Nvidia Security Vulnerabilities (CVEs)

NVIDIA Delegated Licensing Service contains an improper authentication vulnerability (CWE-287) that could allow an attacker to bypass authentication m...

This vulnerability allows low-privileged users on NVIDIA Cumulus Linux and NVOS systems to inject commands through the NVUE interface, potentially lea...

This vulnerability in NVIDIA Cumulus Linux and NVOS allows low-privileged users to execute unauthorized commands through the NVUE interface, potential...

CVE-2025-33252 is a deserialization vulnerability in NVIDIA's NeMo Framework that allows remote attackers to execute arbitrary code. This affects orga...

The NVIDIA NeMo Framework vulnerability allows remote code execution in distributed environments, enabling attackers to execute arbitrary code, escala...

CVE-2025-33246 is a command injection vulnerability in NVIDIA's NeMo Framework ASR Evaluator utility that allows attackers to execute arbitrary comman...

CVE-2025-33250 is a remote code execution vulnerability in NVIDIA's NeMo Framework that allows attackers to execute arbitrary code on affected systems...

The NVIDIA NeMo Framework vulnerability allows attackers to inject malicious code through crafted data inputs. Successful exploitation could lead to r...

NVIDIA Megatron Bridge contains a code injection vulnerability in a data shuffling tutorial component. Successful exploitation could allow attackers t...

NVIDIA Nsight Systems contains an OS command injection vulnerability in the gfx_hotspot recipe. Attackers can execute arbitrary commands by supplying ...

This vulnerability in NVIDIA Nsight Visual Studio for Windows allows attackers to execute arbitrary code with the same privileges as the Nsight Monito...

This vulnerability allows attackers to execute arbitrary operating system commands by injecting malicious strings into the installation path parameter...

CVE-2025-33231 is a DLL hijacking vulnerability in NVIDIA Nsight Systems for Windows that allows attackers to execute arbitrary code by placing malici...

This CVE describes a command injection vulnerability in NVIDIA NSIGHT Graphics for Linux that allows attackers to execute arbitrary commands. Successf...

NVIDIA Triton Server for Linux has an input validation vulnerability where attackers can trigger improper quantity validation, potentially causing den...

NVIDIA Triton Inference Server has a vulnerability where sending excessively large payloads can trigger improper condition checking, potentially causi...

This vulnerability in NVIDIA TAO allows attackers to load malicious resources via uncontrolled search paths, potentially leading to privilege escalati...

The NVIDIA NeMo framework contains a vulnerability where attackers can exploit a predefined variable to include functionality from untrusted sources, ...

This vulnerability in NVIDIA DGX Spark GB10's SROOT firmware allows attackers to exploit improper input processing. Successful exploitation could lead...

This vulnerability in NVIDIA DGX Spark GB10's SROOT firmware allows resource reuse, potentially enabling information disclosure. Attackers could explo...

This vulnerability in NVIDIA DGX Spark GB10's SROOT firmware allows attackers to trigger a NULL pointer dereference, potentially causing a denial of s...

This vulnerability in NVIDIA DGX Spark GB10 hardware allows attackers to tamper with hardware controls, potentially leading to information disclosure,...

This vulnerability in NVIDIA DGX Spark GB10's SROOT firmware allows attackers to perform out-of-bounds writes, potentially leading to code execution, ...

This vulnerability in NVIDIA DGX Spark GB10's OSROOT firmware allows attackers to trigger invalid memory reads, potentially causing denial of service....

NVIDIA DGX Spark GB10 systems contain a vulnerability in SROOT firmware where improper integrity validation could allow attackers to access sensitive ...

The NVIDIA NeMo Framework contains a code injection vulnerability in its BERT services component that allows attackers to execute arbitrary code by se...

NVIDIA Triton Inference Server contains a stack overflow vulnerability where attackers can send extra-large payloads to cause denial of service. This ...

The NVIDIA NeMo Framework contains a vulnerability where malicious input can cause improper control of code generation, potentially leading to remote ...

This vulnerability in NVIDIA Nsight Graphics for Windows allows DLL hijacking attacks where an attacker could place a malicious DLL in a location that...

NVIDIA Megatron-LM's msdp preprocessing script contains a code injection vulnerability (CWE-94) that allows attackers to execute arbitrary code by pro...

CVE-2025-23348 is a code injection vulnerability in NVIDIA's Megatron-LM pretrain_gpt script that allows attackers to execute arbitrary code by provid...

This vulnerability in NVIDIA CUDA Toolkit's nvJPEG component allows a local authenticated user to trigger a GPU out-of-bounds write by providing speci...

The NVIDIA NVDebug tool contains a improper path validation vulnerability (CWE-22) that allows attackers to write files to restricted system component...

CVE-2025-23315 is a code injection vulnerability in NVIDIA NeMo Framework's export and deploy component that allows attackers to execute arbitrary cod...

NVIDIA NeMo Curator contains a code injection vulnerability (CWE-94) where malicious files can execute arbitrary code. This affects all platforms runn...

CVE-2025-23313 is a code injection vulnerability in NVIDIA's NeMo Framework NLP component that allows attackers to execute arbitrary code by providing...

CVE-2025-23333 is an out-of-bounds read vulnerability in NVIDIA Triton Inference Server's Python backend that allows attackers to read memory beyond a...

CVE-2025-23334 is an out-of-bounds read vulnerability in NVIDIA Triton Inference Server's Python backend that could allow information disclosure. Atta...

NVIDIA Triton Inference Server contains an integer underflow vulnerability in its TensorRT backend that could allow attackers to cause denial of servi...

NVIDIA Triton Inference Server contains an integer overflow vulnerability where sending an invalid request can cause a segmentation fault and crash th...

NVIDIA Triton Inference Server contains a vulnerability where specially crafted inputs can trigger uncontrolled recursion, potentially causing denial ...

NVIDIA Triton Inference Server contains an integer overflow vulnerability (CWE-190) where specially crafted inputs could cause denial of service or da...

NVIDIA Triton Inference Server's Python backend has a buffer overflow vulnerability where specially crafted requests can trigger out-of-bounds writes....

NVIDIA Triton Inference Server contains a divide-by-zero vulnerability in request processing that could cause denial of service. Attackers can exploit...

CVE-2025-23265 is a code injection vulnerability in NVIDIA Megatron-LM's Python component that allows attackers to execute arbitrary code by providing...

The NVIDIA NVDebug tool contains a vulnerability that could allow attackers to access restricted components, potentially leading to information disclo...

The NVIDIA NeMo Framework vulnerability allows remote attackers to execute arbitrary code by exploiting insecure deserialization of untrusted data. Th...