pkg:PyPI/bentoml

All known vulnerabilities

• CRITICAL9.9CVE-2025-54381BentoML SSRF Vulnerability in File Upload Processing
  >= 1.4.0, < 1.4.19
• CRITICAL9.8CVE-2025-32375BentoML's runner server Vulnerable to Remote Code Execution (RCE) via Insecure Deserialization
  >= 1.0.0, < 1.4.8
• CRITICAL9.8CVE-2025-32375BentoML's runner server Vulnerable to Remote Code Execution (RCE) via Insecure Deserialization
  >= 1.0.0a1, < 1.4.8
• CRITICAL9.8BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization
  >= 1.3.4, < 1.4.3
• CRITICAL9.8BentoML deserialization vulnerability
  from 0, <= 1.4.5
• CRITICAL9.8Insecure deserialization in BentoML
  from 0, < 1.2.5
• HIGH8.8Dockerfile command injection via envs[*].name in bentofile.yaml (sibling fix-bypass of CVE-2026-33744 and CVE-2026-35043)
  from 0, < 1.4.39
• HIGH8.8Dockerfile command injection via envs[*].name in bentofile.yaml (sibling fix-bypass of CVE-2026-33744 and CVE-2026-35043)
  from 0, < 1.4.39
• HIGH8.8BentoML Dockerfile command injection via docker.base_image (sister of pending GHSA-w2pm-x38x-jp44 / CVE-2026-33744 / CVE-2026-35043)
  from 0, < 1.4.39
• HIGH8.8BentoML Dockerfile command injection via docker.base_image (sister of pending GHSA-w2pm-x38x-jp44 / CVE-2026-33744 / CVE-2026-35043)
  from 0, < 1.4.39
• HIGH8.8BentoML: SSTI via Unsandboxed Jinja2 in Dockerfile Generation
  from 0, < 1.4.38
• HIGH8.8BentoML: SSTI via Unsandboxed Jinja2 in Dockerfile Generation
  from 0, < 1.4.38
• HIGH7.8BentoML: Command Injection in cloud deployment setup script
  from 0, < 1.4.38
• HIGH7.8BentoML: Command Injection in cloud deployment setup script
  from 0, < 1.4.38
• HIGH7.8BentoML has Dockerfile Command Injection via system_packages in bentofile.yaml
  from 0, < 1.4.37
• HIGH7.8BentoML has Dockerfile Command Injection via system_packages in bentofile.yaml
  from 0, < 1.4.37
• HIGH7.5BentoML Denial of Service (DoS) via Multipart Boundary
  from 0, <= 1.4.5
• HIGH7.4BentoML has a Path Traversal via Bentofile Configuration
  from 0, < 1.4.34
• MEDIUM5.5BentoML has Information Disclosure in `bentoml build` via symlink traversal in the build context
  from 0, < 1.4.39
• —BentoML Vulnerable to Arbitrary File Write via Symlink Path Traversal in Tar Extraction
  from 0, < 1.4.36