Lucene search
K

509 matches found

Snyk
Snyk
added 2025/12/23 9:50 p.m.2 views

Deserialization of Untrusted Data

Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the parsing of weights. An attacker can execute arbitrary code by tricking a user into visiting a malicious page o...

8.8CVSS7.9AI score0.00262EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/12/23 9:50 p.m.5 views

01os (=0.0.14), 3-04-2025-ttm (=0.1.0) +11444 more potentially affected by CVE-2025-14930 via transformers (>=2.10.0 <=5.9.0)

transformers PYPI version =2.10.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.1.0.dev1, =0.1.0, =0.10.11, =0.5.5, =0.0.4.80, =4.0.2 - aait-store-cut-part-001 =0.0.1 and more Source cves: CVE-2025-14930 Source advisory: SNYK:PYTHON-TRANSFORMERS-14563374...

7.8CVSS7AI score0.00262EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/12/23 9:50 p.m.6 views

01os (=0.0.14), 3-04-2025-ttm (=0.1.0) +11444 more potentially affected by CVE-2025-14926 via transformers (>=2.10.0 <=5.9.0)

transformers PYPI version =2.10.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.1.0.dev1, =0.1.0, =0.10.11, =0.5.5, =0.0.4.80, =4.0.2 - aait-store-cut-part-001 =0.0.1 and more Source cves: CVE-2025-14926 Source advisory: SNYK:PYTHON-TRANSFORMERS-14560695...

7.8CVSS7AI score0.00278EPSS
Exploits0
Snyk
Snyk
added 2025/12/23 9:50 p.m.3 views

Arbitrary Code Injection

Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Arbitrary Code Injection via the convertconfig function. An attacker can execute arbitrary code by supplying a crafted checkpoint file that is processed...

7.8CVSS7.9AI score0.00278EPSS
Exploits0References2
PyPA
PyPA
added 2025/12/23 9:15 p.m.50 views

PYSEC-2025-217

Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this...

7.8CVSS7.6AI score0.00315EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/12/23 9:15 p.m.5 views

CVE-2025-14928

Hugging Face Transformers HuBERT convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the...

7.8CVSS0.00278EPSS
Exploits0References1
NVD
NVD
added 2025/12/23 9:15 p.m.7 views

CVE-2025-14930

Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the...

7.8CVSS0.00262EPSS
Exploits0References1
NVD
NVD
added 2025/12/23 9:15 p.m.5 views

CVE-2025-14929

Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this...

7.8CVSS0.00315EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/12/23 9:15 p.m.6 views

01os (=0.0.14), 3-04-2025-ttm (=0.1.0) +3846 more potentially affected by CVE-2025-14929 via transformers (>=2.10.0 <=4.9.2)

transformers PYPI version =2.10.0, =0.10.11, =0.5.5, =0.0.4.80, =0.2.1, =0.1.0, =0.1.1, =1.3.8, =1.5.3 - acace-coherence-checker =0.1.0 - acace-compression-engine =0.1.0 - acace-semantic-analyzer =0.1.0 - acace-sentiment-analyzer =0.1.0 and more Source cves: CVE-2025-14929 Source advisory:...

7.8CVSS7AI score0.00315EPSS
Exploits0
OSV
OSV
added 2025/12/23 9:15 p.m.7 views

PYSEC-2025-216

Hugging Face Transformers HuBERT convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the...

7.8CVSS7.6AI score0.00278EPSS
Exploits0References1
OSV
OSV
added 2025/12/23 9:15 p.m.4 views

PYSEC-2025-218

Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the...

7.8CVSS7.6AI score0.00262EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/12/23 9:15 p.m.5 views

3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +2063 more potentially affected by CVE-2025-14930 via transformers (>=2.10.0 <=4.57.1)

transformers PYPI version =2.10.0, =0.0.4.80, =0.1.0, =0.1.1, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.2.11 and more Source cves: CVE-2025-14930 Source advisory: OSV:PYSEC-2025-218...

7.8CVSS7AI score0.00262EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/12/23 9:15 p.m.6 views

3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +2034 more potentially affected by CVE-2025-14928 via transformers (>=2.10.0 <=4.57.0)

transformers PYPI version =2.10.0, =0.0.4.80, =0.1.0, =0.1.1, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.2.11 and more Source cves: CVE-2025-14928 Source advisory: OSV:PYSEC-2025-216...

7.8CVSS7AI score0.00278EPSS
Exploits0
OSV
OSV
added 2025/12/23 9:15 p.m.7 views

PYSEC-2025-217

Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this...

7.8CVSS7.6AI score0.00315EPSS
Exploits0References1
PyPA
PyPA
added 2025/12/23 9:15 p.m.9 views

PYSEC-2025-216

Hugging Face Transformers HuBERT convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the...

7.8CVSS7.6AI score0.00278EPSS
Exploits0References1Affected Software1
PyPA
PyPA
added 2025/12/23 9:15 p.m.16 views

PYSEC-2025-218

Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the...

7.8CVSS7.6AI score0.00262EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/12/23 9:15 p.m.8 views

CVE-2025-14926

Hugging Face Transformers SEW convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the targe...

7.8CVSS0.00278EPSS
Exploits0References1
NVD
NVD
added 2025/12/23 9:15 p.m.4 views

CVE-2025-14921

Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this...

7.8CVSS0.00262EPSS
Exploits0References1
NVD
NVD
added 2025/12/23 9:15 p.m.7 views

CVE-2025-14920

Hugging Face Transformers Perceiver Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability ...

7.8CVSS0.00262EPSS
Exploits0References1
NVD
NVD
added 2025/12/23 9:15 p.m.4 views

CVE-2025-14924

Hugging Face Transformers megatrongpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in...

7.8CVSS0.00262EPSS
Exploits0References1
Rows per page
Query Builder