Huggingface

Transformers

30 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-2099

Exploit
  • EPSS 0.51%
  • Veröffentlicht 19.05.2025 11:22:36
  • Zuletzt bearbeitet 21.05.2025 17:43:15

A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils` module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service (ReDoS) attack. The regular expression used to process code...

6.5

CVE-2025-1194

Medienbericht Exploit
  • EPSS 0.39%
  • Veröffentlicht 29.04.2025 11:30:38
  • Zuletzt bearbeitet 01.08.2025 21:56:15

A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file `tokenization_gpt_neox_japanese.py` of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJ...

7.5

CVE-2024-12720

  • EPSS 0.69%
  • Veröffentlicht 20.03.2025 10:11:15
  • Zuletzt bearbeitet 01.08.2025 21:11:26

A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file tokenization_nougat_fast.py. The vulnerability occurs in the post_process_single() function, where a regular...

8.8

CVE-2024-11394

  • EPSS 2.44%
  • Veröffentlicht 22.11.2024 22:15:07
  • Zuletzt bearbeitet 10.02.2025 22:16:16

Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction ...

8.8

CVE-2024-11393

  • EPSS 2.92%
  • Veröffentlicht 22.11.2024 22:15:07
  • Zuletzt bearbeitet 10.02.2025 22:18:52

Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User intera...

8.8

CVE-2024-11392

  • EPSS 6.9%
  • Veröffentlicht 22.11.2024 22:15:06
  • Zuletzt bearbeitet 10.02.2025 22:18:55

Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction...

9.6

CVE-2024-3568

Exploit
  • EPSS 2.07%
  • Veröffentlicht 10.04.2024 17:15:58
  • Zuletzt bearbeitet 10.10.2025 17:55:38

The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()` class. Attackers can execute arbitrary code and command...

7.8

CVE-2023-7018

Exploit
  • EPSS 0.73%
  • Veröffentlicht 20.12.2023 17:15:08
  • Zuletzt bearbeitet 21.11.2024 08:45:03

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.

8.8

CVE-2023-6730

Exploit
  • EPSS 0.92%
  • Veröffentlicht 19.12.2023 13:15:43
  • Zuletzt bearbeitet 21.11.2024 08:44:26

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.

4.7

CVE-2023-2800

Exploit
  • EPSS 0.28%
  • Veröffentlicht 18.05.2023 17:15:08
  • Zuletzt bearbeitet 21.11.2024 07:59:18

Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0.