Huggingface Security Vulnerabilities

CVE-2024-3568

The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the load_repo_checkpoint() function of the TFPreTrainedModel() class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload,...

CVE-2023-7018

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to...

CVE-2023-6730

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to...

CVE-2023-2800

Insecure Temporary File in GitHub repository huggingface/transformers prior to...