Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

huggingface — Vulnerabilities & Security Advisories 24

Browse all 24 CVE security advisories affecting huggingface. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by huggingface:huggingface/transformershuggingface/text-generation-inferencehuggingface/smolagentssmolagentsLeRobot
CVE IDTitleCVSSSeverityPublished
CVE-2026-1839 Arbitrary Code Execution via Unsafe torch.load() in Trainer Checkpoint Loading in huggingface/transformers — huggingface/transformersCWE-502 9.8AICriticalAI2026-04-07
CVE-2026-4963 huggingface smolagents Incomplete Fix CVE-2025-9959 local_python_executor.py evaluate_with code injection — smolagentsCWE-94 6.3 Medium2026-03-27
CVE-2026-2654 huggingface smolagents LocalPythonExecutor requests.post server-side request forgery — smolagentsCWE-918 6.3 Medium2026-02-18
CVE-2026-0599 Unbounded External Image Fetch in Validation Leads to Resource-Exhaustion DoS in huggingface/text-generation-inference — huggingface/text-generation-inferenceCWE-400 7.5AIHighAI2026-02-02
CVE-2025-11844 XPath Injection in Hugging Face Smolagents search_item_ctrl_f Function — huggingface/smolagentsCWE-643 9.1AICriticalAI2025-10-22
CVE-2025-6921 Regular Expression Denial of Service (ReDoS) in huggingface/transformers — huggingface/transformersCWE-400 7.5 -2025-09-23
CVE-2025-10772 huggingface LeRobot ZeroMQ Socket lekiwi_remote.py missing authentication — LeRobotCWE-306 6.3 Medium2025-09-21
CVE-2025-6051 Regular Expression Denial of Service (ReDoS) in huggingface/transformers — huggingface/transformersCWE-1333 7.5 -2025-09-14
CVE-2025-6638 Regular Expression Denial of Service (ReDoS) in huggingface/transformers — huggingface/transformersCWE-1333 7.5 -2025-09-12
CVE-2025-5197 Regular Expression Denial of Service (ReDoS) in huggingface/transformers — huggingface/transformersCWE-1333 7.5 -2025-08-06
CVE-2025-5120 Sandbox Escape Vulnerability in huggingface/smolagents — huggingface/smolagentsCWE-94 10.0 -2025-07-27
CVE-2025-3933 Regular Expression Denial of Service (ReDoS) in huggingface/transformers — huggingface/transformersCWE-1333 7.5AIHighAI2025-07-11
CVE-2025-3777 Improper Input Validation in huggingface/transformers — huggingface/transformersCWE-20 9.1 -2025-07-07
CVE-2025-3264 Regular Expression Denial of Service (ReDoS) in huggingface/transformers — huggingface/transformersCWE-1333 7.5 -2025-07-07
CVE-2025-3263 Regular Expression Denial of Service (ReDoS) in huggingface/transformers — huggingface/transformersCWE-1333 7.5 -2025-07-07
CVE-2025-3262 Regular Expression Denial of Service (ReDoS) in huggingface/transformers — huggingface/transformersCWE-1333 7.5 -2025-07-07
CVE-2025-2099 Regular Expression Denial of Service (ReDoS) in huggingface/transformers — huggingface/transformersCWE-1333 7.5 -2025-05-19
CVE-2025-1194 Regular Expression Denial of Service (ReDoS) in huggingface/transformers — huggingface/transformersCWE-1333 7.5AIHighAI2025-04-29
CVE-2024-12720 Regular Expression Denial of Service (ReDoS) in huggingface/transformers — huggingface/transformersCWE-1333 7.5 -2025-03-20
CVE-2024-3924 Code Injection in huggingface/text-generation-inference — huggingface/text-generation-inferenceCWE-94 8.8AIHighAI2024-05-30
CVE-2024-3568 Arbitrary Code Execution via Deserialization in huggingface/transformers — huggingface/transformersCWE-502 8.8AIHighAI2024-04-10
CVE-2023-7018 Deserialization of Untrusted Data in huggingface/transformers — huggingface/transformersCWE-502 9.8 -2023-12-20
CVE-2023-6730 Deserialization of Untrusted Data in huggingface/transformers — huggingface/transformersCWE-502 9.8 -2023-12-19
CVE-2023-2800 Insecure Temporary File in huggingface/transformers — huggingface/transformersCWE-377--2023-05-18

This page lists every published CVE security advisory associated with huggingface. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.