Huggingface Transformers vulnerabilities
19 known vulnerabilities affecting huggingface/huggingface_transformers.
Total CVEs
19
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH9MEDIUM7LOW1
Vulnerabilities
Page 1 of 1
CVE-2026-5241P2CRITICALCVSS 9.6≥ unspecified, < 5.5.02026-06-03
CVE-2026-5241 [CRITICAL] CWE-829 CVE-2026-5241: A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows
A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the `trust_remote_code` parameter, intended to prevent remote code execution, is overridden by untrusted serialized configuration
nvd
CVE-2024-3568P2CRITICALCVSS 9.6≥ unspecified, < 4.382024-04-10
CVE-2024-3568 [CRITICAL] CWE-502 CVE-2024-3568: The huggingface/transformers library is vulnerable to arbitrary code execution through deserializati
The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()` class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting the use of `pickle.load()` on data from pote
nvd
CVE-2023-6730P3HIGHCVSS 8.8≥ unspecified, < 4.362023-12-19
CVE-2023-6730 [HIGH] CWE-502 CVE-2023-6730: Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.
nvd
CVE-2026-4372P3HIGHCVSS 7.8≥ unspecified, < 5.3.02026-05-24
CVE-2026-4372 [HIGH] CWE-1066 CVE-2026-4372: A critical remote code execution vulnerability exists in all versions of the HuggingFace transformer
A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3.0. The vulnerability allows an attacker to craft a malicious `config.json` file containing the `_attn_implementation_internal` field set to an attacker-controlled HuggingFace Hub repository ID. When a victim loads this mode
cvelistv5nvd
CVE-2026-1839P3HIGHCVSS 7.8≥ unspecified, < v5.0.0rc32026-04-07
CVE-2026-1839 [HIGH] CWE-502 CVE-2026-1839: A vulnerability in the HuggingFace Transformers library, specifically in the `Trainer` class, allows
A vulnerability in the HuggingFace Transformers library, specifically in the `Trainer` class, allows for arbitrary code execution. The `_load_rng_state()` method in `src/transformers/trainer.py` at line 3059 calls `torch.load()` without the `weights_only=True` parameter. This issue affects all versions of the library supporting `torch>=2.2` when used wi
nvd
CVE-2025-6921P3HIGHCVSS 7.5≥ unspecified, < 4.53.02025-09-23
CVE-2025-6921 [HIGH] CWE-400 CVE-2025-6921: The huggingface/transformers library, versions prior to 4.53.0, is vulnerable to Regular Expression
The huggingface/transformers library, versions prior to 4.53.0, is vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer. The vulnerability arises from the _do_use_weight_decay method, which processes user-controlled regular expressions in the include_in_weight_decay and exclude_from_weight_decay lists. Malicious reg
nvd
CVE-2024-12720P3HIGHCVSS 7.5≥ unspecified, < 4.48.02025-03-20
CVE-2024-12720 [HIGH] CWE-1333 CVE-2024-12720: A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/trans
A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file tokenization_nougat_fast.py. The vulnerability occurs in the post_process_single() function, where a regular expression processes specially crafted input. The issue stems from the regex exhibiting exponential t
nvd
CVE-2025-2099P3HIGHCVSS 7.5≥ unspecified, < 4.50.02025-05-19
CVE-2025-2099 [HIGH] CWE-1333 CVE-2025-2099: A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils` module in
A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils` module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service (ReDoS) attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leading to exponential backtracking when processing in
nvd
CVE-2025-6638P3HIGHCVSS 7.5≥ unspecified, < 4.53.02025-09-12
CVE-2025-6638 [HIGH] CWE-1333 CVE-2025-6638: A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Tran
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically affecting the MarianTokenizer's `remove_language_code()` method. This vulnerability is present in version 4.52.4 and has been fixed in version 4.53.0. The issue arises from inefficient regex processing, which can be exploit
nvd
CVE-2025-3262P3HIGHCVSS 7.5≥ unspecified, < 4.51.02025-07-07
CVE-2025-3262 [HIGH] CWE-1333 CVE-2025-3262: A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the huggingface/trans
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular expression complexity in the `SETTING_RE` variable within the `transformers/commands/chat.py` file. The regex contains repetition groups and non-optimized
nvd
CVE-2023-7018P3HIGHCVSS 7.8≥ unspecified, < 4.362023-12-20
CVE-2023-7018 [HIGH] CWE-502 CVE-2023-7018: Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.
nvd
CVE-2025-1194P4MEDIUMCVSS 6.5≥ unspecified, < 4.50.02025-04-29
CVE-2025-1194 [MEDIUM] CWE-1333 CVE-2025-1194: A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/trans
A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file `tokenization_gpt_neox_japanese.py` of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where regular expressions process specially crafted inputs. The issue stems fr
nvd
CVE-2025-6051P4MEDIUMCVSS 5.3≥ unspecified, < 4.53.02025-09-14
CVE-2025-6051 [MEDIUM] CWE-1333 CVE-2025-6051: A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Tran
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the `normalize_numbers()` method of the `EnglishNormalizer` class. This vulnerability affects versions up to 4.52.4 and is fixed in version 4.53.0. The issue arises from the method's handling of numeric strings, wh
nvd
CVE-2025-5197P4MEDIUMCVSS 5.3≥ unspecified, < 4.53.02025-08-06
CVE-2025-5197 [MEDIUM] CWE-1333 CVE-2025-5197: A Regular Expression Denial of Service (ReDoS) vulnerability exists in the Hugging Face Transformers
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the Hugging Face Transformers library, specifically in the `convert_tf_weight_name_to_pt_weight_name()` function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern `/[^/]*___([^/]*)/` that can be exploited to cause excessive
nvd
CVE-2025-3933P4MEDIUMCVSS 5.3≥ unspecified, < 4.52.12025-07-11
CVE-2025-3933 [MEDIUM] CWE-1333 CVE-2025-3933: A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Tran
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's `token2json()` method. This vulnerability affects versions 4.50.3 and earlier, and is fixed in version 4.52.1. The issue arises from the regex pattern `` which can be exploited to cause e
nvd
CVE-2025-3263P4MEDIUMCVSS 5.3≥ unspecified, < 4.51.02025-07-07
CVE-2025-3263 [MEDIUM] CWE-1333 CVE-2025-3263: A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Tran
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the `get_configuration_file()` function within the `transformers.configuration_utils` module. The affected version is 4.49.0, and the issue is resolved in version 4.51.0. The vulnerability arises from the use of a regu
nvd
CVE-2025-3264P4MEDIUMCVSS 5.3≥ unspecified, < 4.51.02025-07-07
CVE-2025-3264 [MEDIUM] CWE-1333 CVE-2025-3264: A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Tran
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the `get_imports()` function within `dynamic_module_utils.py`. This vulnerability affects versions 4.49.0 and is fixed in version 4.51.0. The issue arises from a regular expression pattern `\s*try\s*:.*?except.*?:` use
nvd
CVE-2023-2800P4MEDIUMCVSS 4.7≥ unspecified, < 4.30.02023-05-18
CVE-2023-2800 [MEDIUM] CWE-377 CVE-2023-2800: Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0.
Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0.
nvd
CVE-2025-3777P4LOWCVSS 3.5≥ unspecified, < 4.52.12025-07-07
CVE-2025-3777 [LOW] CWE-20 CVE-2025-3777: Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnera
Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the `image_utils.py` file. The vulnerability arises from insecure URL validation using the `startswith()` method, which can be bypassed through URL username injection. This allows attackers to craft URLs that appear to be from YouTube but resolve
nvd