83 matches found
CVE-2025-6921 Regular Expression Denial of Service (ReDoS) in huggingface/transformers
The huggingface/transformers library, versions prior to 4.53.0, is vulnerable to Regular Expression Denial of Service ReDoS in the AdamWeightDecay optimizer. The vulnerability arises from the douseweightdecay method, which processes user-controlled regular expressions in the includeinweightdecay...
CVE-2025-6921 Regular Expression Denial of Service (ReDoS) in huggingface/transformers
The huggingface/transformers library, versions prior to 4.53.0, is vulnerable to Regular Expression Denial of Service ReDoS in the AdamWeightDecay optimizer. The vulnerability arises from the douseweightdecay method, which processes user-controlled regular expressions in the includeinweightdecay...
Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses vulnerable huggingface/transformers library.
Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses vulnerable huggingface/transformers library. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-1194 DESCRIPTION: A Regular Expression Denial of...
PT-2025-39174
Name of the Vulnerable Software and Affected Versions huggingface/transformers versions prior to 4.53.0 Description The software is susceptible to a Regular Expression Denial of Service ReDoS within the AdamWeightDecay optimizer. The issue stems from the do use weight decay method, which handles...
CVE-2025-6051 Regular Expression Denial of Service (ReDoS) in huggingface/transformers
A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the normalizenumbers method of the EnglishNormalizer class. This vulnerability affects versions up to 4.52.4 and is fixed in version 4.53.0. The issue arises fro...
CVE-2025-6638 Regular Expression Denial of Service (ReDoS) in huggingface/transformers
A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically affecting the MarianTokenizer's removelanguagecode method. This vulnerability is present in version 4.52.4 and has been fixed in version 4.53.0. The issue arises from...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to transformers-4.48.0-py3-none-any.whl CVE-2025-2099
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to transformers-4.48.0-py3-none-any.whl CVE-2025-2099. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-2099 DESCRIPTION: A vulnerability in the preprocessstring...
GHSA-489J-G2VX-39WF Transformers vulnerable to ReDoS attack through its SETTING_RE variable
A Regular Expression Denial of Service ReDoS vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular expression complexity in the SETTINGRE variable within the transformers/commands/chat.py file. The...
Transformers vulnerable to ReDoS attack through its SETTING_RE variable
A Regular Expression Denial of Service ReDoS vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular expression complexity in the SETTINGRE variable within the transformers/commands/chat.py file. The...
CVE-2025-3262
A Regular Expression Denial of Service ReDoS vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular expression complexity in the SETTINGRE variable within the transformers/commands/chat.py file. The...
CVE-2025-3262
A Regular Expression Denial of Service ReDoS vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular expression complexity in the SETTINGRE variable within the transformers/commands/chat.py file. The...
CVE-2025-3264 Regular Expression Denial of Service (ReDoS) in huggingface/transformers
A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically in the getimports function within dynamicmoduleutils.py. This vulnerability affects versions 4.49.0 and is fixed in version 4.51.0. The issue arises from a regular...
CVE-2025-3262
CVE-2025-3262 — Hugging Face Transformers ReDoS : In version 4.49.0 of the transformers repository, the regex in SETTING_RE within transformers/commands/chat.py enables exponential backtracking under crafted inputs, causing denial-of-service (DoS) risk. The issue is fixed in version 4.51.0. Remed...
CVE-2025-3262 Regular Expression Denial of Service (ReDoS) in huggingface/transformers
A Regular Expression Denial of Service ReDoS vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular expression complexity in the SETTINGRE variable within the transformers/commands/chat.py file. The...
CVE-2025-3262 Regular Expression Denial of Service (ReDoS) in huggingface/transformers
A Regular Expression Denial of Service ReDoS vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular expression complexity in the SETTINGRE variable within the transformers/commands/chat.py file. The...
PT-2025-28150 · Hugging Face · Transformers
Name of the Vulnerable Software and Affected Versions: huggingface/transformers version 4.49.0 Description: A Regular Expression Denial of Service ReDoS vulnerability was discovered in the huggingface/transformers repository. The vulnerability is due to inefficient regular expression complexity i...
CVE-2023-2800
Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0...
CVE-2025-2099
A vulnerability in the preprocessstring function of the transformers.testingutils module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service ReDoS attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leadin...
PYSEC-2025-40
A vulnerability in the preprocessstring function of the transformers.testingutils module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service ReDoS attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leadin...
CVE-2025-2099
A vulnerability in the preprocessstring function of the transformers.testingutils module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service ReDoS attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leadin...