Huggingface

Transformers

27 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2025-14930

  • EPSS 0.28%
  • Veröffentlicht 23.12.2025 21:15:48
  • Zuletzt bearbeitet 21.01.2026 21:01:36

Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is req...

7.8

CVE-2025-14929

  • EPSS 0.15%
  • Veröffentlicht 23.12.2025 21:15:48
  • Zuletzt bearbeitet 21.01.2026 16:38:41

Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers....

7.8

CVE-2025-14928

  • EPSS 0.1%
  • Veröffentlicht 23.12.2025 21:15:48
  • Zuletzt bearbeitet 21.01.2026 16:43:32

Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is requi...

7.8

CVE-2025-14927

  • EPSS 0.1%
  • Veröffentlicht 23.12.2025 21:15:47
  • Zuletzt bearbeitet 15.01.2026 16:49:35

Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is requir...

7.8

CVE-2025-14926

  • EPSS 0.1%
  • Veröffentlicht 23.12.2025 21:15:47
  • Zuletzt bearbeitet 15.01.2026 16:49:21

Hugging Face Transformers SEW convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required...

7.8

CVE-2025-14924

  • EPSS 0.28%
  • Veröffentlicht 23.12.2025 21:15:47
  • Zuletzt bearbeitet 15.01.2026 16:47:43

Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interacti...

7.8

CVE-2025-14921

  • EPSS 0.28%
  • Veröffentlicht 23.12.2025 21:15:47
  • Zuletzt bearbeitet 21.01.2026 16:44:06

Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User in...

7.8

CVE-2025-14920

  • EPSS 0.28%
  • Veröffentlicht 23.12.2025 21:15:47
  • Zuletzt bearbeitet 21.01.2026 16:45:40

Hugging Face Transformers Perceiver Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interac...

7.5

CVE-2025-6921

Exploit
  • EPSS 0.03%
  • Veröffentlicht 23.09.2025 14:15:41
  • Zuletzt bearbeitet 10.10.2025 21:31:30

The huggingface/transformers library, versions prior to 4.53.0, is vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer. The vulnerability arises from the _do_use_weight_decay method, which processes user-contro...

5.3

CVE-2025-6051

Exploit
  • EPSS 0.03%
  • Veröffentlicht 14.09.2025 17:03:02
  • Zuletzt bearbeitet 21.10.2025 14:16:24

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the `normalize_numbers()` method of the `EnglishNormalizer` class. This vulnerability affects versions up to 4.5...