Lucene search
+L

68 matches found

vulnersOsv
vulnersOsv
added 2025/07/07 12:30 p.m.13 views

3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1736 more potentially affected by CVE-2025-3263 via transformers (>=2.10.0 <=4.50.3)

transformers PYPI version =2.10.0, =0.1.0, =0.1.1, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.2.11 and more Source cves: CVE-2025-3263 Source advisory: OSV:GHSA-Q2WP-RJMX-X6X9...

5.3CVSS6AI score0.00431EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2025/07/07 12:30 p.m.4 views

Transformers's Improper Input Validation vulnerability can be exploited through username injection

Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the imageutils.py file. The vulnerability arises from insecure URL validation using the startswith method, which can be bypassed through URL username injection. This allows attackers to...

3.5CVSS3.7AI score0.00329EPSS
Exploits1References5Affected Software1
vulnersOsv
vulnersOsv
added 2025/07/07 12:30 p.m.6 views

3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1736 more potentially affected by CVE-2025-3264 via transformers (>=2.10.0 <=4.50.3)

transformers PYPI version =2.10.0, =0.1.0, =0.1.1, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.2.11 and more Source cves: CVE-2025-3264 Source advisory: OSV:GHSA-JJPH-296X-MRCR...

5.3CVSS6AI score0.00431EPSS
Exploits1
OSV
OSV
added 2025/07/07 12:30 p.m.2 views

GHSA-PHHR-52QP-3MJ4 Transformers's Improper Input Validation vulnerability can be exploited through username injection

Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the imageutils.py file. The vulnerability arises from insecure URL validation using the startswith method, which can be bypassed through URL username injection. This allows attackers to...

3.5CVSS6.7AI score0.00329EPSS
Exploits1References5
Snyk
Snyk
added 2025/07/07 9:55 a.m.2 views

Improper Validation of Syntactic Correctness of Input

Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input via improper handling of user-supplied URLs by using the startswith method in imageutils.py. An...

5.1CVSS6.8AI score0.00329EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2025/07/07 9:55 a.m.7 views

3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1812 more potentially affected by CVE-2025-3777 via transformers (>=2.10.0 <=4.51.3)

transformers PYPI version =2.10.0, =0.0.4.80, =0.1.0, =0.1.1, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.2.11 and more Source cves: CVE-2025-3777 Source advisory: SNYK:PYTHON-TRANSFORMERS-10658536...

3.5CVSS5.8AI score0.00329EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2025/07/07 9:55 a.m.6 views

ace-step (=0.1.0), agent-memory-jojo (=0.1.3) +163 more potentially affected by CVE-2025-3264 via transformers (>=4.49.0 <=4.50.3)

transformers PYPI version =4.49.0, =3.2.0, =2.2.0, =0.0.5, =2026.3.1, =0.1.0, =1.2.1b20250404, =1.2.1b20250404, =1.2.1b20250404, =0.1.2, =0.1.8 - azureml-metrics =0.0.25.post1 and more Source cves: CVE-2025-3264 Source advisory: SNYK:PYTHON-TRANSFORMERS-10658534...

5.3CVSS6AI score0.00431EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2025/07/07 9:54 a.m.7 views

ace-step (=0.1.0), agent-memory-jojo (=0.1.3) +163 more potentially affected by CVE-2025-3263 via transformers (>=4.49.0 <=4.50.3)

transformers PYPI version =4.49.0, =3.2.0, =2.2.0, =0.0.5, =2026.3.1, =0.1.0, =1.2.1b20250404, =1.2.1b20250404, =1.2.1b20250404, =0.1.2, =0.1.8 - azureml-metrics =0.0.25.post1 and more Source cves: CVE-2025-3263 Source advisory: SNYK:PYTHON-TRANSFORMERS-10658535...

5.3CVSS6AI score0.00431EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2025/07/07 9:54 a.m.2 views

CVE-2025-3262 Regular Expression Denial of Service (ReDoS) in huggingface/transformers

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular expression complexity in the SETTINGRE variable within the transformers/commands/chat.py file. The...

