Lucene search
+L

5 matches found

Huntr
Huntr
added 2025/07/03 12:4 p.m.8 views

Dependacy chain attack through hijacking broken github repository at https://github.com/huggingface/transformers/blob/main/src/\ntransformers/models/fuyu/\nconvert_fuyu_model_weights_to_hf.py

Description Type: Dependency Chain Attack through hijacking broken github repository Risk: High Allows arbitrary code execution in model conversion workflows Affected Asset: https://github.com/adept-ai-labs/adept-inference Broken URL in Hugging Face Transformers Root Cause The Hugging Face...

6.5AI score
Exploits0
GithubExploit
GithubExploit
added 2025/07/01 3:36 p.m.214 views

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

About This Project This project was developed as part of the...

9.3CVSS9.5AI score0.47467EPSS
Exploits70
The Hacker News
The Hacker News
added 2023/01/02 2:27 p.m.23 views

PyTorch Machine Learning Framework Compromised with Malicious Dependency

The maintainers of the PyTorch package have warned users who have installed the nightly builds of the library between December 25, 2022, and December 30, 2022, to uninstall and download the latest versions following a dependency confusion attack. "PyTorch-nightly Linux packages installed via pip...

7AI score
Exploits0
Snyk
Snyk
added 2022/09/20 8:12 a.m.1 views

Malicious Package

Overview sparebank1 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2022/06/23 9:26 a.m.5 views

Malicious Package

Overview shared-ini-file-loader is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

9.8CVSS7AI score
Exploits0References3
Rows per page
Query Builder