Base Container for building VSS engine from source
Build a Video Search and Summarization Agent Ingest massive volumes of live or archived videos and extract insights for summarization and interactive Q&A
For VSS deployment instructions, please check: NVIDIA Blueprint VSS Helm Chart
Deployment Note
The Video Search and Summarization Blueprint is shared as reference and is provided "as is". The security in the production environment is the responsibility of the end users deploying it. When deploying in a production environment, please have security experts review any potential risks and threats; define the trust boundaries, implement logging and monitoring capabilities, secure the communication channels, integrate AuthN & AuthZ with appropriate access controls, keep the deployment up to date, ensure the containers/source code are secure and free of known vulnerabilities. The end users are also responsible for ensuring integrity and authenticity of the models and containers.
Known CVEs
VSS Engine 2.4.1 Container has the following known CVEs:
| CVE | Description |
|---|---|
| GHSA-58pv-8j8x-9vj2 | This impacts jaraco.context < 6.1.0 python package. This does not affect VSS since it does not install user provided python packages. |
| CVE-2025-69223 | This impacts aiohttp < 3.13.3 python package. This does not affect VSS since it gets included as a private package inside ray and ray is not used by VSS. |
| GHSA-f83h-ghpp-7wcc | This impacts pdfminer.six < 20251230 python package. This does not affect VSS since it does not implement PDF parsing. |
| CVE-2025-68973 | This impacts gnupg < 2.4.8. This does not affect VSS since it does not implement GPG encryption. |
| GHSA-mcmc-2m55-j8jj GHSA-mrw7-hf4f-83pf CVE-2025-62372 | This impacts vLLM < 0.11.1 python package. This does not affect VSS since it does not support user provided embeddings. |
| CVE-2026-21441 | This affects urllib3 < 2.6.3 python package. This does not affect VSS since it does not access user provided URLs at runtime. |
| CVE-2025-3887 | This impacts GStreamer H.265 codec parser, Malicious malformed streams can cause stack overflow in H.265 codec parser causing the application to crash. Users must take care that malicious H.265 streams are not added to VSS. This can be remedied by building and installing the GStreamer1.24.2 codec parser library after applying the patch mentioned in https://gstreamer.freedesktop.org/security/sa-2025-0001.html. |
| GHSA-rcfx-77hg-w2wv | This impacts fastmcp < 2.14.0 python package. This does not affect VSS since it already used an updated version of MCP SDK. |
VSS Engine 2.4.0 Container (previous version) has the following known CVEs:
| CVE | Description |
|---|---|
| CVE-2024-8966 | This impacts gradio <= 5.22.0 python package, This impacts the file upload functionality of Gradio UI where an attacker can cause Denial-of-Service (DoS) attack by appending a large number of characters to the end of a multipart boundary. This does not affect VSS since the underlying root cause is already fixed by having a newer version 0.0.18 of python-multipart which does not have this vulnerability. |
| CVE-2025-4565 | This impacts protobuf < 4.25.8 python package, This impacts parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags leading to unbounded recursions and potential Denial-of-Service when protobuf pure-Python backend is used. This does not affect VSS since python backend of protobuf is not used. |
| CVE-2025-3887 | This impacts GStreamer H.265 codec parser, Malicious malformed streams can cause stack overflow in H.265 codec parser causing the application to crash. Users must take care that malicious H.265 streams are not added to VSS. This can be remedied by building and installing the GStreamer1.24.2 codec parser library after applying the patch mentioned in https://gstreamer.freedesktop.org/security/sa-2025-0001.html. |
Third-party Open Source Code
Link to third-party open source code in VSS container
GOVERNING TERMS
This blueprint is governed by the NVIDIA Software License Agreement and Product-Specific Terms for NVIDIA AI Products and enables use of separate open source and proprietary software and models governed by their respective licenses: NVIDIA Cosmos-Reason2-8B, NVIDIA Cosmos Reason 1-7B, ReIdentificationNet, Grounding Dino, Facebook Research SAM2, Llama 3.1 70B Instruct NIM, NVIDIA Retrieval QA Llama 3.2 1B Reranking v2 NIM, and NVIDIA Retrieval QA Llama 3.2 1B Embedding v2 NIM. Use of the sample data is governed by the NVIDIA Sample Data License. ADDITIONAL INFORMATION: Apache 2.0 for SAM2. Llama 3.1 Community License Agreement and Llama 3.2 Community License Agreement. Built with Llama.