CVE-2025-33236

NVIDIA NeMo Framework contains a vulnerability where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

CVE-2025-33245

NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

CVE-2025-33252

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...

CVE-2025-33243

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution in distributed environments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

CVE-2025-33250

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...

fast-whisper-diarizer (>=0.1.2 <=0.1.32), faster-whisper-hotkey (>=0.2.7 <=0.4.3) +10 more potentially affected by CVE-2025-33253 via nemo-toolkit (>=2.0.0rc0 <=2.5.3)

nemo-toolkit PYPI version =2.0.0rc0, =0.1.2, =0.2.7, =1.0.0, =0.0.1, =0.0.1, =0.1.1, =0.1.0, =1.0.0, =1.0.7 Source cves: CVE-2025-33253 Source advisory: SNYK:PYTHON-NEMOTOOLKIT-15325663...

fast-whisper-diarizer (>=0.1.2 <=0.1.32), faster-whisper-hotkey (>=0.2.7 <=0.4.3) +15 more potentially affected by CVE-2025-33253 via nemo-toolkit (>=1.23.0 <=2.5.3)

nemo-toolkit PYPI version =1.23.0, =0.1.2, =0.2.7, =1.0.0, =0.0.1, =0.0.1, =0.1.1, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.0.3, =0.0.4 and more Source cves: CVE-2025-33253 Source advisory: OSV:GHSA-HVJW-VP7G-39H5...

Deserialization of Untrusted Data

Overview nemo-toolkit is a NeMo - a toolkit for Conversational AI Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the deserialization process in the receivegenerateinfo function of audiotextgenerationutils.py. An attacker can execute arbitrary code, cause...

NVIDIA NeMo Framework Deserializes Untrusted Data

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...

GHSA-HVJW-VP7G-39H5 NVIDIA NeMo Framework Deserializes Untrusted Data

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...

GHSA-9379-MWVR-7WXX NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution

NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

fast-whisper-diarizer (>=0.1.2 <=0.1.32), faster-whisper-hotkey (>=0.2.7 <=0.4.3) +10 more potentially affected by CVE-2025-33245 via nemo-toolkit (>=2.0.0rc0 <=2.5.3)

nemo-toolkit PYPI version =2.0.0rc0, =0.1.2, =0.2.7, =1.0.0, =0.0.1, =0.0.1, =0.1.1, =0.1.0, =1.0.0, =1.0.7 Source cves: CVE-2025-33245 Source advisory: SNYK:PYTHON-NEMOTOOLKIT-15325666...

fast-whisper-diarizer (>=0.1.2 <=0.1.32), faster-whisper-hotkey (>=0.2.7 <=0.4.3) +15 more potentially affected by CVE-2025-33245 via nemo-toolkit (>=1.23.0 <=2.5.3)

nemo-toolkit PYPI version =1.23.0, =0.1.2, =0.2.7, =1.0.0, =0.0.1, =0.0.1, =0.1.1, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.0.3, =0.0.4 and more Source cves: CVE-2025-33245 Source advisory: OSV:GHSA-9379-MWVR-7WXX...

Deserialization of Untrusted Data

Overview nemo-toolkit is a NeMo - a toolkit for Conversational AI Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the model loading process with weightsonly=False. An attacker can execute arbitrary code, escalate privileges, disclose sensitive information...

NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution

NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

nemo-eval (=0.2.0rc0), nemo-export-deploy (>=0.2.0 <=0.3.1) potentially affected by CVE-2025-33240 via megatron-bridge (=0.2.0rc6)

megatron-bridge PYPI version =0.2.0rc6 is affected by a known vulnerability. The following packages have a transitive dependency on megatron-bridge and may be impacted: - nemo-eval =0.2.0rc0 - nemo-export-deploy =0.2.0, =0.3.1 Source cves: CVE-2025-33240 Source advisory:...

nemo-eval (=0.2.0rc0), nemo-export-deploy (>=0.2.0 <=0.3.1) potentially affected by CVE-2025-33239 via megatron-bridge (=0.2.0rc6)

megatron-bridge PYPI version =0.2.0rc6 is affected by a known vulnerability. The following packages have a transitive dependency on megatron-bridge and may be impacted: - nemo-eval =0.2.0rc0 - nemo-export-deploy =0.2.0, =0.3.1 Source cves: CVE-2025-33239 Source advisory:...

CVE-2025-33252

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...

CVE-2025-33253

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...

CVE-2025-33253

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...