195 matches found
PYSEC-2023-300
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...
PYSEC-2023-300
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...
CVE-2023-6730
The CVE-2023-6730 issue affects the Hugging Face transformers library and is caused by deserialization of untrusted data in the package prior to version 4.36. Specifically, untrusted input could be deserialized during normal operation of transformers, leading to potential impact as described in t...
CVE-2023-6730 Deserialization of Untrusted Data in huggingface/transformers
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...
PT-2023-32753
Name of the Vulnerable Software and Affected Versions huggingface/transformers versions prior to 4.36.0 Description The issue is related to the deserialization of untrusted data in the huggingface/transformers GitHub repository. Recommendations For versions prior to 4.36.0, update to version 4.36...
transformers has Insecure Temporary File
Insecure Temporary File in GitHub repository huggingface/transformers 4.29.2 and prior. A fix is available at commit 80ca92470938bbcc348e2d9cf4734c7c25cb1c43 and has been released as part of version 4.30.0...
GHSA-282V-666C-3FVG transformers has Insecure Temporary File
Insecure Temporary File in GitHub repository huggingface/transformers 4.29.2 and prior. A fix is available at commit 80ca92470938bbcc348e2d9cf4734c7c25cb1c43 and has been released as part of version 4.30.0...
CVE-2023-2800
Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0...
CVE-2023-2800
Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0...
PYSEC-2023-299
Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0...
PYSEC-2023-299
Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0...
CVE-2023-2800 Insecure Temporary File in huggingface/transformers
Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0...
CVE-2023-2800 Insecure Temporary File in huggingface/transformers
Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0...
CVE-2023-2800 Insecure Temporary File in huggingface/transformers
Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0...
CVE-2023-2800
CVE-2023-2800 affects Hugging Face Transformers (prior to 4.30.0). Insecure temporary file creation via tempfile.mktemp() could enable local denial of service. The IBM/IBM Cloud Pak bulletin and GH advisories confirm the workaround: upgrade Transformers to 4.30.0 or newer.