559 matches found
CVE-2026-15044
A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the...
PT-2026-56458
Name of the Vulnerable Software and Affected Versions TrustyAI Service Operator affected versions not specified Description A flaw in the TrustyAI Service Operator occurs when deploying services such as gorch or NemoGuardrails. If a specific security setting is not enabled, these services expose...
PYSEC-2026-685 Path Traversal in nemo-toolkit
NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lead to deletion of any directory when admin privileges are available...
GHSA-45GG-VH54-H5M9 vulnerabilities
Vulnerabilities for packages: backup-restore-operator, telegraf, k3s, coder, seaweedfs-rocksdb, cloud-provider-aws, kubescape-server, gitlab-kas, kubescape-server-fips, loki, prometheus-mongodb-exporter, osv-scanner, kubernetes-dashboard, knative-eventing-fips, opentofu,...
GHSA-WQP7-X3PW-XC5R vulnerabilities
Vulnerabilities for packages: nemo, tritonserver-backend-vllm-cuda-12.9...
GHSA-X746-7M8F-X49C vulnerabilities
Vulnerabilities for packages: nemo, tritonserver-backend-vllm-cuda-12.9...
CVE-2026-48817 vulnerabilities
Vulnerabilities for packages: nemo, tritonserver-backend-vllm-cuda-12.9...
CVE-2026-48818 vulnerabilities
Vulnerabilities for packages: nemo, tritonserver-backend-vllm-cuda-12.9...
CVE-2026-24228
NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and information disclosure...
CVE-2026-24155
NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
CVE-2026-24228
NVIDIA NeMo Framework for Linux contains a vulnerability where deserialization of untrusted data may lead to code execution, privilege escalation, data tampering, and information disclosure. The connected NVIDIA security bulletin confirms affected product: NVIDIA NeMo Framework for Linux, with af...
EUVD-2026-37130
NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and information disclosure...
EUVD-2026-37129
NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
CVE-2026-24155
NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
CVE-2026-24155
CVE-2026-24155 affects NVIDIA NeMo Framework for all platforms, described as a code injection vulnerability (CWE-94) that can lead to code execution, privilege escalation, information disclosure, and data tampering. The NVIDIA security bulletin states that CVE-2026-24155 is addressed by updating ...
PT-2026-49725
Name of the Vulnerable Software and Affected Versions NVIDIA NeMo Framework affected versions not specified Description NVIDIA NeMo Framework contains a code injection flaw. A successful exploit could lead to arbitrary code execution, escalation of privileges, information disclosure, and data...
Security Bulletin: NVIDIA NeMo - June 2026
NVIDIA has released a software update for NVIDIA® NeMo Framework. To protect your system, clone or update this software to version 2.7.3 or later from the NVIDIA-NeMo/NeMo GitHub repo. Go to NVIDIA Product Security. Details The following table summarizes the potential vulnerabilities that this...
PT-2026-49726
Name of the Vulnerable Software and Affected Versions NVIDIA NeMo Framework for Linux affected versions not specified Description An issue exists where an attacker may cause deserialization of untrusted data. Deserialization is the process of converting a data stream back into an object. A...
CVE-2025-3000 vulnerabilities
Vulnerabilities for packages: py3-torch-cuda-12.4, py3-torch-cuda-13.3, nemo, py3-torch-cuda-13.0, py3-torch-cuda-13.2, py3-torch-cuda-12.8, py3-torch-cuda-12.9, open-webui, py3-torch-cuda-13.1, py3-torch-cuda-12.6...
GHSA-RRMF-RVHW-RF47 vulnerabilities
Vulnerabilities for packages: py3-torch-cuda-12.4, py3-torch-cuda-13.3, nemo, py3-torch-cuda-13.0, py3-torch-cuda-13.2, py3-torch-cuda-12.8, py3-torch-cuda-12.9, open-webui, py3-torch-cuda-13.1, py3-torch-cuda-12.6...