Lucene search
K

223 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 1:22 p.m.11 views

Malicious code in ihubinternal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d05496a74a52542f8bf237430ae41377eb71e3710b41abfcc1f7b5cf3642885 The package exports a VelocityAuth function that, when called by integrating applications, sends end-user Solana wallet public keys, signed...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.22 views

PT-2026-42662

Name of the Vulnerable Software and Affected Versions LMDeploy versions 0.12.3 and earlier Description LMDeploy is a toolkit for compressing, deploying, and serving large language models. The software hardcodes trust remote code=True in multiple HuggingFace model-loading call sites, specifically...

7.8CVSS6.2AI score0.00142EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.21 views

PT-2026-42632

Summary lmdeploy hardcodes trust remote code=True in multiple HuggingFace model-loading call sites. The affected code paths are in: text lmdeploy/archs.py lmdeploy/utils.py The vulnerable call sites pass trust remote code=True into HuggingFace Transformers APIs such as AutoConfig.from pretrained,...

7.8CVSS6.7AI score
Exploits0References4
Circl
Circl
added 2026/05/20 10:40 a.m.11 views

CVE-2026-45804

creationtimestamp| type| source ---|---|--- 2026-05-20 10:40:56+00:00| published-proof-of-concept| https://github.com/huggingface/diffusers/security/advisories/GHSA-7wx4-6vff-v64p...

5.8AI score0.00048EPSS
Exploits0References1
OSV
OSV
added 2026/05/12 6:30 p.m.8 views

GHSA-PQ2F-X424-6FJM mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

9.8CVSS6.1AI score0.00409EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/12 6:30 p.m.8 views

EUVD-2026-29562

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

6.1AI score0.00409EPSS
Exploits0References3
NVD
NVD
added 2026/05/12 6:16 p.m.11 views

CVE-2026-31239

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

9.8CVSS0.00409EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 12:0 a.m.19 views

CVE-2026-31239

The CVE-2026-31239 entry concerns the Mamba language model framework up to version 2.2.6. The issue is insecure deserialization (CWE-502) when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.from_pretrained() method uses torch.load() to load the pytorch_model.bin weight file...

9.8CVSS6.1AI score0.00409EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.12 views

PT-2026-40126

Name of the Vulnerable Software and Affected Versions mamba versions prior to 2.2.7 Description Insecure deserialization occurs when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.from pretrained function uses torch.load to load the pytorch model.bin weight file without...

9.8CVSS6.2AI score0.00409EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/12 12:0 a.m.35 views

CVE-2026-31239

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

0.00409EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/07 2:24 a.m.15 views

Diffusers has a `trust_remote_code` bypass via `custom_pipeline` and local custom components

Background This vulnerability is found in the DiffusionPipeline.frompretrained flow, which is used to load a pipeline from the HuggingFace Hub. This function accepts an optional custompipeline keyword argument: the name of a Python file in the repo that contains a custom class inheriting from...

8.8CVSS5.9AI score0.00562EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2026/05/07 2:24 a.m.6 views

GHSA-J7W6-VPVQ-J3GM Diffusers has a `trust_remote_code` bypass via `custom_pipeline` and local custom components

Background This vulnerability is found in the DiffusionPipeline.frompretrained flow, which is used to load a pipeline from the HuggingFace Hub. This function accepts an optional custompipeline keyword argument: the name of a Python file in the repo that contains a custom class inheriting from...

8.8CVSS5.9AI score0.00562EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.16 views

PT-2026-39298

Name of the Vulnerable Software and Affected Versions Diffusers versions prior to 0.38.0 Description An issue exists in the DiffusionPipeline.from pretrained flow when loading pipelines from Hugging Face Hub repositories. The resolve custom pipeline and cls function in pipeline loading utils.py...

8.8CVSS6.4AI score0.00562EPSS
Exploits1References7
Packet Storm News
Packet Storm News
added 2026/05/06 12:0 a.m.24 views

GLiNER Guard: Unified Encoder Family for Production LLM Safety and Privacy

Production LLM systems require both safety moderation and PII detection under strict latency and cost constraints. This creates a trade-off: autoregressive moderators are accurate but expensive, while lightweight encoders are faster but less capable. We present GLiNER Guard GLiGuard, a unified...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/03 12:31 a.m.14 views

SGLang has an Improper Input Validation/Injection Issue

A vulnerability was detected in sgl-project SGLang up to 0.5.9. Impacted is the function gettokenizer of the file python/sglang/srt/utils/hftransformersutils.py of the component HuggingFace Transformer Handler. The manipulation results in deserialization. The attack can be executed remotely. A hi...

6.3CVSS5.6AI score0.00368EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/05/03 12:31 a.m.13 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview sglang is a SGLang is a fast serving framework for large language models and vision language models. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the gettokenizer function in the...

6.3CVSS5.8AI score0.00368EPSS
Exploits0References3
NVD
NVD
added 2026/05/02 10:16 p.m.30 views

CVE-2026-7669

A vulnerability was detected in sgl-project SGLang up to 0.5.9. Impacted is the function gettokenizer of the file python/sglang/srt/utils/hftransformersutils.py of the component HuggingFace Transformer Handler. The manipulation of the argument trustremotecode with the input False as part of Boole...

6.3CVSS0.00368EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/02 10:0 p.m.28 views

EUVD-2026-26802

A vulnerability was detected in sgl-project SGLang up to 0.5.9. Impacted is the function gettokenizer of the file python/sglang/srt/utils/hftransformersutils.py of the component HuggingFace Transformer Handler. The manipulation results in deserialization. The attack can be executed remotely. A hi...

6.3CVSS5.3AI score0.00368EPSS
Exploits0References3
CVE
CVE
added 2026/05/02 10:0 p.m.24 views

CVE-2026-7669

Affected software: sgl-project SGLang (up to 0.5.9). The vulnerability targets the function get_tokenizer in python/sglang/srt/utils/hf_transformers_utils.py within the HuggingFace Transformer Handler. Root cause is deserialization triggered by input manipulation. Impact is remote execution with ...

6.3CVSS6AI score0.00368EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/02 10:0 p.m.5 views

CVE-2026-7669 sgl-project SGLang HuggingFace Transformer hf_transformers_utils.py get_tokenizer code injection

A vulnerability was detected in sgl-project SGLang up to 0.5.9. Impacted is the function gettokenizer of the file python/sglang/srt/utils/hftransformersutils.py of the component HuggingFace Transformer Handler. The manipulation of the argument trustremotecode with the input False as part of Boole...

6.3CVSS6AI score0.00368EPSS
Exploits0References4
Rows per page
Query Builder