bentoml
PyPI8 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting bentomlpage 1 of 1
- CVE-2024-2912CRITICALCVSS 10.0EG 10.0✓ Fixed in 1.2.52024-04-16
vulnerable: 0.0.1 ... 1.2.4 (135 versions)
An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution (RCE) by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the …
- CVE-2024-9056HIGHCVSS 7.5EG 7.52025-03-20
vulnerable: 0.0.1 ... 1.4.5 (185 versions)
BentoML version v1.3.4post1 is vulnerable to a Denial of Service (DoS) attack. The vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request. This causes the server to…
- CVE-2024-9070CRITICALCVSS 9.8EG 9.82025-03-20
vulnerable: 0.0.1 ... 1.4.5 (185 versions)
A deserialization vulnerability exists in BentoML's runner server in bentoml/bentoml versions <=1.3.4.post1. By setting specific parameters, an attacker can execute unauthorized arbitrary code on the server, causing severe harm. The vulner…
- CVE-2025-27520CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.4.32025-04-04
vulnerable: 1.3.10 ... 1.4.2 (24 versions)
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code Execution (RCE) vulnerability caused by insecure deserialization has been identified in the latest version (v1.4.2) of…
- CVE-2025-32375CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.4.82025-04-09
vulnerable: 1.0.0 ... 1.4.7 (115 versions)
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting specific headers and parameters in the …
- CVE-2025-54381CRITICALCVSS 9.9EG 9.9✓ Fixed in 1.4.192025-07-29
vulnerable: 1.4.0 ... 1.4.9 (19 versions)
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.0 until 1.4.19, the file upload processing system contains an SSRF vulnerability that allows unauthenticated remote …
- CVE-2026-35043HIGHCVSS 7.8EG 7.8✓ Fixed in 1.4.382026-04-06
vulnerable: 0.0.1 ... 1.4.9 (217 versions)
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in src/bentoml/_internal/cloud/deployment.py was not included in the fix for CVE-2026-337…
- CVE-2026-35044HIGHCVSS 8.8EG 8.8✓ Fixed in 1.4.382026-04-06
vulnerable: 0.0.1 ... 1.4.9 (217 versions)
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the Dockerfile generation function generate_containerfile() in src/bentoml/_internal/container/generate.py uses an …
Check whether bentoml is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for bentoml CVEs against the assets you own.
Start Free Scan →