1357 matches found
CVE-2026-5843 Docker Model Runner container-to-host code execution via MLX-LM model_file importlib loading
The MLX inference backend in Docker Model Runner on macOS uses the MLX-LM library, which unconditionally imports and executes arbitrary Python files from model directories via the modelfile configuration field in config.json. When a model's config.json specifies a modelfile pointing to a Python...
EUVD-2026-31493
The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trustremotecode=True when loading model tokenizers, and runs without sandboxing. This causes transformers.AutoTokenizer.frompretrained to import and execute arbitrary Python files included in any model pulled fr...
CVE-2026-5817 Docker Model Runner container-to-host code execution via unsandboxed trust_remote_code in Python inference backends
The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trustremotecode=True when loading model tokenizers, and runs without sandboxing. This causes transformers.AutoTokenizer.frompretrained to import and execute arbitrary Python files included in any model pulled fr...
CVE-2026-5817
The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trustremotecode=True when loading model tokenizers, and runs without sandboxing. This causes transformers.AutoTokenizer.frompretrained to import and execute arbitrary Python files included in any model pulled fr...
CVE-2026-5817 Docker Model Runner container-to-host code execution via unsandboxed trust_remote_code in Python inference backends
The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trustremotecode=True when loading model tokenizers, and runs without sandboxing. This causes transformers.AutoTokenizer.frompretrained to import and execute arbitrary Python files included in any model pulled fr...
CVE-2026-5817
CVE-2026-5817 affects the vllm-metal backend used by Docker Model Runner on macOS. The backend loads model tokenizers with trust_remote_code=True, causing transformers.AutoTokenizer.from_pretrained() to import and execute arbitrary Python files from models pulled from an OCI registry. This can en...
Exploit for CVE-2026-5817
CVE-2026-5817: Docker Model Runner container-to-host RCE / Esc...
Malicious Package
Overview compliance-check-runner is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...
Malicious code in compliance-check-runner (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09baf2402c56bbf2219f28a1113df9b623522a17b3a199cf9a6d58f8cbb0b68a On npm install, the package's postinstall hook runs npx env-security-scanner@latest auditenvironment via childprocess.execSync, fetching and executin...
Docker Model Runner 安全漏洞
Docker Model Runner is an open-source Docker model runner developed by Docker. Docker Model Runner vllm-metal contains a security vulnerability. This vulnerability arises from setting trustremotecode=True without any sandbox protection. It may allow arbitrary Python files to be executed during...
PT-2026-42831
Name of the Vulnerable Software and Affected Versions Docker Model Runner on macOS affected versions not specified Description The MLX inference backend uses the MLX-LM library, which imports and executes arbitrary Python files from model directories via the model file configuration field in the...
PT-2026-42830
Name of the Vulnerable Software and Affected Versions Docker Model Runner on macOS affected versions not specified Description The vllm-metal inference backend unconditionally sets trust remote code=True when loading model tokenizers and operates without sandboxing. This allows the...
Docker Model Runner 安全漏洞
Docker Model Runner is an open-source Docker model runner developed by Docker. There is a security vulnerability in Docker Model Runner MLX. This vulnerability stems from the unconditional import and execution of any Python file in the model directory. It may allow malicious models to be pulled...
CVE-2026-45570 vulnerabilities
Vulnerabilities for packages: argo-workflows, grype, amazon-ssm-agent-fips, external-secrets-operator-fips, grafana-alloy, pulumi-language-yaml, gitaly-fips, argo-events-fips, guac, coder-fips, redpanda-console, terragrunt-fips, gitea-fips, gitlab-runner-fips, nuclei, k9s, mapotf, cg, kyverno,...
GHSA-CRHJ-59GH-8X96 vulnerabilities
Vulnerabilities for packages: argo-workflows, grype, amazon-ssm-agent-fips, external-secrets-operator-fips, grafana-alloy, pulumi-language-yaml, gitaly-fips, argo-events-fips, guac, coder-fips, redpanda-console, terragrunt-fips, gitea-fips, gitlab-runner-fips, nuclei, k9s, mapotf, cg, kyverno,...
GHSA-M7CR-M3PV-HGRP vulnerabilities
Vulnerabilities for packages: argo-workflows, grype, amazon-ssm-agent-fips, external-secrets-operator-fips, grafana-alloy, pulumi-language-yaml, gitaly-fips, argo-events-fips, guac, coder-fips, redpanda-console, terragrunt-fips, gitea-fips, gitlab-runner-fips, nuclei, k9s, mapotf, cg, kyverno,...
CVE-2026-45571 vulnerabilities
Vulnerabilities for packages: argo-workflows, grype, amazon-ssm-agent-fips, external-secrets-operator-fips, grafana-alloy, pulumi-language-yaml, gitaly-fips, argo-events-fips, guac, coder-fips, redpanda-console, terragrunt-fips, gitea-fips, gitlab-runner-fips, nuclei, k9s, mapotf, cg, kyverno,...
Malicious code in venturo-playwright-runner (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e63f5fe21c0fe70b9b120a217b3d1b14e765c47de231eb03d0d763c471fbd4e The package republishes Microsoft's @playwright/test under the unrelated name venturo-playwright-runner and falsifies its identity to claim Microsoft...
Malicious code in venturo-playwright (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 602d8b957dc823f0dd6ac61f115e23fce1b433683873a9f4f8351dcbe9a37035 Package presents itself as Microsoft's Playwright: package.json description 'A high-level API to automate web browsers' is Playwright's exact tagline...
MAL-2026-4700 Malicious code in venturo-playwright (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 602d8b957dc823f0dd6ac61f115e23fce1b433683873a9f4f8351dcbe9a37035 Package presents itself as Microsoft's Playwright: package.json description 'A high-level API to automate web browsers' is Playwright's exact tagline...