Hugging Face Transformers vulnerabilities
11 known vulnerabilities affecting hugging_face/transformers.
Total CVEs
11
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH11
Vulnerabilities
Page 1 of 1
CVE-2024-11392P2HIGHCVSS 8.8PoCv940fde8dafaecb8f17b588c5078291f1c1a420c82024-11-22
CVE-2024-11392 [HIGH] CWE-502 CVE-2024-11392: Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulner
Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mal
nvd
CVE-2024-11393P3HIGHCVSS 8.8v8820fe8b8c4b9da94cf1e4761876f85c562e0efe2024-11-22
CVE-2024-11393 [HIGH] CWE-502 CVE-2024-11393: Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution V
Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open
nvd
CVE-2024-11394P3HIGHCVSS 8.8v026a173a64372e9602a16523b8fae9de4b0ff4282024-11-22
CVE-2024-11394 [HIGH] CWE-502 CVE-2024-11394: Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnera
Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mali
nvd
CVE-2025-14928P3HIGHCVSS 7.8v4.57.02025-12-23
CVE-2025-14928 [HIGH] CWE-94 CVE-2025-14928: Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execution Vulnerability.
Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must convert a malicious checkpoint.
The specific f
nvd
CVE-2025-14927P3HIGHCVSS 7.8v4.57.02025-12-23
CVE-2025-14927 [HIGH] CWE-94 CVE-2025-14927: Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execution Vulnerability. T
Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must convert a malicious checkpoint.
The specific f
nvd
CVE-2025-14926P3HIGHCVSS 7.8v4.57.02025-12-23
CVE-2025-14926 [HIGH] CWE-94 CVE-2025-14926: Hugging Face Transformers SEW convert_config Code Injection Remote Code Execution Vulnerability. Thi
Hugging Face Transformers SEW convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must convert a malicious checkpoint.
The specific fla
nvd
CVE-2025-14929P3HIGHCVSS 7.8vd1c6310d6a02481d48d81607cba7840be04580d12025-12-23
CVE-2025-14929 [HIGH] CWE-502 CVE-2025-14929: Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code
Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious p
nvd
CVE-2025-14930P3HIGHCVSS 7.8v4.57.12025-12-23
CVE-2025-14930 [HIGH] CWE-502 CVE-2025-14930: Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Execution Vulnerability
Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious
nvd
CVE-2025-14924P3HIGHCVSS 7.8v95faabf0a6cd845f4c5548697e288a79e424b0962025-12-23
CVE-2025-14924 [HIGH] CWE-502 CVE-2025-14924: Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted Data Remote Code Execution Vuln
Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a m
nvd
CVE-2025-14920P3HIGHCVSS 7.8v9c8bd3fc1befe54f3efb9f385561eef49f060a702025-12-23
CVE-2025-14920 [HIGH] CWE-502 CVE-2025-14920: Hugging Face Transformers Perceiver Model Deserialization of Untrusted Data Remote Code Execution Vu
Hugging Face Transformers Perceiver Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a
nvd
CVE-2025-14921P3HIGHCVSS 7.8v9c8bd3fc1befe54f3efb9f385561eef49f060a702025-12-23
CVE-2025-14921 [HIGH] CWE-502 CVE-2025-14921: Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Executi
Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o
nvd