Lucene search
K

26 matches found

Snyk
Snyk
added 2026/03/24 10:30 p.m.2 views

Deserialization of Untrusted Data

Overview megatron-core is a Megatron Core - a library for efficient and scalable training of transformer based models Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the hybrid conversion script. An attacker can execute arbitrary code, escalate privileges...

8.5CVSS6.1AI score0.00208EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/24 10:30 p.m.4 views

cosmos-predict2 (>=1.0.6 <=1.0.9), entity-model (>=1.0.0 <=1.0.9) +19 more potentially affected by CVE-2025-33248 via megatron-core (>=0.10.0 <=0.15.2)

megatron-core PYPI version =0.10.0, =1.0.6, =1.0.0, =5.1.6, =1.0.0, =0.1.0rc0, =0.1.0rc1, =0.1.0, =1.0.0, =2.0.8, =1.0.0, =2.0.8, =1.0.0, =1.0.0, =1.0.7 and more Source cves: CVE-2025-33248 Source advisory: SNYK:PYTHON-MEGATRONCORE-15871032...

7.8CVSS5.4AI score0.00208EPSS
Exploits0
Snyk
Snyk
added 2026/03/24 10:30 p.m.3 views

Deserialization of Untrusted Data

Overview megatron-core is a Megatron Core - a library for efficient and scalable training of transformer based models Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the quantization configuration loading process. An attacker can execute arbitrary code,...

8.5CVSS6.1AI score0.00322EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/24 10:30 p.m.2 views

cosmos-predict2 (>=1.0.6 <=1.0.9), entity-model (>=1.0.0 <=1.0.9) +19 more potentially affected by CVE-2025-33247 via megatron-core (>=0.10.0 <=0.15.2)

megatron-core PYPI version =0.10.0, =1.0.6, =1.0.0, =5.1.6, =1.0.0, =0.1.0rc0, =0.1.0rc1, =0.1.0, =1.0.0, =2.0.8, =1.0.0, =2.0.8, =1.0.0, =1.0.0, =1.0.7 and more Source cves: CVE-2025-33247 Source advisory: SNYK:PYTHON-MEGATRONCORE-15871031...

7.8CVSS5.4AI score0.00322EPSS
Exploits0
Snyk
Snyk
added 2026/03/24 10:30 p.m.3 views

Deserialization of Untrusted Data

Overview megatron-core is a Megatron Core - a library for efficient and scalable training of transformer based models Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the inferencing process. An attacker can execute arbitrary code, escalate privileges,...

8.5CVSS6.1AI score0.00208EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/24 10:30 p.m.3 views

Deserialization of Untrusted Data

Overview megatron-core is a Megatron Core - a library for efficient and scalable training of transformer based models Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the checkpoint loading process. An attacker can execute arbitrary code, escalate...

8.5CVSS6.1AI score0.00208EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/24 10:30 p.m.3 views

cosmos-predict2 (>=1.0.6 <=1.0.9), entity-model (>=1.0.0 <=1.0.9) +19 more potentially affected by CVE-2026-24151 via megatron-core (>=0.10.0 <=0.15.2)

megatron-core PYPI version =0.10.0, =1.0.6, =1.0.0, =5.1.6, =1.0.0, =0.1.0rc0, =0.1.0rc1, =0.1.0, =1.0.0, =2.0.8, =1.0.0, =2.0.8, =1.0.0, =1.0.0, =1.0.7 and more Source cves: CVE-2026-24151 Source advisory: SNYK:PYTHON-MEGATRONCORE-15871034...

7.8CVSS5.4AI score0.00208EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/24 10:30 p.m.2 views

cosmos-predict2 (>=1.0.6 <=1.0.9), entity-model (>=1.0.0 <=1.0.9) +19 more potentially affected by CVE-2026-24150 via megatron-core (>=0.10.0 <=0.15.2)

megatron-core PYPI version =0.10.0, =1.0.6, =1.0.0, =5.1.6, =1.0.0, =0.1.0rc0, =0.1.0rc1, =0.1.0, =1.0.0, =2.0.8, =1.0.0, =2.0.8, =1.0.0, =1.0.0, =1.0.7 and more Source cves: CVE-2026-24150 Source advisory: SNYK:PYTHON-MEGATRONCORE-15871033...

7.8CVSS5.4AI score0.00208EPSS
Exploits0
Snyk
Snyk
added 2026/03/24 10:30 p.m.3 views

Deserialization of Untrusted Data

Overview megatron-core is a Megatron Core - a library for efficient and scalable training of transformer based models Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the checkpoint loading process. An attacker can execute arbitrary code, escalate...

8.5CVSS6.1AI score0.00208EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/24 10:30 p.m.5 views

cosmos-predict2 (>=1.0.6 <=1.0.9), entity-model (>=1.0.0 <=1.0.9) +19 more potentially affected by CVE-2026-24152 via megatron-core (>=0.10.0 <=0.15.2)

megatron-core PYPI version =0.10.0, =1.0.6, =1.0.0, =5.1.6, =1.0.0, =0.1.0rc0, =0.1.0rc1, =0.1.0, =1.0.0, =2.0.8, =1.0.0, =2.0.8, =1.0.0, =1.0.0, =1.0.7 and more Source cves: CVE-2026-24152 Source advisory: SNYK:PYTHON-MEGATRONCORE-15871035...

