| CVE-2026-1839 |
high |
7.8 |
7.8 |
|
|
|
2mo ago |
A vulnerability in the HuggingFace Transformers library, specifically in the `Trainer` class, allows for arbitrary code execution. The `_load_rng_state()` method in `src/transformers/trainer.py` at l… |
| CVE-2025-14930 |
unknown |
— |
— |
|
|
|
5mo ago |
Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of… |
| CVE-2025-14929 |
unknown |
— |
— |
|
|
|
5mo ago |
Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on a… |
| CVE-2025-14928 |
unknown |
— |
— |
|
|
|
5mo ago |
Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of H… |
| CVE-2025-14927 |
unknown |
— |
— |
|
|
|
5mo ago |
Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hu… |
| CVE-2025-14926 |
unknown |
— |
— |
|
|
|
5mo ago |
Hugging Face Transformers SEW convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugg… |
| CVE-2025-14924 |
unknown |
— |
— |
|
|
|
5mo ago |
Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected install… |
| CVE-2025-14921 |
unknown |
— |
— |
|
|
|
5mo ago |
Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected … |
| CVE-2025-14920 |
unknown |
— |
— |
|
|
|
5mo ago |
Hugging Face Transformers Perceiver Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected insta… |
| CVE-2025-6921 |
unknown |
— |
— |
|
|
|
8mo ago |
Hugging Face Transformers vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer |
| CVE-2025-6051 |
unknown |
— |
— |
|
|
|
9mo ago |
Hugging Face Transformers library has Regular Expression Denial of Service |
| CVE-2025-6638 |
unknown |
— |
— |
|
|
|
9mo ago |
Hugging Face Transformers is vulnerable to ReDoS through its MarianTokenizer |
| CVE-2025-5197 |
unknown |
— |
— |
|
|
|
10mo ago |
Hugging Face Transformers Regular Expression Denial of Service (ReDoS) vulnerability |
| CVE-2025-3933 |
unknown |
— |
— |
|
|
|
11mo ago |
Transformers is vulnerable to ReDoS attack through its DonutProcessor class |
| CVE-2025-3262 |
unknown |
— |
— |
|
|
|
11mo ago |
Transformers vulnerable to ReDoS attack through its SETTING_RE variable |
| CVE-2025-3263 |
unknown |
— |
— |
|
|
|
11mo ago |
Transformers's ReDoS vulnerability in get_configuration_file can lead to catastrophic backtracking |
| CVE-2025-3264 |
unknown |
— |
— |
|
|
|
11mo ago |
Transformers vulnerable to ReDoS attack through its get_imports() function |
| CVE-2025-3777 |
unknown |
— |
— |
|
|
|
11mo ago |
Transformers's Improper Input Validation vulnerability can be exploited through username injection |
| CVE-2025-2099 |
unknown |
— |
— |
|
|
|
1y ago |
A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils` module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service (ReDoS) … |
| CVE-2025-1194 |
unknown |
— |
— |
|
|
|
1y ago |
Transformers Regular Expression Denial of Service (ReDoS) vulnerability |
| CVE-2024-12720 |
unknown |
— |
— |
|
|
|
1y ago |
Transformers Regular Expression Denial of Service (ReDoS) vulnerability |
| CVE-2024-11394 |
unknown |
— |
— |
|
|
|
2y ago |
Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installati… |
| CVE-2024-11392 |
unknown |
— |
— |
|
|
|
2y ago |
Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installat… |
| CVE-2024-11393 |
unknown |
— |
— |
|
|
|
2y ago |
Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected inst… |
| CVE-2024-3568 |
unknown |
— |
— |
|
|
|
2y ago |
Transformers Deserialization of Untrusted Data vulnerability |
| CVE-2023-7018 |
unknown |
— |
— |
|
|
|
3y ago |
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36. |
| CVE-2023-6730 |
unknown |
— |
— |
|
|
|
3y ago |
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36. |
| CVE-2023-2800 |
unknown |
— |
— |
|
|
|
3y ago |
Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0. |