AI Threat Alert

BentoML Vulnerabilities

pip MLOps

58

Risk Score

15

Total CVEs

4

Critical

pip

Ecosystem

May 11, 2026

Last CVE

55%

Patch Rate

11d

Avg Time to Patch

8,648 stars 963 forks 150 issues 22 dependents Last push May 7, 2026

OpenSSF Scorecard 6.5/10

Known Vulnerabilities (15 total, page 1 of 1)

Severity CVE ID Summary CVSS Published

HIGH CVE-2026-44345 BentoML: unsanitized base_image allows Dockerfile RCE 8.8 May 11, 2026 HIGH CVE-2026-44346 BentoML: Dockerfile injection enables build-time RCE 8.8 May 11, 2026 MEDIUM CVE-2026-40610 BentoML: symlink traversal exfiltrates host secrets at build 5.5 May 7, 2026 HIGH CVE-2026-35043 BentoML: cmd injection RCE on cloud build infra 7.8 Apr 3, 2026 HIGH CVE-2026-35044 BentoML: malicious bento archive RCE via Jinja2 SSTI 8.8 Apr 3, 2026 HIGH CVE-2026-33744 BentoML: command injection in bentofile.yaml containerize 7.8 Mar 27, 2026 MEDIUM GHSA-564p-rx2q-4c8v BentoML: open redirect exposes ML teams to phishing 6.1 Mar 20, 2025 HIGH GHSA-hh3j-9m59-p8vc BentoML: DoS via multipart boundary in Gradio login 7.5 Mar 20, 2025 HIGH CVE-2026-27905 bentoml: security flaw enables exploitation 7.8 Mar 3, 2026 MEDIUM CVE-2026-24123 bentoml: Path Traversal enables file access 6.5 Jan 26, 2026 CRITICAL CVE-2025-54381 BentoML: unauthenticated SSRF via file upload URLs 9.9 Jul 29, 2025 CRITICAL CVE-2025-32375 BentoML: RCE via insecure deserialization in runner 9.8 Apr 9, 2025 CRITICAL CVE-2025-27520 BentoML: unauthenticated RCE via insecure deserialization 9.8 Apr 4, 2025 CRITICAL CVE-2024-9070 BentoML: unauthenticated RCE via runner deserialization 9.8 Mar 20, 2025 HIGH CVE-2024-9056 BentoML: DoS via multipart boundary exhausts server 7.5 Mar 20, 2025

Monitor BentoML in your stack

Get instant alerts when new vulnerabilities affect BentoML. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring