CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

OSV•added 2026/05/12 6:30 p.m.•1 views

GHSA-PQ2F-X424-6FJM mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

9.8CVSS6.1AI score0.00054EPSS

Exploits0References3

EUVD•added 2026/05/12 6:30 p.m.•2 views

EUVD-2026-29562

6.1AI score0.00054EPSS

Exploits0References3

Github Security Blog•added 2026/05/12 6:30 p.m.•3 views

mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub

9.8CVSS6.1AI score0.00054EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2026/05/12 12:0 a.m.•3 views

PT-2026-40126

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.from pretrained method uses torch.load to load the pytorch model.bin weight file without enabling the security-restrictive...

6.1AI score0.00054EPSS

Exploits0References3

Cvelist•added 2026/05/12 12:0 a.m.•25 views

CVE-2026-31239

0.00054EPSS

Exploits0References2

CVE•added 2026/05/12 12:0 a.m.•5 views

CVE-2026-31239

The CVE-2026-31239 entry concerns the Mamba language model framework up to version 2.2.6. The issue is insecure deserialization (CWE-502) when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.from_pretrained() method uses torch.load() to load the pytorch_model.bin weight file...

9.8CVSS6.1AI score0.00054EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by