NVIDIA Nemo
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in NVIDIA Nemo.
Recent NVIDIA Nemo Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 5736 | Security Bulletin: NVIDIA NeMo Framework - December 2025 | December 16, 2025 |
| 5729 | Security Bulletin: NVIDIA NeMo Framework - November 2025 | November 25, 2025 |
| 5726 | Security Bulletin: NVIDIA NeMo Agent Toolkit - November 2025 | November 25, 2025 |
| 5718 | Security Bulletin: NVIDIA NeMo Framework - November 2025 | November 11, 2025 |
| 5690 | Security Bulletin: NVIDIA NeMo Curator - August 2025 | August 26, 2025 |
| 5689 | Security Bulletin: NVIDIA NeMo Framework - August 2025 | August 26, 2025 |
| 5686 | Security Bulletin: NVIDIA NeMo Framework - August 2025 | August 12, 2025 |
| 5641 | Security Bulletin: NVIDIA® NeMo - April 2025 | April 22, 2025 |
| 5623 | Security Bulletin: NVIDIA NeMo - March 2025 | March 11, 2025 |
By the Year
In 2026 there have been 0 vulnerabilities in NVIDIA Nemo. Last year, in 2025 Nemo had 7 security vulnerabilities published. Right now, Nemo is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 7 | 7.63 |
| 2024 | 1 | 7.80 |
| 2023 | 0 | 0.00 |
| 2022 | 1 | 4.40 |
It may take a day or so for new Nemo vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent NVIDIA Nemo Security Vulnerabilities
NVIDIA NeMo Framework Code Injection via Malicious Data
CVE-2025-33226
7.8 - High
- December 16, 2025
NVIDIA NeMo Framework for all platforms contains a vulnerability where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
Marshaling, Unmarshaling
NVIDIA NeMo Framework: Code Exec from Malicious Model Loading
CVE-2025-33212
7.3 - High
- December 16, 2025
NVIDIA NeMo Framework contains a vulnerability in model loading that could allow an attacker to exploit improper control mechanisms if a user loads a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and data tampering.
Marshaling, Unmarshaling
NVIDIA NeMo Agent Toolkit UI: SSRF in Chat API
CVE-2025-33203
7.6 - High
- November 25, 2025
NVIDIA NeMo Agent Toolkit UI for Web contains a vulnerability in the chat API endpoint where an attacker may cause a Server-Side Request Forgery. A successful exploit of this vulnerability may lead to information disclosure and denial of service.
SSRF
NVIDIA NeMo: Predefined Variable Inclusion Allows Code Exec
CVE-2025-33205
7.3 - High
- November 25, 2025
NVIDIA NeMo framework contains a vulnerability in a predefined variable, where an attacker could cause inclusion of functionality from an untrusted control sphere by use of a predefined variable. A successful exploit of this vulnerability may lead to code execution.
Inclusion of Functionality from Untrusted Control Sphere
NVIDIA NeMo Framework Code Injection via Malicious NLP/LLM Data
CVE-2025-33204
7.8 - High
- November 25, 2025
NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
Code Injection
NVIDIA NeMo BERT Services Code Injection (CVE-2025-33178)
CVE-2025-33178
7.8 - High
- November 11, 2025
NVIDIA NeMo Framework for all platforms contains a vulnerability in the bert services component where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to Code execution, Escalation of privileges, Information disclosure, and Data tampering.
Code Injection
NVIDIA NeMo Framework Improper Code Gen via Script Input (CVE-2025-23361)
CVE-2025-23361
7.8 - High
- November 11, 2025
NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious input created by an attacker may cause improper control of code generation. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
Code Injection
NVIDIA NeMo Path Traversal via Unsafe .tar Extraction in SaveRestoreConnector
CVE-2024-0129
7.8 - High
- October 15, 2024
NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. A successful exploit of this vulnerability may lead to code execution and data tampering.
Directory traversal
NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which
CVE-2022-22821
4.4 - Medium
- January 10, 2022
NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lead to deletion of any directory when admin privileges are available.
Directory traversal
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for NVIDIA Nemo or by NVIDIA? Click the Watch button to subscribe.
