83 matches found
CVE-2025-2099 Regular Expression Denial of Service (ReDoS) in huggingface/transformers
A vulnerability in the preprocessstring function of the transformers.testingutils module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service ReDoS attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leadin...
CVE-2025-2099 Regular Expression Denial of Service (ReDoS) in huggingface/transformers
A vulnerability in the preprocessstring function of the transformers.testingutils module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service ReDoS attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leadin...
CVE-2025-2099
CVE-2025-2099 describes a ReDoS in huggingface/transformers v4.48.3 due to a nested-quantifier regex in preprocess_string() within transformers.testing_utils. The issue causes exponential backtracking on input with many newlines, leading to high CPU usage and potential DoS. Connected documents co...
CVE-2025-1194
A Regular Expression Denial of Service ReDoS vulnerability was identified in the huggingface/transformers library, specifically in the file tokenizationgptneoxjapanese.py of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where regular expressions...
GHSA-FPWR-67PX-3QHX Transformers Regular Expression Denial of Service (ReDoS) vulnerability
A Regular Expression Denial of Service ReDoS vulnerability was identified in the huggingface/transformers library, specifically in the file tokenizationgptneoxjapanese.py of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where regular expressions...
CVE-2025-1194
A Regular Expression Denial of Service ReDoS vulnerability was identified in the huggingface/transformers library, specifically in the file tokenizationgptneoxjapanese.py of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where regular expressions...
CVE-2025-1194
A Regular Expression Denial of Service ReDoS vulnerability was identified in the huggingface/transformers library, specifically in the file tokenizationgptneoxjapanese.py of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where regular expressions...
CVE-2025-1194 Regular Expression Denial of Service (ReDoS) in huggingface/transformers
A Regular Expression Denial of Service ReDoS vulnerability was identified in the huggingface/transformers library, specifically in the file tokenizationgptneoxjapanese.py of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where regular expressions...
CVE-2025-1194 Regular Expression Denial of Service (ReDoS) in huggingface/transformers
A Regular Expression Denial of Service ReDoS vulnerability was identified in the huggingface/transformers library, specifically in the file tokenizationgptneoxjapanese.py of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where regular expressions...
CVE-2025-1194
CVE-2025-1194 – ReDoS in HuggingFace Transformers (GPT-NeoX-Japanese SubWordJapaneseTokenizer) The CVE describes a Regular Expression Denial of Service in the HuggingFace transformers package, specifically in tokenization_gpt_neox_japanese.py (GPT-NeoX-Japanese model). The vulnerability arises fr...
CVE-2024-12720
A Regular Expression Denial of Service ReDoS vulnerability was identified in the huggingface/transformers library, specifically in the file tokenizationnougatfast.py. The vulnerability occurs in the postprocesssingle function, where a regular expression processes specially crafted input. The issu...
GHSA-6RVG-6V2M-4J46 Transformers Regular Expression Denial of Service (ReDoS) vulnerability
A Regular Expression Denial of Service ReDoS vulnerability was identified in the huggingface/transformers library, specifically in the file tokenizationnougatfast.py. The vulnerability occurs in the postprocesssingle function, where a regular expression processes specially crafted input. The issu...
Transformers Regular Expression Denial of Service (ReDoS) vulnerability
A Regular Expression Denial of Service ReDoS vulnerability was identified in the huggingface/transformers library, specifically in the file tokenizationnougatfast.py. The vulnerability occurs in the postprocesssingle function, where a regular expression processes specially crafted input. The issu...
CVE-2024-12720
A Regular Expression Denial of Service ReDoS vulnerability was identified in the huggingface/transformers library, specifically in the file tokenizationnougatfast.py. The vulnerability occurs in the postprocesssingle function, where a regular expression processes specially crafted input. The issu...
CVE-2024-12720
A Regular Expression Denial of Service ReDoS vulnerability was identified in the huggingface/transformers library, specifically in the file tokenizationnougatfast.py. The vulnerability occurs in the postprocesssingle function, where a regular expression processes specially crafted input. The issu...
CVE-2024-12720 Regular Expression Denial of Service (ReDoS) in huggingface/transformers
A Regular Expression Denial of Service ReDoS vulnerability was identified in the huggingface/transformers library, specifically in the file tokenizationnougatfast.py. The vulnerability occurs in the postprocesssingle function, where a regular expression processes specially crafted input. The issu...
CVE-2024-12720 Regular Expression Denial of Service (ReDoS) in huggingface/transformers
A Regular Expression Denial of Service ReDoS vulnerability was identified in the huggingface/transformers library, specifically in the file tokenizationnougatfast.py. The vulnerability occurs in the postprocesssingle function, where a regular expression processes specially crafted input. The issu...
CVE-2024-12720
CVE-2024-12720 affects Hugging Face Transformers, in particular the file tokenization_nougat_fast.py within the post_process_single() function. The issue is a RegEx that can exhibit exponential backtracking, leading to high CPU usage and potential DoS under crafted input. Affected version cited: ...
PT-2025-12141 · Hugging Face · Huggingface/Transformers
Name of the Vulnerable Software and Affected Versions: huggingface/transformers version v4.46.3 Description: A Regular Expression Denial of Service ReDoS issue was identified in the huggingface/transformers library, specifically in the file tokenization nougat fast.py. The issue occurs in the pos...
Transformers Deserialization of Untrusted Data vulnerability
The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadrepocheckpoint function of the TFPreTrainedModel class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting...