CVE-2025-6051

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the normalizenumbers method of the EnglishNormalizer class. This vulnerability affects versions up to 4.52.4 and is fixed in version 4.53.0. The issue arises fro...

PT-2025-37422

Name of the Vulnerable Software and Affected Versions: Hugging Face Transformers versions up to 4.52.4 Description: A Regular Expression Denial of Service ReDoS vulnerability exists in the normalize numbers method of the EnglishNormalizer class. This issue arises from the method's handling of...

PT-2025-37307

Name of the Vulnerable Software and Affected Versions: Hugging Face Transformers versions prior to 4.53.0 Description: A Regular Expression Denial of Service ReDoS vulnerability exists in the Hugging Face Transformers library, specifically affecting the remove language code method within the...

CVE-2025-5197 Regular Expression Denial of Service (ReDoS) in huggingface/transformers

A Regular Expression Denial of Service ReDoS vulnerability exists in the Hugging Face Transformers library, specifically in the converttfweightnametoptweightname function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern /^/^// that can be...