Lucene search
+L

23 matches found

osv
osv
added 2026/04/07 6:30 a.m.23 views

GHSA-69W3-R845-3855 HuggingFace Transformers allows for arbitrary code execution in the `Trainer` class

A vulnerability in the HuggingFace Transformers library, specifically in the Trainer class, allows for arbitrary code execution. The loadrngstate method in src/transformers/trainer.py at line 3059 calls torch.load without the weightsonly=True parameter. This issue affects all versions of the...

6.5CVSS6.2AI score0.00349EPSS
Exploits1References5
cvelist
cvelist
added 2026/04/07 5:22 a.m.29 views

CVE-2026-1839 Arbitrary Code Execution via Unsafe torch.load() in Trainer Checkpoint Loading in huggingface/transformers

A vulnerability in the HuggingFace Transformers library, specifically in the Trainer class, allows for arbitrary code execution. The loadrngstate method in src/transformers/trainer.py at line 3059 calls torch.load without the weightsonly=True parameter. This issue affects all versions of the...

6.5CVSS0.00349EPSS
Exploits1References2
cve
cve
added 2026/04/07 5:22 a.m.64 views

CVE-2026-1839

CVE-2026-1839 concerns the HuggingFace Transformers library, affecting the Trainer class. The root cause is an unsafe load in src/transformers/trainer.py: _load_rng_state() calls torch.load() without weights_only=True, which can allow arbitrary code execution when loading a malicious checkpoint (...

7.8CVSS7AI score0.00349EPSS
Exploits1References2Affected Software1
vulnersosv
vulnersosv
added 2026/03/22 5:16 a.m.9 views

3-04-2025-ttm (=0.1.0), 3d-connectx-env (>=1.0.0 <=1.0.1) +2657 more potentially affected by CVE-2026-4538 via torch (>=1.0.0 <=2.10.0)

torch PYPI version =1.0.0, =1.0.0, =0.1.0, =0.1.0, =0.7.4, =0.2.4, =0.0.1b1, =1.0.32, =0.0.3, =0.0.4 and more Source cves: CVE-2026-4538 Source advisory: OSV:PYSEC-2026-139...

7.8CVSS6AI score0.00239EPSS
Exploits0
vulnersosv
vulnersosv
added 2025/09/25 4:15 p.m.8 views

01os (=0.0.14), 21cmpsdenoiser (>=1.0.0 <=1.0.2) +25613 more potentially affected by CVE-2025-55560 via torch (>=1.0.0 <=2.7.0)

torch PYPI version =1.0.0, =1.0.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.0.1, =0.0.16 - a1facts =0.2.6 and more Source cves: CVE-2025-55560 Source advisory: OSV:PYSEC-2025-209...

7.5CVSS7AI score0.00381EPSS
Exploits0
vulnersosv
vulnersosv
added 2025/09/25 4:15 p.m.9 views

01os (=0.0.14), 21cmpsdenoiser (>=1.0.0 <=1.0.2) +25839 more potentially affected by CVE-2025-55552 via torch (>=1.0.0 <=2.8.0)

torch PYPI version =1.0.0, =1.0.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.0.1, =0.0.16 - a1facts =0.2.6 and more Source cves: CVE-2025-55552 Source advisory: OSV:PYSEC-2025-204...

7.5CVSS6.3AI score0.0039EPSS
Exploits0
vulnersosv
vulnersosv
added 2025/09/25 3:43 p.m.11 views

01os (=0.0.14), 21cmpsdenoiser (>=1.0.0 <=1.0.2) +24669 more potentially affected by CVE-2025-55552 via torch (>=2.0.0 <=2.8.0)

torch PYPI version =2.0.0, =1.0.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.0.1, =0.10.5, =0.1.0.dev1, =1.0.0, =1.2.0 and more Source cves: CVE-2025-55552 Source advisory: SNYK:PYTHON-TORCH-13052971...

7.5CVSS6.3AI score0.0039EPSS
Exploits0
vulnersosv
vulnersosv
added 2025/09/25 3:43 p.m.7 views

01os (=0.0.14), 21cmpsdenoiser (>=1.0.0 <=1.0.2) +24551 more potentially affected by CVE-2025-55553 via torch (>=2.0.0 <=2.7.1)

torch PYPI version =2.0.0, =1.0.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.0.1, =0.10.5, =0.1.0.dev1, =1.0.0, =1.2.0 and more Source cves: CVE-2025-55553 Source advisory: SNYK:PYTHON-TORCH-13052994...

7.5CVSS7AI score0.00381EPSS
Exploits0
vulnersosv
vulnersosv
added 2025/09/25 3:42 p.m.15 views

01os (=0.0.14), 21cmpsdenoiser (>=1.0.0 <=1.0.2) +24551 more potentially affected by CVE-2025-55557 via torch (>=2.0.0 <=2.7.1)

torch PYPI version =2.0.0, =1.0.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.0.1, =0.10.5, =0.1.0.dev1, =1.0.0, =1.2.0 and more Source cves: CVE-2025-55557 Source advisory: SNYK:PYTHON-TORCH-13052977...

7.5CVSS7AI score0.00381EPSS
Exploits0
vulnersosv
vulnersosv
added 2025/09/25 3:16 p.m.5 views

01os (=0.0.14), 21cmpsdenoiser (>=1.0.0 <=1.0.2) +25839 more potentially affected by CVE-2025-55551 via torch (>=1.0.0 <=2.8.0)

torch PYPI version =1.0.0, =1.0.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.0.1, =0.0.16 - a1facts =0.2.6 and more Source cves: CVE-2025-55551 Source advisory: OSV:PYSEC-2025-203...

