NVIDIA Nemo
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in NVIDIA Nemo.
Recent NVIDIA Nemo Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 5736 | Security Bulletin: NVIDIA NeMo Framework - December 2025 | December 16, 2025 |
| 5729 | Security Bulletin: NVIDIA NeMo Framework - November 2025 | November 25, 2025 |
| 5726 | Security Bulletin: NVIDIA NeMo Agent Toolkit - November 2025 | November 25, 2025 |
| 5718 | Security Bulletin: NVIDIA NeMo Framework - November 2025 | November 11, 2025 |
| 5690 | Security Bulletin: NVIDIA NeMo Curator - August 2025 | August 26, 2025 |
| 5689 | Security Bulletin: NVIDIA NeMo Framework - August 2025 | August 26, 2025 |
| 5686 | Security Bulletin: NVIDIA NeMo Framework - August 2025 | August 12, 2025 |
| 5641 | Security Bulletin: NVIDIA® NeMo - April 2025 | April 22, 2025 |
| 5623 | Security Bulletin: NVIDIA NeMo - March 2025 | March 11, 2025 |
By the Year
In 2026 there have been 10 vulnerabilities in NVIDIA Nemo with an average score of 7.8 out of ten. Last year, in 2025 Nemo had 10 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Nemo in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.20.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 10 | 7.82 |
| 2025 | 10 | 7.62 |
| 2024 | 1 | 7.80 |
| 2023 | 0 | 0.00 |
| 2022 | 1 | 4.40 |
It may take a day or so for new Nemo vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent NVIDIA Nemo Security Vulnerabilities
NVIDIA NeMo Framework RCE via Malicious File Load
CVE-2025-33253
7.8 - High
- February 18, 2026
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
Marshaling, Unmarshaling
Remote Code Execution in NVIDIA NeMo FW
CVE-2025-33252
7.8 - High
- February 18, 2026
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
Marshaling, Unmarshaling
NVIDIA NeMo Framework RCE Remote Code Execution
CVE-2025-33251
7.8 - High
- February 18, 2026
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
Code Injection
RCE in NVIDIA NeMo Framework
CVE-2025-33250
7.8 - High
- February 18, 2026
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
Code Injection
NVIDIA NeMo Framework Voice-Preproc Script Code Injection
CVE-2025-33249
7.8 - High
- February 18, 2026
NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, where malicious input created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
Command Injection
NVIDIA NeMo Framework ASR Evaluator Command Injection Vulnerability
CVE-2025-33246
7.8 - High
- February 18, 2026
NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Evaluator utility, where a user could cause a command injection by supplying crafted input to a configuration parameter. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, or information disclosure.
Command Injection
NVIDIA NeMo RCE via Malicious Data
CVE-2025-33245
8 - High
- February 18, 2026
NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
Marshaling, Unmarshaling
NVIDIA NeMo Framework RCE via Distributed Env Exploit
CVE-2025-33243
7.8 - High
- February 18, 2026
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution in distributed environments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
Marshaling, Unmarshaling
Remote Code Execution in NVIDIA NeMo via Malicious File (CVE-2025-33241)
CVE-2025-33241
7.8 - High
- February 18, 2026
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by loading a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
Marshaling, Unmarshaling
NVIDIA NeMo Code Injection Vulnerability (CVE-2025-33236)
CVE-2025-33236
7.8 - High
- February 18, 2026
NVIDIA NeMo Framework contains a vulnerability where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
Code Injection
NVIDIA NeMo Framework Code Injection via Malicious Data
CVE-2025-33226
7.8 - High
- December 16, 2025
NVIDIA NeMo Framework for all platforms contains a vulnerability where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
Marshaling, Unmarshaling
NVIDIA NeMo Framework: Code Exec from Malicious Model Loading
CVE-2025-33212
7.3 - High
- December 16, 2025
NVIDIA NeMo Framework contains a vulnerability in model loading that could allow an attacker to exploit improper control mechanisms if a user loads a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and data tampering.
Marshaling, Unmarshaling
NVIDIA NeMo Agent Toolkit UI: SSRF in Chat API
CVE-2025-33203
7.6 - High
- November 25, 2025
NVIDIA NeMo Agent Toolkit UI for Web contains a vulnerability in the chat API endpoint where an attacker may cause a Server-Side Request Forgery. A successful exploit of this vulnerability may lead to information disclosure and denial of service.
SSRF
NVIDIA NeMo: Predefined Variable Inclusion Allows Code Exec
CVE-2025-33205
7.3 - High
- November 25, 2025
NVIDIA NeMo framework contains a vulnerability in a predefined variable, where an attacker could cause inclusion of functionality from an untrusted control sphere by use of a predefined variable. A successful exploit of this vulnerability may lead to code execution.
Inclusion of Functionality from Untrusted Control Sphere
NVIDIA NeMo Framework Code Injection via Malicious NLP/LLM Data
CVE-2025-33204
7.8 - High
- November 25, 2025
NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
Code Injection
NVIDIA NeMo BERT Services Code Injection (CVE-2025-33178)
CVE-2025-33178
7.8 - High
- November 11, 2025
NVIDIA NeMo Framework for all platforms contains a vulnerability in the bert services component where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to Code execution, Escalation of privileges, Information disclosure, and Data tampering.
Code Injection
NVIDIA NeMo Framework Improper Code Gen via Script Input (CVE-2025-23361)
CVE-2025-23361
7.8 - High
- November 11, 2025
NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious input created by an attacker may cause improper control of code generation. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
Code Injection
CVE-2025-23251: RCE via Improper Generated Code Control in NVIDIA NeMo
CVE-2025-23251
7.6 - High
- April 22, 2025
NVIDIA NeMo Framework contains a vulnerability where a user could cause an improper control of generation of code by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering.
Code Injection
NVIDIA NeMo: Improper Pathname Limitation Allows Arbitrary File Write
CVE-2025-23250
7.6 - High
- April 22, 2025
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause an improper limitation of a pathname to a restricted directory by an arbitrary file write. A successful exploit of this vulnerability might lead to code execution and data tampering.
Directory traversal
NVIDIA NeMo Framework Deserialization RCE Enables Code Execution
CVE-2025-23249
7.6 - High
- April 22, 2025
NVIDIA NeMo Framework contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering.
Marshaling, Unmarshaling
NVIDIA NeMo Path Traversal via Unsafe .tar Extraction in SaveRestoreConnector
CVE-2024-0129
7.8 - High
- October 15, 2024
NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. A successful exploit of this vulnerability may lead to code execution and data tampering.
Directory traversal
NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which
CVE-2022-22821
4.4 - Medium
- January 10, 2022
NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lead to deletion of any directory when admin privileges are available.
Directory traversal
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for NVIDIA Nemo or by NVIDIA? Click the Watch button to subscribe.
