Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

huggingface/transformers — Vulnerabilities & Security Advisories 17

All 17 CVE vulnerabilities found in huggingface/transformers, with AI-generated Chinese analysis, references, and POCs.

Vendor: huggingface

CVE IDTitleCVSSSeverityPublished
CVE-2026-1839 Arbitrary Code Execution via Unsafe torch.load() in Trainer Checkpoint Loading in huggingface/transformers CWE-502 9.8AICriticalAI2026-04-07
CVE-2025-6921 Regular Expression Denial of Service (ReDoS) in huggingface/transformers CWE-400 7.5 -2025-09-23
CVE-2025-6051 Regular Expression Denial of Service (ReDoS) in huggingface/transformers CWE-1333 7.5 -2025-09-14
CVE-2025-6638 Regular Expression Denial of Service (ReDoS) in huggingface/transformers CWE-1333 7.5 -2025-09-12
CVE-2025-5197 Regular Expression Denial of Service (ReDoS) in huggingface/transformers CWE-1333 7.5 -2025-08-06
CVE-2025-3933 Regular Expression Denial of Service (ReDoS) in huggingface/transformers CWE-1333 7.5AIHighAI2025-07-11
CVE-2025-3777 Improper Input Validation in huggingface/transformers CWE-20 9.1 -2025-07-07
CVE-2025-3264 Regular Expression Denial of Service (ReDoS) in huggingface/transformers CWE-1333 7.5 -2025-07-07
CVE-2025-3263 Regular Expression Denial of Service (ReDoS) in huggingface/transformers CWE-1333 7.5 -2025-07-07
CVE-2025-3262 Regular Expression Denial of Service (ReDoS) in huggingface/transformers CWE-1333 7.5 -2025-07-07
CVE-2025-2099 Regular Expression Denial of Service (ReDoS) in huggingface/transformers CWE-1333 7.5 -2025-05-19
CVE-2025-1194 Regular Expression Denial of Service (ReDoS) in huggingface/transformers CWE-1333 7.5AIHighAI2025-04-29
CVE-2024-12720 Regular Expression Denial of Service (ReDoS) in huggingface/transformers CWE-1333 7.5 -2025-03-20
CVE-2024-3568 Arbitrary Code Execution via Deserialization in huggingface/transformers CWE-502 8.8AIHighAI2024-04-10
CVE-2023-7018 Deserialization of Untrusted Data in huggingface/transformers CWE-502 9.8 -2023-12-20
CVE-2023-6730 Deserialization of Untrusted Data in huggingface/transformers CWE-502 9.8 -2023-12-19
CVE-2023-2800 Insecure Temporary File in huggingface/transformers CWE-377--2023-05-18

All 17 known CVE vulnerabilities affecting huggingface/transformers with full Chinese analysis, references, and POCs where available.