. These vulnerabilities may lead to code execution, denial of service,...
CVE-2026-24159
NVIDIA NeMo Framework contains a vulnerability where an attacker may cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering...
CVE-2026-24157
NVIDIA NeMo Framework contains a vulnerability in checkpoint loading where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering...
cosmos-predict2 (>=1.0.6 <=1.0.9), entity-model (>=1.0.0 <=1.0.9) +19 more potentially affected by CVE-2025-33247 via megatron-core (>=0.10.0 <=0.15.2)
megatron-core PYPI version =0.10.0, =1.0.6, =1.0.0, =5.1.6, =1.0.0, =0.1.0rc0, =0.1.0rc1, =0.1.0, =1.0.0, =2.0.8, =1.0.0, =2.0.8, =1.0.0, =1.0.0, =1.0.7 and more Source cves: CVE-2025-33247 Source advisory: SNYK:PYTHON-MEGATRONCORE-15871031...
cosmos-predict2 (>=1.0.6 <=1.0.9), entity-model (>=1.0.0 <=1.0.9) +19 more potentially affected by CVE-2026-24152 via megatron-core (>=0.10.0 <=0.15.2)
megatron-core PYPI version =0.10.0, =1.0.6, =1.0.0, =5.1.6, =1.0.0, =0.1.0rc0, =0.1.0rc1, =0.1.0, =1.0.0, =2.0.8, =1.0.0, =2.0.8, =1.0.0, =1.0.0, =1.0.7 and more Source cves: CVE-2026-24152 Source advisory: SNYK:PYTHON-MEGATRONCORE-15871035...
entity-model (>=1.0.0 <=1.0.9), fast-whisper-diarizer (>=0.1.2 <=0.1.32) +24 more potentially affected by CVE-2026-24157 via nemo-toolkit (>=2.0.0rc0 <=2.6.1)
nemo-toolkit PYPI version =2.0.0rc0, =1.0.0, =0.1.2, =0.2.7, =5.1.6, =1.0.0, =0.0.1, =0.0.1, =0.1.1, =0.1.0, =1.0.0, =2.0.8, =1.0.0, =5.0.7 and more Source cves: CVE-2026-24157 Source advisory: SNYK:PYTHON-NEMOTOOLKIT-15912166...
entity-model (>=1.0.0 <=1.0.9), fast-whisper-diarizer (>=0.1.2 <=0.1.32) +24 more potentially affected by CVE-2026-24159 via nemo-toolkit (>=2.0.0rc0 <=2.6.1)
nemo-toolkit PYPI version =2.0.0rc0, =1.0.0, =0.1.2, =0.2.7, =5.1.6, =1.0.0, =0.0.1, =0.0.1, =0.1.1, =0.1.0, =1.0.0, =2.0.8, =1.0.0, =5.0.7 and more Source cves: CVE-2026-24159 Source advisory: SNYK:PYTHON-NEMOTOOLKIT-15912093...
GHSA-V7V2-M736-CF3C NVIDIA NeMo Framework contains a vulnerability leading to Remote Code Execution
NVIDIA NeMo Framework contains a vulnerability where an attacker may cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering...
entity-model (>=1.0.0 <=1.0.9), fast-whisper-diarizer (>=0.1.2 <=0.1.32) +29 more potentially affected by CVE-2026-24157 via nemo-toolkit (>=1.23.0 <=2.6.1)
nemo-toolkit PYPI version =1.23.0, =1.0.0, =0.1.2, =0.2.7, =5.1.6, =1.0.0, =0.0.1, =0.0.1, =0.1.1, =0.1.0, =0.1.0, =0.1.0, =0.2.3a1 and more Source cves: CVE-2026-24157 Source advisory: OSV:GHSA-M4JW-WGMF-889X...
entity-model (>=1.0.0 <=1.0.9), fast-whisper-diarizer (>=0.1.2 <=0.1.32) +29 more potentially affected by CVE-2026-24159 via nemo-toolkit (>=1.23.0 <=2.6.1)
nemo-toolkit PYPI version =1.23.0, =1.0.0, =0.1.2, =0.2.7, =5.1.6, =1.0.0, =0.0.1, =0.0.1, =0.1.1, =0.1.0, =0.1.0, =0.1.0, =0.2.3a1 and more Source cves: CVE-2026-24159 Source advisory: OSV:GHSA-V7V2-M736-CF3C...
NVIDIA NeMo Framework contains an RCE vulnerability in checkpoint loading
NVIDIA NeMo Framework contains a vulnerability in checkpoint loading where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering...
NVIDIA NeMo Framework contains a vulnerability leading to Remote Code Execution
NVIDIA NeMo Framework contains a vulnerability where an attacker may cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering...
GHSA-M4JW-WGMF-889X NVIDIA NeMo Framework contains an RCE vulnerability in checkpoint loading
NVIDIA NeMo Framework contains a vulnerability in checkpoint loading where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering...
Deserialization of Untrusted Data
Overview nemo-toolkit is a NeMo - a toolkit for Conversational AI Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the torch.load checkpoint and model import paths in the nemo collections and checkpoint utilities. An attacker can execute arbitrary code...
Deserialization of Untrusted Data
Overview nemo-toolkit is a NeMo - a toolkit for Conversational AI Affected versions of this package are vulnerable to Deserialization of Untrusted Data the HFCheckpointIO checkpoint-loading process in nemo/lightning/io/hf.py. An attacker can execute arbitrary code on the victim system by supplyin...
CVE-2026-24157
NVIDIA NeMo Framework contains a vulnerability in checkpoint loading where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering...