Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

bentoml — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting bentoml. AI-powered Chinese analysis, POCs, and references for each vulnerability.

BentoML serves as an open-source platform for packaging, deploying, and managing AI models, primarily used by data science teams to operationalize machine learning workflows. Historically, the project has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and insecure default configurations. While no major security incidents have been widely documented, the 12 recorded CVEs highlight potential risks in model serving infrastructure. Security researchers have identified issues in web interfaces and API endpoints that could allow unauthorized access or system compromise, emphasizing the need for proper input sanitization and access controls in production deployments.

Top products by bentoml: BentoML bentoml/bentoml bentoml/openllm
CVE IDTitleCVSSSeverityPublished
CVE-2026-35044 BentoML has a Server-Side Template Injection via unsandboxed Jinja2 Environment in Dockerfile generation — BentoMLCWE-1336 8.8 High2026-04-06
CVE-2026-35043 BentoML: command injection in cloud deployment setup script (deployment.py) — BentoMLCWE-78 7.8 High2026-04-06
CVE-2026-33744 BentoML has Dockerfile Command Injection via system_packages in bentofile.yaml — BentoMLCWE-94 7.8 High2026-03-27
CVE-2026-27905 BentoML has an Arbitrary File Write via Symlink Path Traversal in Tar Extraction — BentoMLCWE-59 7.4AIHighAI2026-03-03
CVE-2026-24123 BentoML has a Path Traversal via Bentofile Configuration — BentoMLCWE-22 7.4 High2026-01-26
CVE-2025-54381 BentoML is Vulnerable to an SSRF Attack Through File Upload Processing — BentoMLCWE-918 9.9 Critical2025-07-29
CVE-2025-32375 Insecure Deserialization leads to RCE in BentoML's runner server — BentoMLCWE-502 9.8 Critical2025-04-09
CVE-2025-27520 BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization — BentoMLCWE-502 9.8 Critical2025-04-04
CVE-2024-8982 Local File Inclusion in bentoml/openllm — bentoml/openllmCWE-29 9.8 -2025-03-20
CVE-2024-9070 Deserialization Vulnerability in BentoML's Runner Server in bentoml/bentoml — bentoml/bentomlCWE-502 9.8 -2025-03-20
CVE-2024-9056 Denial of Service in bentoml/bentoml — bentoml/bentomlCWE-770 7.5 -2025-03-20
CVE-2024-2912 Insecure Deserialization Leading to RCE in bentoml/bentoml — bentoml/bentomlCWE-1188 10.0 Critical2024-04-16

This page lists every published CVE security advisory associated with bentoml. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.