143
CVEs
6
Critical
82
High
0
KEV
0
PoC
81
Unpatched C/H
8.4%
Patch Rate
0.1%
Avg EPSS
Severity Breakdown
CRITICAL
6
HIGH
82
MEDIUM
38
LOW
17
Monthly CVE Trend
Affected Products (27)
Windows
38
Triton Inference Server
24
Cuda Toolkit
21
Deserialization
16
Dgx Os
14
Nemo
13
Python
13
Memory Corruption
11
Integer Overflow
6
Megatron Lm
6
Linux Kernel
6
Stack Overflow
6
Null Pointer Dereference
4
Nvidia Container Toolkit
4
Command Injection
4
Nvidia Gpu Operator
4
Nvdebug
3
Heap Overflow
3
Use After Free
3
Race Condition
3
Nvjpeg
2
Nemo Curator
1
Apex
1
Pytorch
1
AI / ML
1
Nosql Injection
1
OpenSSL
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-33187 | NVIDIA DGX Spark GB10 contains a vulnerability in SROOT, where an attacker could use privileged access to gain access to SoC protected areas. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 9.3 | 0.0% | 46 |
No patch
|
| CVE-2025-33244 | NVIDIA APEX for Linux contains a deserialization of untrusted data vulnerability that affects environments using PyTorch versions earlier than 2.6. An attacker with low privileges on an adjacent network can exploit this flaw to achieve code execution, denial of service, privilege escalation, data tampering, and information disclosure with scope change (CVSS 9.0 Critical). No KEV listing or public POC availability has been reported at this time. | CRITICAL | 9.0 | 0.0% | 45 |
No patch
|
| CVE-2025-23254 | NVIDIA TensorRT-LLM for any platform contains a vulnerability in python executor where an attacker may cause a data validation issue by local access to the TRTLLM server. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available. | HIGH | 8.8 | 0.6% | 45 |
No patch
|
| CVE-2026-24164 | Insecure deserialization in NVIDIA BioNeMo Framework enables remote code execution when attackers can induce users to process malicious serialized data. This vulnerability (CWE-502) affects the BioNeMo Framework with network-reachable attack surface (AV:N) and low complexity (AC:L), requiring only user interaction (UI:R) but no authentication (PR:N). The CVSS 8.8 rating reflects critical impacts across confidentiality, integrity, and availability. No public exploit identified at time of analysis, though the deserialization vulnerability class is well-understood and commonly exploited. EPSS data not available for this CVE. | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2026-24148 | NVIDIA Jetson system initialization flaw allows authenticated remote attackers to exploit insecure default machine IDs, enabling cross-device information disclosure of encrypted data and tampering. Affects JetPack on Xavier and Orin series devices. CVSS 8.3 (High) with network attack vector and low complexity. EPSS data not available; no confirmed active exploitation (CISA KEV status not present). The vulnerability enables attackers with low-level privileges to compromise multiple devices sharing identical default machine identifiers, undermining cryptographic protections and system integrity across the device fleet. | HIGH | 8.3 | 0.0% | 42 |
No patch
|
| CVE-2025-23342 | The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to gain access to a privileged account . Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available. | HIGH | 8.2 | 0.0% | 41 |
No patch
|
| CVE-2025-23303 | NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available. | HIGH | 7.8 | 1.7% | 41 |
No patch
|
| CVE-2025-33188 | NVIDIA DGX Spark GB10 contains a vulnerability in hardware resources where an attacker could tamper with hardware controls. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available. | HIGH | 8.0 | 0.0% | 40 |
No patch
|
| CVE-2025-23249 | NVIDIA NeMo Framework contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | HIGH | 7.6 | 1.4% | 39 |
No patch
|
| CVE-2025-33247 | NVIDIA Megatron LM contains an insecure deserialization vulnerability (CWE-502) in its quantization configuration loading mechanism that enables remote code execution. Attackers with local access and low privileges can exploit this flaw to execute arbitrary code, escalate privileges, disclose sensitive information, and tamper with data. The vulnerability has a CVSS score of 7.8 and affects all versions of NVIDIA Megatron LM based on available CPE data. | HIGH | 7.8 | 0.3% | 39 |
No patch
|
| CVE-2025-23304 | NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously crafted metadata. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available. | HIGH | 7.8 | 0.2% | 39 |
No patch
|
| CVE-2026-24157 | NVIDIA NeMo Framework contains a remote code execution vulnerability in its checkpoint loading mechanism caused by insecure deserialization (CWE-502). Attackers with local access and low privileges can exploit this to achieve code execution, privilege escalation, information disclosure, and data tampering with high impact on confidentiality, integrity, and availability. According to SSVC framework, there is currently no observed exploitation in the wild, though the technical impact is rated as total. | HIGH | 7.8 | 0.1% | 39 |
|
| CVE-2026-24159 | NVIDIA NeMo Framework contains an insecure deserialization vulnerability (CWE-502) that allows authenticated local attackers to execute arbitrary code. The vulnerability affects NVIDIA NeMo Framework installations and can lead to code execution, privilege escalation, information disclosure, and data tampering. According to CISA's SSVC framework, there is currently no evidence of active exploitation in the wild, and the attack is not automatable, though technical impact is rated as total. | HIGH | 7.8 | 0.1% | 39 |
|
| CVE-2025-33248 | NVIDIA Megatron-LM contains a critical unsafe deserialization vulnerability (CWE-502) in its hybrid conversion script that allows remote code execution when a user loads a maliciously crafted file. The vulnerability affects NVIDIA Megatron-LM installations and enables attackers to execute arbitrary code, escalate privileges, disclose sensitive information, and tamper with data. With a CVSS score of 7.8 and local attack vector requiring low privileges and no user interaction, this represents a significant risk for organizations using this large language model training framework. | HIGH | 7.8 | 0.1% | 39 |
No patch
|
| CVE-2026-24150 | NVIDIA Megatron-LM contains an unsafe deserialization vulnerability (CWE-502) in its checkpoint loading functionality that allows remote code execution when a user is tricked into loading a maliciously crafted checkpoint file. The vulnerability affects NVIDIA Megatron-LM installations and can lead to code execution, privilege escalation, information disclosure, and data tampering with a CVSS score of 7.8. There is no current indication of active exploitation in CISA's KEV catalog, and EPSS data was not provided in the intelligence sources. | HIGH | 7.8 | 0.1% | 39 |
No patch
|