cbcvebase.

Hugging Face Transformers vulnerabilities

11 known vulnerabilities affecting hugging_face/transformers.

Total CVEs
11
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH11

Vulnerabilities

Page 1 of 1
CVE-2024-11392P2HIGHCVSS 8.8PoCv940fde8dafaecb8f17b588c5078291f1c1a420c82024-11-22
CVE-2024-11392 [HIGH] CWE-502 CVE-2024-11392: Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulner Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mal
nvd
CVE-2024-11393P3HIGHCVSS 8.8v8820fe8b8c4b9da94cf1e4761876f85c562e0efe2024-11-22
CVE-2024-11393 [HIGH] CWE-502 CVE-2024-11393: Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution V Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open
nvd
CVE-2024-11394P3HIGHCVSS 8.8v026a173a64372e9602a16523b8fae9de4b0ff4282024-11-22
CVE-2024-11394 [HIGH] CWE-502 CVE-2024-11394: Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnera Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mali
nvd
CVE-2025-14928P3HIGHCVSS 7.8v4.57.02025-12-23
CVE-2025-14928 [HIGH] CWE-94 CVE-2025-14928: Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execution Vulnerability. Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must convert a malicious checkpoint. The specific f
nvd
CVE-2025-14927P3HIGHCVSS 7.8v4.57.02025-12-23
CVE-2025-14927 [HIGH] CWE-94 CVE-2025-14927: Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execution Vulnerability. T Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must convert a malicious checkpoint. The specific f
nvd
CVE-2025-14926P3HIGHCVSS 7.8v4.57.02025-12-23
CVE-2025-14926 [HIGH] CWE-94 CVE-2025-14926: Hugging Face Transformers SEW convert_config Code Injection Remote Code Execution Vulnerability. Thi Hugging Face Transformers SEW convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must convert a malicious checkpoint. The specific fla
nvd
CVE-2025-14929P3HIGHCVSS 7.8vd1c6310d6a02481d48d81607cba7840be04580d12025-12-23
CVE-2025-14929 [HIGH] CWE-502 CVE-2025-14929: Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious p
nvd
CVE-2025-14930P3HIGHCVSS 7.8v4.57.12025-12-23
CVE-2025-14930 [HIGH] CWE-502 CVE-2025-14930: Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Execution Vulnerability Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious
nvd
CVE-2025-14924P3HIGHCVSS 7.8v95faabf0a6cd845f4c5548697e288a79e424b0962025-12-23
CVE-2025-14924 [HIGH] CWE-502 CVE-2025-14924: Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted Data Remote Code Execution Vuln Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a m
nvd
CVE-2025-14920P3HIGHCVSS 7.8v9c8bd3fc1befe54f3efb9f385561eef49f060a702025-12-23
CVE-2025-14920 [HIGH] CWE-502 CVE-2025-14920: Hugging Face Transformers Perceiver Model Deserialization of Untrusted Data Remote Code Execution Vu Hugging Face Transformers Perceiver Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a
nvd
CVE-2025-14921P3HIGHCVSS 7.8v9c8bd3fc1befe54f3efb9f385561eef49f060a702025-12-23
CVE-2025-14921 [HIGH] CWE-502 CVE-2025-14921: Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Executi Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o
nvd
Hugging Face Transformers vulnerabilities | cvebase