EUVD-2025-21126

Malicious code in bioql PyPI...

Regular Expression Denial Of Service (ReDoS)

Transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to the use of a vulnerable regex pattern in the DonutProcessor.token2json method, which allows an attacker to craft malicious input causing excessive CPU consumption through catastrophic backtrackin...

Transformers is vulnerable to ReDoS attack through its DonutProcessor class

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's token2json method. This vulnerability affects versions 4.51.3 and earlier, and is fixed in version 4.52.1. The issue arises from the...

CVE-2025-3933

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's token2json method. This vulnerability affects versions 4.50.3 and earlier, and is fixed in version 4.52.1. The issue arises from the...

CVE-2025-3933

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's token2json method. This vulnerability affects versions 4.50.3 and earlier, and is fixed in version 4.52.1. The issue arises from the...

CVE-2025-3933 Regular Expression Denial of Service (ReDoS) in huggingface/transformers

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's token2json method. This vulnerability affects versions 4.50.3 and earlier, and is fixed in version 4.52.1. The issue arises from the...

CVE-2025-3933 Regular Expression Denial of Service (ReDoS) in huggingface/transformers

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's token2json method. This vulnerability affects versions 4.50.3 and earlier, and is fixed in version 4.52.1. The issue arises from the...

Hugging Face Transformers 安全漏洞

Hugging Face Transformers is Hugging Face's open source advanced natural language processing for Jax, PyTorch and TensorFlow. A security vulnerability exists in Hugging Face Transformers version 4.50.3 and earlier, which stems from a regular expression denial of service in the token2json method o...

PT-2025-29223 · Hugging Face · Huggingface/Transformers

Name of the Vulnerable Software and Affected Versions: Hugging Face Transformers versions 4.50.3 and earlier Hugging Face Transformers version 4.52.1 Description: A Regular Expression Denial of Service ReDoS vulnerability exists in the Hugging Face Transformers library, specifically within the...

Regular expression Denial of Service - ReDoS in huggingface/transformers

Description A regular expression denial of service ReDoS vulnerability has been identified in the Hugging Face Transformers library's Donut processor. The vulnerability exists in the token2json method of the DonutProcessor class, which processes document tokens into JSON format. The regex pattern...