DepKeep

OSS Support Hub / Machine Learning

Python Machine Learning Apache-2.0 Latest: v1.4.39

BentoML

Build, ship, and scale AI applications — unified model serving framework for any framework

PyPIGitHub
Health Metrics

Project Health at a Glance

Live data from GitHub and PyPI, updated daily.

8.6K
GitHub Stars
📦
v1.4.39
Latest Release · 8 days ago
🔄
18d
Avg. Release Cadence
🐛
145
Open Issues
📅
8 days ago
Last Commit
🔒
10
Active CVEs

Data last fetched: 2026-05-15

Security

Known Vulnerabilities

10 active CVEs reported via OSV.dev

GHSA-33xw-247w-6hmc CVSS_V3

BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization

Published: 2025-04-04 Fixed in: 1.4.3
GHSA-564p-rx2q-4c8v CVSS_V3

BentoML Open Redirect vulnerability

Published: 2025-03-20 No fix available
GHSA-6r62-w2q3-48hf CVSS_V3

BentoML has a Path Traversal via Bentofile Configuration

Published: 2026-01-26 Fixed in: 1.4.34
GHSA-78f9-r8mh-4xm2 CVSS_V3

BentoML Dockerfile command injection via docker.base_image (sister of pending GHSA-w2pm-x38x-jp44 / CVE-2026-33744 / CVE-2026-35043)

Published: 2026-05-11 Fixed in: 1.4.39
GHSA-7v4r-c989-xh26 CVSS_V3

BentoML's runner server Vulnerable to Remote Code Execution (RCE) via Insecure Deserialization

Published: 2025-04-09 Fixed in: 1.4.8
GHSA-9g44-gwvm-hc44 CVSS_V3

BentoML deserialization vulnerability

Published: 2025-03-20 No fix available
GHSA-fgv4-6jr3-jgfw CVSS_V3

BentoML: Command Injection in cloud deployment setup script

Published: 2026-04-03 Fixed in: 1.4.38
GHSA-hh3j-9m59-p8vc CVSS_V3

BentoML vulnerable to Uncontrolled Resource Consumption

Published: 2025-03-20 No fix available
GHSA-hvj5-mvw9-93j3 CVSS_V3

Insecure deserialization in BentoML

Published: 2024-04-16 Fixed in: 1.2.5
GHSA-hw8j-hw49-752c CVSS_V3

BentoML Denial of Service (DoS) via Multipart Boundary

Published: 2025-03-20 No fix available
Ecosystem

Alternatives to BentoML

Other Machine Learning projects in the Python ecosystem worth evaluating.

torchserve triton ray-serve
Get Help

Support Options for BentoML

Enterprise Support via DepKeep

Get SLA-backed support, security patches, and direct access to senior engineers for BentoML — without relying on volunteer maintainers.

Talk to an Expert →

Community Channels

GitHub Discussions →Slack →Stack Overflow →