CVE-2026-1839
- EPSS 0.02%
- Veröffentlicht 07.04.2026 05:22:00
- Zuletzt bearbeitet 07.04.2026 14:16:18
A vulnerability in the HuggingFace Transformers library, specifically in the `Trainer` class, allows for arbitrary code execution. The `_load_rng_state()` method in `src/transformers/trainer.py` at line 3059 calls `torch.load()` without the `weights_...
CVE-2025-14930
- EPSS 0.29%
- Veröffentlicht 23.12.2025 21:15:48
- Zuletzt bearbeitet 21.01.2026 21:01:36
Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is req...
CVE-2025-14929
- EPSS 0.16%
- Veröffentlicht 23.12.2025 21:15:48
- Zuletzt bearbeitet 21.01.2026 16:38:41
Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers....
CVE-2025-14928
- EPSS 0.1%
- Veröffentlicht 23.12.2025 21:15:48
- Zuletzt bearbeitet 21.01.2026 16:43:32
Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is requi...
CVE-2025-14927
- EPSS 0.1%
- Veröffentlicht 23.12.2025 21:15:47
- Zuletzt bearbeitet 15.01.2026 16:49:35
Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is requir...
CVE-2025-14926
- EPSS 0.1%
- Veröffentlicht 23.12.2025 21:15:47
- Zuletzt bearbeitet 15.01.2026 16:49:21
Hugging Face Transformers SEW convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required...
CVE-2025-14924
- EPSS 0.29%
- Veröffentlicht 23.12.2025 21:15:47
- Zuletzt bearbeitet 15.01.2026 16:47:43
Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interacti...
CVE-2025-14921
- EPSS 0.29%
- Veröffentlicht 23.12.2025 21:15:47
- Zuletzt bearbeitet 21.01.2026 16:44:06
Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User in...
CVE-2025-14920
- EPSS 0.29%
- Veröffentlicht 23.12.2025 21:15:47
- Zuletzt bearbeitet 21.01.2026 16:45:40
Hugging Face Transformers Perceiver Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interac...
CVE-2025-6921
- EPSS 0.03%
- Veröffentlicht 23.09.2025 14:15:41
- Zuletzt bearbeitet 10.10.2025 21:31:30
The huggingface/transformers library, versions prior to 4.53.0, is vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer. The vulnerability arises from the _do_use_weight_decay method, which processes user-contro...