Transformers Security Vulnerabilities and Issues — Transformers CVE List

Lucene search

HuggingfaceTransformers

8 matches found

CVE•added 2025/03/20 10:15 a.m.•177 views

CVE-2024-12720

A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file tokenization_nougat_fast.py. The vulnerability occurs in the post_process_single() function, where a regular expression processes specially crafted input. Th...

7.5CVSS6.8AI score0.00152EPSS

CVE•added 2025/04/29 12:15 p.m.•140 views

CVE-2025-1194

A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file tokenization_gpt_neox_japanese.py of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where regular expressions p...

6.5CVSS4.5AI score0.00059EPSS

CVE•added 2025/07/07 10:15 a.m.•35 views

CVE-2025-3777

Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the image_utils.py file. The vulnerability arises from insecure URL validation using the startswith() method, which can be bypassed through URL username injection. This allows attackers to ...

3.5CVSS4AI score0.00069EPSS

CVE•added 2025/05/19 12:15 p.m.•28 views

CVE-2025-2099

A vulnerability in the preprocess_string() function of the transformers.testing_utils module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service (ReDoS) attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, le...

7.5CVSS5.3AI score0.00076EPSS

CVE•added 2025/07/11 10:15 a.m.•13 views

CVE-2025-3933

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's token2json() method. This vulnerability affects versions 4.50.3 and earlier, and is fixed in version 4.52.1. The issue arises from the...

5.3CVSS5.2AI score0.00048EPSS

CVE•added 2025/07/07 10:15 a.m.•10 views

CVE-2025-3264

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the get_imports() function within dynamic_module_utils.py. This vulnerability affects versions 4.49.0 and is fixed in version 4.51.0. The issue arises from a regular...

5.3CVSS5.5AI score0.00057EPSS

CVE•added 2025/07/07 10:15 a.m.•9 views

CVE-2025-3262

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular expression complexity in the SETTING_RE variable within the transformers/commands/chat.py file. The...

7.5CVSS5AI score0.00054EPSS

CVE•added 2025/07/07 10:15 a.m.•9 views

CVE-2025-3263

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the get_configuration_file() function within the transformers.configuration_utils module. The affected version is 4.49.0, and the issue is resolved in version 4.51.0...

5.3CVSS5.1AI score0.00057EPSS