7.8CVSS5.4AI score0.00208EPSS
Exploits0
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.8 views

NVIDIA Megatron Bridge 代码注入漏洞

NVIDIA Megatron Bridge is a component developed by NVIDIA Corporation in the United States that connects Hugging Face and Megatron-Core. NVIDIA Megatron Bridge has a code injection vulnerability. This vulnerability arises from malicious inputs in the data merging process, which may lead to code...

7.8CVSS5.8AI score0.00197EPSS
Exploits0References3
Snyk
Snyk
added 2026/02/03 8:46 p.m.5 views

Arbitrary Code Injection

Overview megatron-core is a Megatron Core - a library for efficient and scalable training of transformer based models Affected versions of this package are vulnerable to Arbitrary Code Injection via the script process. An attacker can execute arbitrary code, escalate privileges, disclose...

8.5CVSS6.2AI score0.00256EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/02/03 8:46 p.m.6 views

cosmos-predict2 (>=1.0.6 <=1.0.9), frankenstein-model (>=5.1.6 <=5.3.9) +11 more potentially affected by CVE-2026-24149 via megatron-core (>=0.10.0 <=0.13.1)

megatron-core PYPI version =0.10.0, =1.0.6, =5.1.6, =0.4.0, =1.0.0, =2.0.8, =2.0.8, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.5, =5.0.4 Source cves: CVE-2026-24149 Source advisory: SNYK:PYTHON-MEGATRONCORE-15248398...

7.8CVSS7AI score0.00256EPSS
Exploits0
Snyk
Snyk
added 2025/11/11 4:44 p.m.4 views

Arbitrary Code Injection

Overview megatron-core is a Megatron Core - a library for efficient and scalable training of transformer based models Affected versions of this package are vulnerable to Arbitrary Code Injection. An attacker can execute arbitrary code, escalate privileges, disclose information, or tamper with dat...

8.5CVSS7.5AI score0.00382EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/11/11 4:44 p.m.9 views

cosmos-predict2 (>=1.0.6 <=1.0.9), frankenstein-model (>=5.1.6 <=5.3.9) +11 more potentially affected by CVE-2025-23357 via megatron-core (>=0.10.0 <=0.13.1)

megatron-core PYPI version =0.10.0, =1.0.6, =5.1.6, =0.4.0, =1.0.0, =2.0.8, =2.0.8, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.5, =5.0.4 Source cves: CVE-2025-23357 Source advisory: SNYK:PYTHON-MEGATRONCORE-13901364...

7.8CVSS7AI score0.00382EPSS
Exploits0
Snyk
Snyk
added 2025/09/24 1:43 p.m.5 views

Arbitrary Code Injection

Overview megatron-core is a Megatron Core - a library for efficient and scalable training of transformer based models Affected versions of this package are vulnerable to Arbitrary Code Injection in the tasks/orqa/unsupervised/nq.py component. An attacker can execute arbitrary code, escalate...

9.2CVSS7.9AI score0.0022EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/09/24 1:43 p.m.3 views

cosmos-predict2 (>=1.0.6 <=1.0.9), frankenstein-model (>=5.1.6 <=5.3.9) +8 more potentially affected by CVE-2025-23349 via megatron-core (=0.10.0)

megatron-core PYPI version =0.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on megatron-core and may be impacted: - cosmos-predict2 =1.0.6, =5.1.6, =1.0.0, =2.0.8, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.2.9 Source cves: CVE-2025-23349...

7.8CVSS7AI score0.0022EPSS
Exploits0
Snyk
Snyk
added 2025/09/24 1:43 p.m.4 views

Arbitrary Code Injection

Overview megatron-core is a Megatron Core - a library for efficient and scalable training of transformer based models Affected versions of this package are vulnerable to Arbitrary Code Injection in the pretraingpt script. An attacker can execute arbitrary code, escalate privileges, access sensiti...

9.2CVSS7.9AI score0.0022EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/09/24 1:43 p.m.2 views

cosmos-predict2 (>=1.0.6 <=1.0.9), frankenstein-model (>=5.1.6 <=5.3.9) +8 more potentially affected by CVE-2025-23348 via megatron-core (=0.10.0)

megatron-core PYPI version =0.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on megatron-core and may be impacted: - cosmos-predict2 =1.0.6, =5.1.6, =1.0.0, =2.0.8, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.2.9 Source cves: CVE-2025-23348...

7.8CVSS7AI score0.0022EPSS
Exploits0
Snyk
Snyk
added 2025/09/24 1:43 p.m.2 views

Arbitrary Code Injection

Overview megatron-core is a Megatron Core - a library for efficient and scalable training of transformer based models Affected versions of this package are vulnerable to Arbitrary Code Injection via the msdp\preprocessing script. An attacker can execute arbitrary code and escalate privileges...

8.5CVSS8.3AI score0.0022EPSS
Exploits0References2
Rows per page
Query Builder