5.3CVSS6.8AI score0.0043EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/07/07 12:0 a.m.4 views

Hugging Face Transformers 安全漏洞

Hugging Face Transformers is Hugging Face's open source advanced natural language processing for Jax, PyTorch and TensorFlow. A security vulnerability exists in Hugging Face Transformers version 4.49.0, which stems from insufficient regular expression complexity in the getimports function in...

5.3CVSS5.3AI score0.00431EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/07/07 12:0 a.m.10 views

Hugging Face Transformers 安全漏洞

Hugging Face Transformers is Hugging Face's open source advanced natural language processing for Jax, PyTorch and TensorFlow. A security vulnerability exists in Hugging Face Transformers version 4.49.0, which stems from insufficient regular expression complexity in the getconfigurationfile functi...

5.3CVSS5.3AI score0.00431EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/07/07 12:0 a.m.7 views

Hugging Face Transformers 安全漏洞

Hugging Face Transformers is Hugging Face's open source advanced natural language processing for Jax, PyTorch and TensorFlow. A security vulnerability exists in Hugging Face Transformers version 4.49.0, which stems from insufficient regular expression complexity in the SETTINGRE variable in...

7.5CVSS5.3AI score0.0043EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/23 2:7 a.m.7 views

CVE-2023-6730

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...

9CVSS6.8AI score0.00921EPSS
Exploits1References1
Veracode
Veracode
added 2025/05/22 9:26 a.m.9 views

Regular Expression Denial Of Service (ReDoS)

Transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing due to nested quantifiers in the preprocessstring function of transformers.testingutils, which can cause exponential backtracking and high CPU usage when...

7.5CVSS6.6AI score0.00507EPSS
Exploits1References6Affected Software1
vulnersOsv
vulnersOsv
added 2025/05/19 12:30 p.m.8 views

3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1691 more potentially affected by CVE-2025-2099 via transformers (>=2.10.0 <=4.4.2)

transformers PYPI version =2.10.0, =0.1.0, =0.1.1, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.0.1, =0.1.2 and more Source cves: CVE-2025-2099 Source advisory: OSV:GHSA-QQ3J-4F4F-9583...

7.5CVSS6AI score0.00507EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2025/04/29 12:30 p.m.11 views

3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1691 more potentially affected by CVE-2025-1194 via transformers (>=2.10.0 <=4.4.2)

transformers PYPI version =2.10.0, =0.1.0, =0.1.1, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.0.1, =0.1.2 and more Source cves: CVE-2025-1194 Source advisory: OSV:GHSA-FPWR-67PX-3QHX...

6.5CVSS6AI score0.00384EPSS
Exploits1
CNNVD
CNNVD
added 2025/04/29 12:0 a.m.3 views

transformers 安全漏洞

transformers is a Hugging Face open source application for machine learning. A security vulnerability exists in transformers version 4.48.1, which stems from exponential complexity in regular expressions when processing specially crafted inputs, potentially leading to a denial of service...

6.5CVSS4.7AI score0.00384EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2025/03/20 12:32 p.m.6 views

3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1525 more potentially affected by CVE-2024-12720 via transformers (>=2.10.0 <=4.47.1)

transformers PYPI version =2.10.0, =0.1.1, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.0.1, =0.1.0, =0.1.1 and more Source cves: CVE-2024-12720 Source advisory: OSV:GHSA-6RVG-6V2M-4J46...

7.5CVSS6.3AI score0.00684EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/11/23 3:31 a.m.3 views

3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1525 more potentially affected by CVE-2024-11393 via transformers (>=2.10.0 <=4.47.1)

transformers PYPI version =2.10.0, =0.1.1, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.0.1, =0.1.0, =0.1.1 and more Source cves: CVE-2024-11393 Source advisory: OSV:GHSA-WRFC-PVP9-MR9G...

8.8CVSS7.2AI score0.02894EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/11/23 3:31 a.m.8 views

3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1525 more potentially affected by CVE-2024-11394 via transformers (>=2.10.0 <=4.47.1)

transformers PYPI version =2.10.0, =0.1.1, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.0.1, =0.1.0, =0.1.1 and more Source cves: CVE-2024-11394 Source advisory: OSV:GHSA-HXXF-235M-72V3...

8.8CVSS7.2AI score0.02415EPSS
Exploits1
Rows per page
Query Builder