Huggingface

Transformers

30 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2025-14920

  • EPSS 0.26%
  • Veröffentlicht 23.12.2025 21:15:47
  • Zuletzt bearbeitet 21.01.2026 16:45:40

Hugging Face Transformers Perceiver Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interac...

7.5

CVE-2025-6921

Exploit
  • EPSS 0.47%
  • Veröffentlicht 23.09.2025 14:15:41
  • Zuletzt bearbeitet 10.10.2025 21:31:30

The huggingface/transformers library, versions prior to 4.53.0, is vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer. The vulnerability arises from the _do_use_weight_decay method, which processes user-contro...

5.3

CVE-2025-6051

Exploit
  • EPSS 0.35%
  • Veröffentlicht 14.09.2025 17:03:02
  • Zuletzt bearbeitet 21.10.2025 14:16:24

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the `normalize_numbers()` method of the `EnglishNormalizer` class. This vulnerability affects versions up to 4.5...

7.5

CVE-2025-6638

Exploit
  • EPSS 0.49%
  • Veröffentlicht 12.09.2025 10:46:07
  • Zuletzt bearbeitet 21.10.2025 13:33:08

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically affecting the MarianTokenizer's `remove_language_code()` method. This vulnerability is present in version 4.52.4 and ha...

5.3

CVE-2025-5197

Exploit
  • EPSS 0.36%
  • Veröffentlicht 06.08.2025 11:53:37
  • Zuletzt bearbeitet 21.10.2025 16:46:13

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the Hugging Face Transformers library, specifically in the `convert_tf_weight_name_to_pt_weight_name()` function. This function, responsible for converting TensorFlow weight names...

5.3

CVE-2025-3933

Exploit
  • EPSS 0.44%
  • Veröffentlicht 11.07.2025 09:22:27
  • Zuletzt bearbeitet 07.08.2025 01:01:46

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's `token2json()` method. This vulnerability affects versions 4.50.3 and earlier, and is...

3.5

CVE-2025-3777

Exploit
  • EPSS 0.33%
  • Veröffentlicht 07.07.2025 09:55:38
  • Zuletzt bearbeitet 07.08.2025 00:54:16

Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the `image_utils.py` file. The vulnerability arises from insecure URL validation using the `startswith()` method, which can be bypassed thro...

5.3

CVE-2025-3264

Exploit
  • EPSS 0.44%
  • Veröffentlicht 07.07.2025 09:55:11
  • Zuletzt bearbeitet 07.08.2025 01:02:30

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the `get_imports()` function within `dynamic_module_utils.py`. This vulnerability affects versions 4.49.0 and is fix...

5.3

CVE-2025-3263

Exploit
  • EPSS 0.44%
  • Veröffentlicht 07.07.2025 09:54:59
  • Zuletzt bearbeitet 07.08.2025 01:03:17

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the `get_configuration_file()` function within the `transformers.configuration_utils` module. The affected version i...

7.5

CVE-2025-3262

Exploit
  • EPSS 0.43%
  • Veröffentlicht 07.07.2025 09:54:39
  • Zuletzt bearbeitet 02.08.2025 01:20:02

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular expression complexity in the `SETTING_RE` variable...