7.5CVSS6.3AI score0.00391EPSS
Exploits0
vulnersosv
vulnersosv
added 2025/09/25 3:16 p.m.13 views

01os (=0.0.14), 21cmpsdenoiser (>=1.0.0 <=1.0.2) +25575 more potentially affected by CVE-2025-46148 via torch (>=1.0.0 <=2.6.0)

torch PYPI version =1.0.0, =1.0.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.0.1, =0.0.16 - a1facts =0.2.6 and more Source cves: CVE-2025-46148 Source advisory: OSV:PYSEC-2025-198...

5.3CVSS6AI score0.00374EPSS
Exploits0
vulnersosv
vulnersosv
added 2025/09/25 12:0 a.m.5 views

01os (=0.0.14), 21cmpsdenoiser (>=1.0.0 <=1.0.2) +24669 more potentially affected by CVE-2025-55551 via torch (>=2.0.0 <=2.8.0)

torch PYPI version =2.0.0, =1.0.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.0.1, =0.10.5, =0.1.0.dev1, =1.0.0, =1.2.0 and more Source cves: CVE-2025-55551 Source advisory: SNYK:PYTHON-TORCH-13052805...

7.5CVSS6.3AI score0.00391EPSS
Exploits0
vulnersosv
vulnersosv
added 2025/09/25 12:0 a.m.4 views

01os (=0.0.14), 21cmpsdenoiser (>=1.0.0 <=1.0.2) +24551 more potentially affected by CVE-2025-55558 via torch (>=2.0.0 <=2.7.1)

torch PYPI version =2.0.0, =1.0.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.0.1, =0.10.5, =0.1.0.dev1, =1.0.0, =1.2.0 and more Source cves: CVE-2025-55558 Source advisory: SNYK:PYTHON-TORCH-13052818...

7.5CVSS7AI score0.0042EPSS
Exploits0
github
github
added 2025/06/27 3:27 p.m.13 views

LLaMA-Factory allows Code Injection through improper vhead_file safeguards

Summary A critical remote code execution vulnerability was discovered during the Llama Factory training process. This vulnerability arises because the vheadfile is loaded without proper safeguards, allowing malicious attackers to execute arbitrary malicious code on the host system simply by passi...

9.8CVSS8.1AI score0.0103EPSS
Exploits1References4Affected Software1
vulnersosv
vulnersosv
added 2025/04/18 3:19 p.m.10 views

01os (=0.0.14), 21cmpsdenoiser (>=1.0.0 <=1.0.2) +25417 more potentially affected by CVE-2025-32434 via torch (>=1.0.0 <=2.5.1)

torch PYPI version =1.0.0, =1.0.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.0.1, =0.0.16 - a1facts =0.2.6 and more Source cves: CVE-2025-32434 Source advisory: OSV:GHSA-53Q9-R3PM-6PQ6...

9.8CVSS7.5AI score0.01917EPSS
Exploits1
vulnersosv
vulnersosv
added 2025/04/16 9:30 p.m.5 views

01os (=0.0.14), 21cmpsdenoiser (>=1.0.0 <=1.0.2) +24551 more potentially affected by CVE-2025-3730 via torch (>=2.0.0 <=2.7.1)

torch PYPI version =2.0.0, =1.0.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.0.1, =0.10.5, =0.1.0.dev1, =1.0.0, =1.2.0 and more Source cves: CVE-2025-3730 Source advisory: SNYK:PYTHON-TORCH-9726944...

5.5CVSS5.8AI score0.00287EPSS
Exploits1
vulnersosv
vulnersosv
added 2025/04/02 10:42 p.m.6 views

01os (=0.0.14), 21cmpsdenoiser (>=1.0.0 <=1.0.2) +25918 more potentially affected by CVE-2025-3121 via torch (>=1.0.0 <=2.9.1)

torch PYPI version =1.0.0, =1.0.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.0.1, =0.0.16 - a1facts =0.2.6 and more Source cves: CVE-2025-3121 Source advisory: SNYK:PYTHON-TORCH-10337834...

5.5CVSS5.8AI score0.00254EPSS
Exploits1
vulnersosv
vulnersosv
added 2025/03/31 3:43 p.m.7 views

01os (=0.0.14), 21cmpsdenoiser (>=1.0.0 <=1.0.2) +25918 more potentially affected by CVE-2025-3000 via torch (>=1.0.0 <=2.9.1)

torch PYPI version =1.0.0, =1.0.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.0.1, =0.0.16 - a1facts =0.2.6 and more Source cves: CVE-2025-3000 Source advisory: SNYK:PYTHON-TORCH-10337826...

5.3CVSS6AI score0.00183EPSS
Exploits0
vulnersosv
vulnersosv
added 2025/03/31 3:30 p.m.5 views

01os (=0.0.14), 21cmpsdenoiser (>=1.0.0 <=1.0.2) +25575 more potentially affected by CVE-2025-2998 via torch (>=1.0.0 <=2.6.0)

torch PYPI version =1.0.0, =1.0.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.0.1, =0.0.16 - a1facts =0.2.6 and more Source cves: CVE-2025-2998 Source advisory: OSV:GHSA-F4HP-RMR7-R7V8...

5.3CVSS6AI score0.00185EPSS
Exploits0
vulnersosv
vulnersosv
added 2025/03/30 6:30 p.m.5 views

01os (=0.0.14), 21cmpsdenoiser (>=1.0.0 <=1.0.2) +25613 more potentially affected by CVE-2025-2953 via torch (>=1.0.0 <=2.7.0)

torch PYPI version =1.0.0, =1.0.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.0.1, =0.0.16 - a1facts =0.2.6 and more Source cves: CVE-2025-2953 Source advisory: OSV:GHSA-3749-GHW9-M3MG...

5.5CVSS5.8AI score0.00237EPSS
Exploits1
Rows per page
Query Builder