68 matches found
3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1736 more potentially affected by CVE-2025-3263 via transformers (>=2.10.0 <=4.50.3)
transformers PYPI version =2.10.0, =0.1.0, =0.1.1, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.2.11 and more Source cves: CVE-2025-3263 Source advisory: OSV:GHSA-Q2WP-RJMX-X6X9...
Transformers's Improper Input Validation vulnerability can be exploited through username injection
Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the imageutils.py file. The vulnerability arises from insecure URL validation using the startswith method, which can be bypassed through URL username injection. This allows attackers to...
3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1736 more potentially affected by CVE-2025-3264 via transformers (>=2.10.0 <=4.50.3)
transformers PYPI version =2.10.0, =0.1.0, =0.1.1, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.2.11 and more Source cves: CVE-2025-3264 Source advisory: OSV:GHSA-JJPH-296X-MRCR...
GHSA-PHHR-52QP-3MJ4 Transformers's Improper Input Validation vulnerability can be exploited through username injection
Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the imageutils.py file. The vulnerability arises from insecure URL validation using the startswith method, which can be bypassed through URL username injection. This allows attackers to...
Improper Validation of Syntactic Correctness of Input
Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input via improper handling of user-supplied URLs by using the startswith method in imageutils.py. An...
3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1812 more potentially affected by CVE-2025-3777 via transformers (>=2.10.0 <=4.51.3)
transformers PYPI version =2.10.0, =0.0.4.80, =0.1.0, =0.1.1, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.2.11 and more Source cves: CVE-2025-3777 Source advisory: SNYK:PYTHON-TRANSFORMERS-10658536...
ace-step (=0.1.0), agent-memory-jojo (=0.1.3) +163 more potentially affected by CVE-2025-3264 via transformers (>=4.49.0 <=4.50.3)
transformers PYPI version =4.49.0, =3.2.0, =2.2.0, =0.0.5, =2026.3.1, =0.1.0, =1.2.1b20250404, =1.2.1b20250404, =1.2.1b20250404, =0.1.2, =0.1.8 - azureml-metrics =0.0.25.post1 and more Source cves: CVE-2025-3264 Source advisory: SNYK:PYTHON-TRANSFORMERS-10658534...
ace-step (=0.1.0), agent-memory-jojo (=0.1.3) +163 more potentially affected by CVE-2025-3263 via transformers (>=4.49.0 <=4.50.3)
transformers PYPI version =4.49.0, =3.2.0, =2.2.0, =0.0.5, =2026.3.1, =0.1.0, =1.2.1b20250404, =1.2.1b20250404, =1.2.1b20250404, =0.1.2, =0.1.8 - azureml-metrics =0.0.25.post1 and more Source cves: CVE-2025-3263 Source advisory: SNYK:PYTHON-TRANSFORMERS-10658535...
CVE-2025-3262 Regular Expression Denial of Service (ReDoS) in huggingface/transformers
A Regular Expression Denial of Service ReDoS vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular expression complexity in the SETTINGRE variable within the transformers/commands/chat.py file. The...
Hugging Face Transformers 安全漏洞
Hugging Face Transformers is Hugging Face's open source advanced natural language processing for Jax, PyTorch and TensorFlow. A security vulnerability exists in Hugging Face Transformers version 4.49.0, which stems from insufficient regular expression complexity in the getimports function in...
Hugging Face Transformers 安全漏洞
Hugging Face Transformers is Hugging Face's open source advanced natural language processing for Jax, PyTorch and TensorFlow. A security vulnerability exists in Hugging Face Transformers version 4.49.0, which stems from insufficient regular expression complexity in the getconfigurationfile functi...
Hugging Face Transformers 安全漏洞
Hugging Face Transformers is Hugging Face's open source advanced natural language processing for Jax, PyTorch and TensorFlow. A security vulnerability exists in Hugging Face Transformers version 4.49.0, which stems from insufficient regular expression complexity in the SETTINGRE variable in...
CVE-2023-6730
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...
Regular Expression Denial Of Service (ReDoS)
Transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing due to nested quantifiers in the preprocessstring function of transformers.testingutils, which can cause exponential backtracking and high CPU usage when...
3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1691 more potentially affected by CVE-2025-2099 via transformers (>=2.10.0 <=4.4.2)
transformers PYPI version =2.10.0, =0.1.0, =0.1.1, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.0.1, =0.1.2 and more Source cves: CVE-2025-2099 Source advisory: OSV:GHSA-QQ3J-4F4F-9583...
3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1691 more potentially affected by CVE-2025-1194 via transformers (>=2.10.0 <=4.4.2)
transformers PYPI version =2.10.0, =0.1.0, =0.1.1, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.0.1, =0.1.2 and more Source cves: CVE-2025-1194 Source advisory: OSV:GHSA-FPWR-67PX-3QHX...
transformers 安全漏洞
transformers is a Hugging Face open source application for machine learning. A security vulnerability exists in transformers version 4.48.1, which stems from exponential complexity in regular expressions when processing specially crafted inputs, potentially leading to a denial of service...
3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1525 more potentially affected by CVE-2024-12720 via transformers (>=2.10.0 <=4.47.1)
transformers PYPI version =2.10.0, =0.1.1, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.0.1, =0.1.0, =0.1.1 and more Source cves: CVE-2024-12720 Source advisory: OSV:GHSA-6RVG-6V2M-4J46...
3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1525 more potentially affected by CVE-2024-11393 via transformers (>=2.10.0 <=4.47.1)
transformers PYPI version =2.10.0, =0.1.1, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.0.1, =0.1.0, =0.1.1 and more Source cves: CVE-2024-11393 Source advisory: OSV:GHSA-WRFC-PVP9-MR9G...
3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1525 more potentially affected by CVE-2024-11394 via transformers (>=2.10.0 <=4.47.1)
transformers PYPI version =2.10.0, =0.1.1, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.0.1, =0.1.0, =0.1.1 and more Source cves: CVE-2024-11394 Source advisory: OSV:GHSA-HXXF-235M-72V3...