Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

38 matches found

Github Security Blog
Github Security Blogadded 2026/05/20 3:31 p.m.6 views

Diffusers: TOCTOU Trust Remote Code Bypass

Background This vulnerability is found in the diffusers package - the transformers-equivalent library for diffusion models. It is found in the DiffusionPipeline.frompretrained flow, which is used to load a pipeline from the HuggingFace Hub. This function has a trustremotecode guard: if the...

6.4AI score
Exploits0References2Affected Software1
OSV
OSVadded 2026/05/20 3:31 p.m.3 views

GHSA-7WX4-6VFF-V64P Diffusers: TOCTOU Trust Remote Code Bypass

Background This vulnerability is found in the diffusers package - the transformers-equivalent library for diffusion models. It is found in the DiffusionPipeline.frompretrained flow, which is used to load a pipeline from the HuggingFace Hub. This function has a trustremotecode guard: if the...

7.5CVSS6.4AI score
Exploits0References2
Snyk
Snykadded 2026/05/20 3:31 p.m.9 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview diffusers is a State-of-the-art diffusion in PyTorch and JAX. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the frompretrained flow. An attacker can execute arbitrary code by exploiting a race condition between two repository fetch...

7.5CVSS6.2AI score
Exploits0References2
Circl
Circladded 2026/05/20 10:40 a.m.2 views

CVE-2026-45804

creationtimestamp| type| source ---|---|--- 2026-05-20 10:40:56+00:00| published-proof-of-concept| https://github.com/huggingface/diffusers/security/advisories/GHSA-7wx4-6vff-v64p...

5.8AI score
Exploits0References1
OSV
OSVadded 2026/05/14 5:16 p.m.5 views

PYSEC-2026-41

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trustremotecode=True safeguard when loading pipelines from Hugging Face Hub repositories. The resolvecustompipelineandcls function in pipelineloadingutils.py...

8.8CVSS6.5AI score0.0012EPSS
Exploits1References1
PyPA
PyPAadded 2026/05/14 5:16 p.m.9 views

PYSEC-2026-41

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trustremotecode=True safeguard when loading pipelines from Hugging Face Hub repositories. The resolvecustompipelineandcls function in pipelineloadingutils.py...

8.8CVSS6.5AI score0.0012EPSS
Exploits1References1Affected Software1
NVD
NVDadded 2026/05/14 5:16 p.m.8 views

CVE-2026-44827

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trustremotecode=True safeguard when loading pipelines from Hugging Face Hub repositories. The resolvecustompipelineandcls function in pipelineloadingutils.py...

8.8CVSS0.0012EPSS
Exploits1References1
vulnersOsv
vulnersOsvadded 2026/05/14 5:16 p.m.6 views

aana (>=0.2.1 <=0.2.2), ace-step (=0.1.0) +227 more potentially affected by CVE-2026-44827 via diffusers (>=0.10.2 <=0.37.1)

diffusers PYPI version =0.10.2, =0.2.1, =1.8.20, =1.9.0, =0.0.0, =0.2.2, =0.0.2, =0.0.0, =0.1.0, =0.6.37, =0.0.4, =0.1.0, =0.1.0, =0.5.0 and more Source cves: CVE-2026-44827 Source advisory: OSV:PYSEC-2026-41...

8.8CVSS5.8AI score0.0012EPSS
Exploits1
vulnersOsv
vulnersOsvadded 2026/05/14 5:16 p.m.4 views

aana (>=0.2.1 <=0.2.2), ace-step (=0.1.0) +227 more potentially affected by CVE-2026-44513 via diffusers (>=0.10.2 <=0.37.1)

diffusers PYPI version =0.10.2, =0.2.1, =1.8.20, =1.9.0, =0.0.0, =0.2.2, =0.0.2, =0.0.0, =0.1.0, =0.6.37, =0.0.4, =0.1.0, =0.1.0, =0.5.0 and more Source cves: CVE-2026-44513 Source advisory: OSV:PYSEC-2026-40...

8.8CVSS5.8AI score0.00041EPSS
Exploits1
NVD
NVDadded 2026/05/14 5:16 p.m.7 views

CVE-2026-44513

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variant...

8.8CVSS0.00041EPSS
Exploits1References1
PyPA
PyPAadded 2026/05/14 5:16 p.m.8 views

PYSEC-2026-40

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variant...

8.8CVSS6.5AI score0.00041EPSS
Exploits1References1Affected Software1
OSV
OSVadded 2026/05/14 5:16 p.m.6 views

PYSEC-2026-40

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variant...

8.8CVSS6.5AI score0.00041EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/05/14 4:33 p.m.3 views

CVE-2026-44827

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trustremotecode=True safeguard when loading pipelines from Hugging Face Hub repositories. The resolvecustompipelineandcls function in pipelineloadingutils.py...

8.8CVSS6.5AI score0.0012EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2026/05/14 4:33 p.m.9 views

CVE-2026-44827

Diffusers prior to 0.38.0 is vulnerable to silent remote code execution when loading pipelines from Hugging Face Hub without trust_remote_code. If custom_pipeline is not supplied, _resolve_custom_pipeline_and_cls formats None as None.py; a repository containing a None.py with a subclass of Diffus...

8.8CVSS6.5AI score0.0012EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2026/05/14 4:33 p.m.31 views

CVE-2026-44827 Diffusers: None.py Trust Remote Code Bypass

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trustremotecode=True safeguard when loading pipelines from Hugging Face Hub repositories. The resolvecustompipelineandcls function in pipelineloadingutils.py...

8.8CVSS0.0012EPSS
Exploits1References1
EUVD
EUVDadded 2026/05/14 4:33 p.m.4 views

EUVD-2026-30332

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trustremotecode=True safeguard when loading pipelines from Hugging Face Hub repositories. The resolvecustompipelineandcls function in pipelineloadingutils.py...

8.8CVSS6.5AI score0.0012EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/05/14 4:33 p.m.6 views

CVE-2026-44827 Diffusers: None.py Trust Remote Code Bypass

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trustremotecode=True safeguard when loading pipelines from Hugging Face Hub repositories. The resolvecustompipelineandcls function in pipelineloadingutils.py...

8.8CVSS6.5AI score0.0012EPSS
Exploits1References1
EUVD
EUVDadded 2026/05/14 4:26 p.m.7 views

EUVD-2026-30334

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variant...

8.8CVSS6.5AI score0.00041EPSS
Exploits1References1
CVE
CVEadded 2026/05/14 4:26 p.m.7 views

CVE-2026-44513

Diffusers 0.38.0 fixes a trust_remote_code bypass in DiffusionPipeline.from_pretrained that allowed arbitrary remote code execution when using custom_pipeline or local snapshots. Root cause: the security gate was checked inside DiffusionPipeline.download(), but some code paths bypassed download()...

8.8CVSS6.5AI score0.00041EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/14 4:26 p.m.3 views

CVE-2026-44513 Diffusers: `trust_remote_code` bypass via `custom_pipeline` and local custom components

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variant...

8.8CVSS6.5AI score0.00041EPSS
Exploits1References1
Rows per page
Query Builder