VulnerableCode Package Details - pkg:pypi/transformers@4.38.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-6jzg-ptkc-zfge Aliases: CVE-2024-11394 PYSEC-2024-229	Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25012.	4.48.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-7chd-q1tt-7fck Aliases: CVE-2025-2099 PYSEC-2025-40	A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils` module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service (ReDoS) attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leading to exponential backtracking when processing input with a large number of newline characters. An attacker can exploit this by providing a specially crafted payload, causing high CPU usage and potential application downtime, effectively resulting in a Denial of Service (DoS) scenario.	4.49.0 Affected by 0 other vulnerabilities.
VCID-aud4-pr4h-r3er Aliases: CVE-2024-11392 PYSEC-2024-227	Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of configuration files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-24322.	4.48.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-mj4x-79x9-83ax Aliases: CVE-2024-11393 PYSEC-2024-228	Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25191.	4.48.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-6jzg-ptkc-zfge
Aliases:
CVE-2024-11394
PYSEC-2024-229

Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25012.

4.48.0
Affected by 1 other vulnerability.

VCID-7chd-q1tt-7fck
Aliases:
CVE-2025-2099
PYSEC-2025-40

A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils` module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service (ReDoS) attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leading to exponential backtracking when processing input with a large number of newline characters. An attacker can exploit this by providing a specially crafted payload, causing high CPU usage and potential application downtime, effectively resulting in a Denial of Service (DoS) scenario.

4.49.0
Affected by 0 other vulnerabilities.

VCID-aud4-pr4h-r3er
Aliases:
CVE-2024-11392
PYSEC-2024-227

Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of configuration files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-24322.

4.48.0
Affected by 1 other vulnerability.

VCID-mj4x-79x9-83ax
Aliases:
CVE-2024-11393
PYSEC-2024-228

Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25191.

4.48.0
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-3b57-p71g-tkhn	Transformers Deserialization of Untrusted Data vulnerability The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()` class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting the use of `pickle.load()` on data from potentially untrusted sources. This vulnerability allows for remote code execution (RCE) by deceiving victims into loading a seemingly harmless checkpoint during a normal training process, thereby enabling attackers to execute arbitrary code on the targeted machine.	CVE-2024-3568 GHSA-37q5-v5qm-c9v8

Vulnerability

Summary

Aliases

VCID-3b57-p71g-tkhn

Transformers Deserialization of Untrusted Data vulnerability The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()` class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting the use of `pickle.load()` on data from potentially untrusted sources. This vulnerability allows for remote code execution (RCE) by deceiving victims into loading a seemingly harmless checkpoint during a normal training process, thereby enabling attackers to execute arbitrary code on the targeted machine.

CVE-2024-3568
GHSA-37q5-v5qm-c9v8

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:47:34.291400+00:00	GitLab Importer	Fixing	VCID-3b57-p71g-tkhn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/transformers/CVE-2024-3568.yml	38.6.0
2026-06-02T04:23:04.344832+00:00	Pypa Importer	Affected by	VCID-7chd-q1tt-7fck	https://github.com/pypa/advisory-database/blob/main/vulns/transformers/PYSEC-2025-40.yaml	38.6.0
2026-06-02T04:22:34.119099+00:00	Pypa Importer	Affected by	VCID-6jzg-ptkc-zfge	https://github.com/pypa/advisory-database/blob/main/vulns/transformers/PYSEC-2024-229.yaml	38.6.0
2026-06-02T04:22:33.448288+00:00	Pypa Importer	Affected by	VCID-mj4x-79x9-83ax	https://github.com/pypa/advisory-database/blob/main/vulns/transformers/PYSEC-2024-228.yaml	38.6.0
2026-06-02T04:22:32.731332+00:00	Pypa Importer	Affected by	VCID-aud4-pr4h-r3er	https://github.com/pypa/advisory-database/blob/main/vulns/transformers/PYSEC-2024-227.yaml	38.6.0