Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Transformers
(Huggingface)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 7 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-05-19 | CVE-2025-2099 | A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils` module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service (ReDoS) attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leading to exponential backtracking when processing input with a large number of newline characters. An attacker can exploit this by providing a specially crafted payload, causing high CPU usage... | Transformers | 7.5 | ||
| 2024-11-22 | CVE-2024-11392 | Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of configuration files. The issue results from the lack of proper validation of... | Transformers | 8.8 | ||
| 2024-11-22 | CVE-2024-11393 | Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of model files. The issue results from the lack of proper validation of... | Transformers | 8.8 | ||
| 2024-11-22 | CVE-2024-11394 | Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of model files. The issue results from the lack of proper validation of user-supplied... | Transformers | 8.8 | ||
| 2023-05-18 | CVE-2023-2800 | Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0. | Transformers | 4.7 | ||
| 2023-12-19 | CVE-2023-6730 | Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36. | Transformers | 8.8 | ||
| 2023-12-20 | CVE-2023-7018 | Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36. | Transformers | 7.8 |