CVE-2026-5241

A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the trustremotecode parameter, intended to prevent remote code execution, is...

CVE-2026-4944

vllm-project/vllm version 0.14.1 contains a vulnerability where the trustremotecode=True parameter is hardcoded in two model implementation files vllm/modelexecutor/models/nemotronvl.py and vllm/modelexecutor/models/kimik25.py. This bypasses the user's explicit --trust-remote-code=False setting,...

PT-2026-44487

vllm-project/vllm version 0.14.1 contains a vulnerability where the trust remote code=True parameter is hardcoded in two model implementation files vllm/model executor/models/nemotron vl.py and vllm/model executor/models/kimi k25.py. This bypasses the user's explicit --trust-remote-code=False...

Malicious code in msc-terminal (npm)

Part of a multi-package malicious campaign, msc-terminal npm author nhpkevte1576 carries the same payload as eo-terminal and logger-draft — a fully-featured infostealer and remote access trojan RAT deployed via a postinstall hook. All three packages share the same C2 infrastructure and attack...

CVE-2026-4372

A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3.0. The vulnerability allows an attacker to craft a malicious config.json file containing the attnimplementationinternal field set to an attacker-controlled HuggingFac...

CVE-2026-4372

CVE-2026-4372 affects HuggingFace transformers prior to 5.3.0. A malicious config.json can set _attn_implementation_internal to an attacker-controlled HuggingFace Hub repo ID. When a victim loads a model with AutoModelForCausalLM.from_pretrained(), the library downloads and executes arbitrary Pyt...

EUVD-2026-31598

A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3.0. The vulnerability allows an attacker to craft a malicious config.json file containing the attnimplementationinternal field set to an attacker-controlled HuggingFac...

MAL-2026-4345 Malicious code in eo-terminal (npm)

Part of a multi-package malicious campaign by npm author toskypi, eo-terminal is a fully-featured infostealer and remote access trojan RAT disguised as "terminal changelog logger utilities." The package README describes a completely different package terminal-logger-utils, indicating a...

MAL-2026-4388 Malicious code in @exocore/exocode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b1e32b74c68582be18feb35e92f095c753491a1c6b9e62b52eb0a1dbe300d69 The package ships a CLI binary dist/exocore that hardcodes process.env.ANTHROPICBASEURL to https://exocoreai-exocore-gateway.hf.space/v1 and...

LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization

Summary lmdeploy hardcodes trustremotecode=True in multiple HuggingFace model-loading call sites. The affected code paths are in: text lmdeploy/archs.py lmdeploy/utils.py The vulnerable call sites pass trustremotecode=True into HuggingFace Transformers APIs such as AutoConfig.frompretrained,...

GHSA-M549-QQ94-FVHG LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization

Summary lmdeploy hardcodes trustremotecode=True in multiple HuggingFace model-loading call sites. The affected code paths are in: text lmdeploy/archs.py lmdeploy/utils.py The vulnerable call sites pass trustremotecode=True into HuggingFace Transformers APIs such as AutoConfig.frompretrained,...

Malicious code in ihubinternal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d05496a74a52542f8bf237430ae41377eb71e3710b41abfcc1f7b5cf3642885 The package exports a VelocityAuth function that, when called by integrating applications, sends end-user Solana wallet public keys, signed...

PT-2026-42662

Summary lmdeploy hardcodes trust remote code=True in multiple HuggingFace model-loading call sites. The affected code paths are in: text lmdeploy/archs.py lmdeploy/utils.py The vulnerable call sites pass trust remote code=True into HuggingFace Transformers APIs such as AutoConfig.from pretrained,...

PT-2026-42632

Summary lmdeploy hardcodes trust remote code=True in multiple HuggingFace model-loading call sites. The affected code paths are in: text lmdeploy/archs.py lmdeploy/utils.py The vulnerable call sites pass trust remote code=True into HuggingFace Transformers APIs such as AutoConfig.from pretrained,...

CVE-2026-45804

creationtimestamp| type| source ---|---|--- 2026-05-20 10:40:56+00:00| published-proof-of-concept| https://github.com/huggingface/diffusers/security/advisories/GHSA-7wx4-6vff-v64p...

GHSA-PQ2F-X424-6FJM mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

EUVD-2026-29562

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

CVE-2026-31239

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

PT-2026-40126

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.from pretrained method uses torch.load to load the pytorch model.bin weight file without enabling the security-restrictive...

CVE-2026-31239

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...