Transformers — Vulnerabilities & Security Advisories 11

All 11 CVE vulnerabilities found in Transformers, with AI-generated Chinese analysis, references, and POCs.

Vendor: Hugging Face

CVE ID	Title	CVSS	Severity	Published
CVE-2025-14930	Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Execution Vulnerability CWE-502	7.8^AI	High^AI	2025-12-23
CVE-2025-14928	Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execution Vulnerability CWE-94	8.8^AI	High^AI	2025-12-23
CVE-2025-14924	Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability CWE-502	7.8^AI	High^AI	2025-12-23
CVE-2025-14920	Hugging Face Transformers Perceiver Model Deserialization of Untrusted Data Remote Code Execution Vulnerability CWE-502	7.8^AI	High^AI	2025-12-23
CVE-2025-14926	Hugging Face Transformers SEW convert_config Code Injection Remote Code Execution Vulnerability CWE-94	8.8^AI	High^AI	2025-12-23
CVE-2025-14927	Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execution Vulnerability CWE-94	8.8^AI	High^AI	2025-12-23
CVE-2025-14921	Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Execution Vulnerability CWE-502	7.8^AI	High^AI	2025-12-23
CVE-2025-14929	Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability CWE-502	8.8^AI	High^AI	2025-12-23
CVE-2024-11394	Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability CWE-502	7.8	-	2024-11-22
CVE-2024-11393	Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability CWE-502	7.8	-	2024-11-22
CVE-2024-11392	Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability CWE-502	7.8	-	2024-11-22

All 11 known CVE vulnerabilities affecting Transformers with full Chinese analysis, references, and POCs where available.