2 matches found
3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1759 more potentially affected by CVE-2025-6638 via transformers (>=4.0.0 <=4.52.4)
transformers PYPI version =4.0.0, =0.0.4.80, =0.1.0, =0.1.1, =0.1.0, =0.0.3, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.0.1, =0.1.2 and more Source cves: CVE-2025-6638 Source advisory: SNYK:PYTHON-TRANSFORMERS-12668722...
CVE-2025-6638
CVE-2025-6638 affects Hugging Face Transformers, specifically MarianTokenizer.remove_language_code(). The vulnerability arises from inefficient regex processing that can be triggered by crafted input patterns, causing high CPU usage and potential DoS. Affected version: 4.52.4; fixed in 4.53.0. IB...