Huggingface

Transformers

27 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-6638

Exploit
  • EPSS 0.03%
  • Veröffentlicht 12.09.2025 10:46:07
  • Zuletzt bearbeitet 21.10.2025 13:33:08

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically affecting the MarianTokenizer's `remove_language_code()` method. This vulnerability is present in version 4.52.4 and ha...

5.3

CVE-2025-5197

Exploit
  • EPSS 0.04%
  • Veröffentlicht 06.08.2025 11:53:37
  • Zuletzt bearbeitet 21.10.2025 16:46:13

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the Hugging Face Transformers library, specifically in the `convert_tf_weight_name_to_pt_weight_name()` function. This function, responsible for converting TensorFlow weight names...

5.3

CVE-2025-3933

Exploit
  • EPSS 0.03%
  • Veröffentlicht 11.07.2025 09:22:27
  • Zuletzt bearbeitet 07.08.2025 01:01:46

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's `token2json()` method. This vulnerability affects versions 4.50.3 and earlier, and is...

3.5

CVE-2025-3777

Exploit
  • EPSS 0.02%
  • Veröffentlicht 07.07.2025 09:55:38
  • Zuletzt bearbeitet 07.08.2025 00:54:16

Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the `image_utils.py` file. The vulnerability arises from insecure URL validation using the `startswith()` method, which can be bypassed thro...

5.3

CVE-2025-3264

Exploit
  • EPSS 0.04%
  • Veröffentlicht 07.07.2025 09:55:11
  • Zuletzt bearbeitet 07.08.2025 01:02:30

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the `get_imports()` function within `dynamic_module_utils.py`. This vulnerability affects versions 4.49.0 and is fix...

5.3

CVE-2025-3263

Exploit
  • EPSS 0.04%
  • Veröffentlicht 07.07.2025 09:54:59
  • Zuletzt bearbeitet 07.08.2025 01:03:17

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the `get_configuration_file()` function within the `transformers.configuration_utils` module. The affected version i...

7.5

CVE-2025-3262

Exploit
  • EPSS 0.11%
  • Veröffentlicht 07.07.2025 09:54:39
  • Zuletzt bearbeitet 02.08.2025 01:20:02

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular expression complexity in the `SETTING_RE` variable...

7.5

CVE-2025-2099

Exploit
  • EPSS 0.03%
  • Veröffentlicht 19.05.2025 11:22:36
  • Zuletzt bearbeitet 21.05.2025 17:43:15

A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils` module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service (ReDoS) attack. The regular expression used to process code...

6.5

CVE-2025-1194

Medienbericht Exploit
  • EPSS 0.08%
  • Veröffentlicht 29.04.2025 11:30:38
  • Zuletzt bearbeitet 01.08.2025 21:56:15

A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file `tokenization_gpt_neox_japanese.py` of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJ...

7.5

CVE-2024-12720

  • EPSS 0.14%
  • Veröffentlicht 20.03.2025 10:11:15
  • Zuletzt bearbeitet 01.08.2025 21:11:26

A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file tokenization_nougat_fast.py. The vulnerability occurs in the post_process_single() function, where a regular...