Home/Product/huggingface transformers
Product

huggingface transformers

30 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-5241
all versions
A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model
9.6CRITICAL
 CVE-2026-4372
< 5.3.0
A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3
7.8HIGH
 CVE-2026-1839
< 5.0.0
A vulnerability in the HuggingFace Transformers library, specifically in the Trainer class, allows for arbitrary code execution.
7.8HIGH
 CVE-2025-14930
all versions
Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows re
7.8HIGH
 CVE-2025-14929
all versions
Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability. This
7.8HIGH
 CVE-2025-14928
all versions
Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remo
7.8HIGH
 CVE-2025-14927
all versions
Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remot
7.8HIGH
 CVE-2025-14926
all versions
Hugging Face Transformers SEW convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote
7.8HIGH
 CVE-2025-14924
all versions
Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability
7.8HIGH
 CVE-2025-14921
all versions
Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnera
7.8HIGH
 CVE-2025-14920
all versions
Hugging Face Transformers Perceiver Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerabilit
7.8HIGH
 CVE-2025-6921
< 4.53.0
The huggingface/transformers library, versions prior to 4.53.0, is vulnerable to Regular Expression Denial of Service (ReDoS) in t
7.5HIGH
 CVE-2025-6051
all versions
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically
5.3MEDIUM
 CVE-2025-6638
all versions
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically
7.5HIGH
 CVE-2025-5197
< 4.53.0
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the Hugging Face Transformers library, specifically in the
5.3MEDIUM
 CVE-2025-3933
< 4.52.1
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically
5.3MEDIUM
 CVE-2025-3777
< 4.52.1
Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the image_utils.py
3.5LOW
 CVE-2025-3264
>= 4.49.0 and < 4.51.0
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically
5.3MEDIUM
 CVE-2025-3263
>= 4.49.0 and < 4.51.0
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically
5.3MEDIUM
 CVE-2025-3262
< 4.51.0
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the huggingface/transformers repository, specifical
7.5HIGH
 CVE-2025-2099
<= 4.48.3
A vulnerability in the preprocess_string() function of the transformers.testing_utils module in huggingface/transformers versi
7.5HIGH
 CVE-2025-1194
< 4.50.0
A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically
6.5MEDIUM
 CVE-2024-12720
< 4.48.0
A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically
7.5HIGH
 CVE-2024-11394
< 4.48.0
Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability all
8.8HIGH
 CVE-2024-11393
< 4.48.0
Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerabili
8.8HIGH
 CVE-2024-11392
< 4.48.0
Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability al
8.8HIGH
 CVE-2024-3568
< 4.38.0
The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within th
9.6CRITICAL
 CVE-2023-7018
< 4.36.0
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.
7.8HIGH
 CVE-2023-6730
< 4.36.0
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.
8.8HIGH
 CVE-2023-2800
< 4.30.0
Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0.
4.7MEDIUM
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh