PyPI package
nemo-toolkit
pkg:pypi/nemo-toolkit
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-24159 | — | < 2.6.2 | 2.6.2 | Mar 24, 2026 | NVIDIA NeMo Framework contains a vulnerability where an attacker may cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering. | ||
| CVE-2026-24157 | — | < 2.6.2 | 2.6.2 | Mar 24, 2026 | NVIDIA NeMo Framework contains a vulnerability in checkpoint loading where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering. | ||
| CVE-2025-33253 | — | < 2.6.1 | 2.6.1 | Feb 18, 2026 | NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data | ||
| CVE-2025-33245 | — | < 2.6.1 | 2.6.1 | Feb 18, 2026 | NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | ||
| CVE-2022-22821 | Low | 2.0 | < 1.6.0 | 1.6.0 | Jan 10, 2022 | NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lead to deletion of any directory when admin privileges are available. |
- CVE-2026-24159Mar 24, 2026affected < 2.6.2fixed 2.6.2
NVIDIA NeMo Framework contains a vulnerability where an attacker may cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering.
- CVE-2026-24157Mar 24, 2026affected < 2.6.2fixed 2.6.2
NVIDIA NeMo Framework contains a vulnerability in checkpoint loading where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering.
- CVE-2025-33253Feb 18, 2026affected < 2.6.1fixed 2.6.1
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data
- CVE-2025-33245Feb 18, 2026affected < 2.6.1fixed 2.6.1
NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
- affected < 1.6.0fixed 1.6.0
NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lead to deletion of any directory when admin privileges are available.