CVE-2026-1839

A flaw was found in HuggingFace Transformers. A remote attacker can exploit this vulnerability by supplying a specially crafted checkpoint file e.g., rngstate.pth. The loadrngstate method in the Trainer class loads this file using torch.load without proper validation, specifically missing the...

AZL-35148 CVE-2024-27319 affecting package pytorch for versions less than 2.2.2-1

Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNXASSERT and ONNXASSERTM functions have an off by one string copy...