Transformers Security Vulnerabilities and Issues — Transformers CVE List

Lucene search

HuggingfaceTransformers

7 matches found

CVE•added 2024/11/22 10:15 p.m.•208 views

CVE-2024-11394

Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that...

8.8CVSS9AI score0.07971EPSS

CVE•added 2024/11/22 10:15 p.m.•196 views

CVE-2024-11393

Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability i...

8.8CVSS9AI score0.38396EPSS

CVE•added 2024/11/22 10:15 p.m.•193 views

CVE-2024-11392

Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in tha...

8.8CVSS7.9AI score0.36109EPSS

CVE•added 2023/05/18 5:15 p.m.•46 views

CVE-2023-2800

Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0.

4.7CVSS4.6AI score0.00015EPSS

CVE•added 2023/12/20 5:15 p.m.•46 views

CVE-2023-7018

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.

9.6CVSS7.8AI score0.00141EPSS

CVE•added 2023/12/19 1:15 p.m.•42 views

CVE-2023-6730

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.

9CVSS8.7AI score0.00161EPSS

CVE•added 2025/05/19 12:15 p.m.•26 views

CVE-2025-2099

A vulnerability in the preprocess_string() function of the transformers.testing_utils module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service (ReDoS) attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, le...

7.5CVSS5.3AI score0.00073EPSS