Huggingface Transformers vulnerabilities
30 known vulnerabilities affecting huggingface/transformers.
Total CVEs
30
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH20MEDIUM7LOW1
Vulnerabilities
Page 1 of 2
CVE-2024-11392P2HIGHCVSS 8.8PoCfixed in 4.48.02024-11-22
CVE-2024-11392 [HIGH] CWE-502 CVE-2024-11392: Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulner
Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mal
ghsanvdosv
CVE-2026-5241P2CRITICALCVSS 9.6v5.2.02026-06-03
CVE-2026-5241 [CRITICAL] CWE-829 CVE-2026-5241: A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows
A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the `trust_remote_code` parameter, intended to prevent remote code execution, is overridden by untrusted serialized configuration
nvd
CVE-2024-3568P2CRITICALCVSS 9.6fixed in 4.38.02024-04-10
CVE-2024-3568 [CRITICAL] CWE-502 CVE-2024-3568: The huggingface/transformers library is vulnerable to arbitrary code execution through deserializati
The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()` class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting the use of `pickle.load()` on data from pote
ghsanvdosv
CVE-2024-11393P3HIGHCVSS 8.8fixed in 4.48.02024-11-22
CVE-2024-11393 [HIGH] CWE-502 CVE-2024-11393: Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution V
Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open
ghsanvdosv
CVE-2024-11394P3HIGHCVSS 8.8fixed in 4.48.02024-11-22
CVE-2024-11394 [HIGH] CWE-502 CVE-2024-11394: Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnera
Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mali
ghsanvdosv
CVE-2023-6730P3HIGHCVSS 8.8fixed in 4.36.02023-12-19
CVE-2023-6730 [HIGH] CWE-502 CVE-2023-6730: Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.
ghsanvdosv
CVE-2025-14928P3HIGHCVSS 7.8v4.57.02025-12-23
CVE-2025-14928 [HIGH] CWE-94 CVE-2025-14928: Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execution Vulnerability.
Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must convert a malicious checkpoint.
The specific f
nvd
CVE-2025-14927P3HIGHCVSS 7.8v4.57.02025-12-23
CVE-2025-14927 [HIGH] CWE-94 CVE-2025-14927: Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execution Vulnerability. T
Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must convert a malicious checkpoint.
The specific f
nvd
CVE-2025-14926P3HIGHCVSS 7.8v4.57.02025-12-23
CVE-2025-14926 [HIGH] CWE-94 CVE-2025-14926: Hugging Face Transformers SEW convert_config Code Injection Remote Code Execution Vulnerability. Thi
Hugging Face Transformers SEW convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must convert a malicious checkpoint.
The specific fla
nvd
CVE-2025-14929P3HIGHCVSS 7.8v5.0.02025-12-23
CVE-2025-14929 [HIGH] CWE-502 CVE-2025-14929: Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code
Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious p
nvd
CVE-2025-14930P3HIGHCVSS 7.8v4.57.12025-12-23
CVE-2025-14930 [HIGH] CWE-502 CVE-2025-14930: Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Execution Vulnerability
Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious
nvd
CVE-2025-14924P3HIGHCVSS 7.8v4.55.02025-12-23
CVE-2025-14924 [HIGH] CWE-502 CVE-2025-14924: Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted Data Remote Code Execution Vuln
Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a m
nvd
CVE-2026-4372P3HIGHCVSS 7.8fixed in 5.3.02026-05-24
CVE-2026-4372 [HIGH] CWE-1066 CVE-2026-4372: A critical remote code execution vulnerability exists in all versions of the HuggingFace transformer
A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3.0. The vulnerability allows an attacker to craft a malicious `config.json` file containing the `_attn_implementation_internal` field set to an attacker-controlled HuggingFace Hub repository ID. When a victim loads this mode
nvd
CVE-2025-14920P3HIGHCVSS 7.8v4.54.12025-12-23
CVE-2025-14920 [HIGH] CWE-502 CVE-2025-14920: Hugging Face Transformers Perceiver Model Deserialization of Untrusted Data Remote Code Execution Vu
Hugging Face Transformers Perceiver Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a
nvd
CVE-2025-14921P3HIGHCVSS 7.8v4.54.12025-12-23
CVE-2025-14921 [HIGH] CWE-502 CVE-2025-14921: Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Executi
Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o
nvd
CVE-2026-1839P3HIGHCVSS 7.8fixed in 5.0.0v5.0.02026-04-07
CVE-2026-1839 [HIGH] CWE-502 CVE-2026-1839: A vulnerability in the HuggingFace Transformers library, specifically in the `Trainer` class, allows
A vulnerability in the HuggingFace Transformers library, specifically in the `Trainer` class, allows for arbitrary code execution. The `_load_rng_state()` method in `src/transformers/trainer.py` at line 3059 calls `torch.load()` without the `weights_only=True` parameter. This issue affects all versions of the library supporting `torch>=2.2` when used wi
ghsanvdosv
CVE-2025-6921P3HIGHCVSS 7.5fixed in 4.53.02025-09-23
CVE-2025-6921 [HIGH] CWE-400 CVE-2025-6921: The huggingface/transformers library, versions prior to 4.53.0, is vulnerable to Regular Expression
The huggingface/transformers library, versions prior to 4.53.0, is vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer. The vulnerability arises from the _do_use_weight_decay method, which processes user-controlled regular expressions in the include_in_weight_decay and exclude_from_weight_decay lists. Malicious reg
ghsanvdosv
CVE-2024-12720P3HIGHCVSS 7.5fixed in 4.48.02025-03-20
CVE-2024-12720 [HIGH] CWE-1333 CVE-2024-12720: A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/trans
A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file tokenization_nougat_fast.py. The vulnerability occurs in the post_process_single() function, where a regular expression processes specially crafted input. The issue stems from the regex exhibiting exponential t
ghsanvdosv
CVE-2025-2099P3HIGHCVSS 7.5≤ 4.48.32025-05-19
CVE-2025-2099 [HIGH] CWE-1333 CVE-2025-2099: A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils` module in
A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils` module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service (ReDoS) attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leading to exponential backtracking when processing in
ghsanvdosv
CVE-2025-6638P3HIGHCVSS 7.5v4.52.42025-09-12
CVE-2025-6638 [HIGH] CWE-1333 CVE-2025-6638: A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Tran
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically affecting the MarianTokenizer's `remove_language_code()` method. This vulnerability is present in version 4.52.4 and has been fixed in version 4.53.0. The issue arises from inefficient regex processing, which can be exploit
ghsanvdosv
1 / 2Next →