563 matches found
Security Bulletin: NVIDIA NeMo Framework - March 2026
NVIDIA has released a software update for NVIDIA® NeMo Framework. To protect your system, clone or update this software to version 2.6.2 or later from NVIDIA/NeMo Framework on NVIDIA GitHub or pypi. Go to NVIDIA Product Security. Details The following table summarizes the potential vulnerabilitie...
PT-2026-27514
Name of the Vulnerable Software and Affected Versions NVIDIA NeMo Framework affected versions not specified Description The NVIDIA NeMo Framework has a flaw that could allow an attacker to trigger remote code execution. Successful exploitation of this issue may result in code execution, privilege...
PT-2026-27512
Name of the Vulnerable Software and Affected Versions NVIDIA NeMo Framework affected versions not specified Description The NVIDIA NeMo Framework has a flaw in how it loads checkpoints, potentially allowing a remote attacker to execute code. Exploitation of this issue could result in code...
CVE-2025-33246
NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Evaluator utility, where a user could cause a command injection by supplying crafted input to a configuration parameter. A successful exploit of this vulnerability might lead to code execution, escalation of privileges,...
CVE-2025-33253
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...
CVE-2025-33251
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...
CVE-2025-33241
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by loading a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
CVE-2025-33249
NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, where malicious input created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, a...
CVE-2025-33236
NVIDIA NeMo Framework contains a vulnerability where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
CVE-2025-33245
NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
CVE-2025-33252
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...
CVE-2025-33243
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution in distributed environments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
CVE-2025-33250
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...
fast-whisper-diarizer (>=0.1.2 <=0.1.32), faster-whisper-hotkey (>=0.2.7 <=0.4.3) +14 more potentially affected by CVE-2025-33253 via nemo-toolkit (>=1.23.0 <=2.5.3)
nemo-toolkit PYPI version =1.23.0, =0.1.2, =0.2.7, =1.0.0, =0.0.1, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.0.3, =0.0.4 - wavlmmsdd =1.0.0 and more Source cves: CVE-2025-33253 Source advisory: OSV:GHSA-HVJW-VP7G-39H5...
fast-whisper-diarizer (>=0.1.2 <=0.1.32), faster-whisper-hotkey (>=0.2.7 <=0.4.3) +9 more potentially affected by CVE-2025-33253 via nemo-toolkit (>=2.0.0rc0 <=2.5.3)
nemo-toolkit PYPI version =2.0.0rc0, =0.1.2, =0.2.7, =1.0.0, =0.0.1, =0.0.1, =0.1.0, =1.0.0, =1.0.7 Source cves: CVE-2025-33253 Source advisory: SNYK:PYTHON-NEMOTOOLKIT-15325663...
Deserialization of Untrusted Data
Overview nemo-toolkit is a NeMo - a toolkit for Conversational AI Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the deserialization process in the receivegenerateinfo function of audiotextgenerationutils.py. An attacker can execute arbitrary code, cause...
NVIDIA NeMo Framework Deserializes Untrusted Data
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...
GHSA-HVJW-VP7G-39H5 NVIDIA NeMo Framework Deserializes Untrusted Data
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...
fast-whisper-diarizer (>=0.1.2 <=0.1.32), faster-whisper-hotkey (>=0.2.7 <=0.4.3) +14 more potentially affected by CVE-2025-33245 via nemo-toolkit (>=1.23.0 <=2.5.3)
nemo-toolkit PYPI version =1.23.0, =0.1.2, =0.2.7, =1.0.0, =0.0.1, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.0.3, =0.0.4 - wavlmmsdd =1.0.0 and more Source cves: CVE-2025-33245 Source advisory: OSV:GHSA-9379-MWVR-7WXX...
fast-whisper-diarizer (>=0.1.2 <=0.1.32), faster-whisper-hotkey (>=0.2.7 <=0.4.3) +9 more potentially affected by CVE-2025-33245 via nemo-toolkit (>=2.0.0rc0 <=2.5.3)
nemo-toolkit PYPI version =2.0.0rc0, =0.1.2, =0.2.7, =1.0.0, =0.0.1, =0.0.1, =0.1.0, =1.0.0, =1.0.7 Source cves: CVE-2025-33245 Source advisory: SNYK:PYTHON-NEMOTOOLKIT-15325666...