📦 Bentoml

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in BentoML's file upload system. Unauthenticated attackers can force the server to make arbitrary HTTP requests to internal networ...

CVE-2025-32375 is an insecure deserialization vulnerability in BentoML's runner server that allows remote code execution. Attackers can execute arbitrary code by sending specially crafted POST request...

CVE-2025-27520 is a critical remote code execution vulnerability in BentoML caused by insecure deserialization in serde.py. It allows unauthenticated attackers to execute arbitrary code on servers run...