Search for packages
| purl | pkg:pypi/transformers@4.3.3 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3b57-p71g-tkhn
Aliases: CVE-2024-3568 GHSA-37q5-v5qm-c9v8 |
Transformers Deserialization of Untrusted Data vulnerability The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()` class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting the use of `pickle.load()` on data from potentially untrusted sources. This vulnerability allows for remote code execution (RCE) by deceiving victims into loading a seemingly harmless checkpoint during a normal training process, thereby enabling attackers to execute arbitrary code on the targeted machine. |
Affected by 15 other vulnerabilities. |
|
VCID-3gc6-hf7m-qbfn
Aliases: CVE-2025-6638 GHSA-59p9-h35m-wg4g |
transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers |
Affected by 1 other vulnerability. |
|
VCID-46y8-cawt-g7br
Aliases: CVE-2025-6921 GHSA-4w7r-h757-3r74 |
Hugging Face Transformers vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer The huggingface/transformers library, versions prior to 4.53.0, is vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer. The vulnerability arises from the _do_use_weight_decay method, which processes user-controlled regular expressions in the include_in_weight_decay and exclude_from_weight_decay lists. Malicious regular expressions can cause catastrophic backtracking during the re.search call, leading to 100% CPU utilization and a denial of service. This issue can be exploited by attackers who can control the patterns in these lists, potentially causing the machine learning task to hang and rendering services unresponsive. |
Affected by 1 other vulnerability. |
|
VCID-4p99-5cwj-8fbn
Aliases: CVE-2025-3777 GHSA-phhr-52qp-3mj4 |
Transformers's Improper Input Validation vulnerability can be exploited through username injection Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the `image_utils.py` file. The vulnerability arises from insecure URL validation using the `startswith()` method, which can be bypassed through URL username injection. This allows attackers to craft URLs that appear to be from YouTube but resolve to malicious domains, potentially leading to phishing attacks, malware distribution, or data exfiltration. The issue is fixed in version 4.52.1. |
Affected by 5 other vulnerabilities. |
|
VCID-6jzg-ptkc-zfge
Aliases: CVE-2024-11394 GHSA-hxxf-235m-72v3 PYSEC-2024-229 |
Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25012. |
Affected by 11 other vulnerabilities. |
|
VCID-6p4h-2f1g-9qh2
Aliases: CVE-2025-3263 GHSA-q2wp-rjmx-x6x9 |
Transformers's ReDoS vulnerability in get_configuration_file can lead to catastrophic backtracking A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the `get_configuration_file()` function within the `transformers.configuration_utils` module. The affected version is 4.49.0, and the issue is resolved in version 4.51.0. The vulnerability arises from the use of a regular expression pattern `config\.(.*)\.json` that can be exploited to cause excessive CPU consumption through crafted input strings, leading to catastrophic backtracking. This can result in model serving disruption, resource exhaustion, and increased latency in applications using the library. |
Affected by 7 other vulnerabilities. |
|
VCID-6wnz-1qbk-x3av
Aliases: CVE-2023-7018 GHSA-v68g-wm8c-6x7j PYSEC-2023-301 |
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36. |
Affected by 16 other vulnerabilities. |
|
VCID-7chd-q1tt-7fck
Aliases: CVE-2025-2099 GHSA-qq3j-4f4f-9583 PYSEC-2025-40 |
A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils` module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service (ReDoS) attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leading to exponential backtracking when processing input with a large number of newline characters. An attacker can exploit this by providing a specially crafted payload, causing high CPU usage and potential application downtime, effectively resulting in a Denial of Service (DoS) scenario. |
Affected by 12 other vulnerabilities. Affected by 10 other vulnerabilities. |
|
VCID-8rrr-pemt-jkaf
Aliases: CVE-2025-1194 GHSA-fpwr-67px-3qhx |
Transformers Regular Expression Denial of Service (ReDoS) vulnerability A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file `tokenization_gpt_neox_japanese.py` of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where regular expressions process specially crafted inputs. The issue stems from a regex exhibiting exponential complexity under certain conditions, leading to excessive backtracking. This can result in high CPU usage and potential application downtime, effectively creating a Denial of Service (DoS) scenario. The affected version is v4.48.1 (latest). |
Affected by 10 other vulnerabilities. |
|
VCID-aqqd-thbn-byaf
Aliases: CVE-2026-1839 GHSA-69w3-r845-3855 |
transformers: HuggingFace Transformers: Arbitrary code execution via malicious checkpoint file |
Affected by 0 other vulnerabilities. |
|
VCID-aud4-pr4h-r3er
Aliases: CVE-2024-11392 GHSA-qxrp-vhvm-j765 PYSEC-2024-227 |
Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of configuration files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-24322. |
Affected by 11 other vulnerabilities. |
|
VCID-k9e8-tqj2-gqbd
Aliases: CVE-2024-12720 GHSA-6rvg-6v2m-4j46 |
Transformers Regular Expression Denial of Service (ReDoS) vulnerability A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file tokenization_nougat_fast.py. The vulnerability occurs in the post_process_single() function, where a regular expression processes specially crafted input. The issue stems from the regex exhibiting exponential time complexity under certain conditions, leading to excessive backtracking. This can result in significantly high CPU usage and potential application downtime, effectively creating a Denial of Service (DoS) scenario. The affected version is v4.46.3. |
Affected by 11 other vulnerabilities. |
|
VCID-mj4x-79x9-83ax
Aliases: CVE-2024-11393 GHSA-wrfc-pvp9-mr9g PYSEC-2024-228 |
Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25191. |
Affected by 11 other vulnerabilities. |
|
VCID-pn57-nb2x-n7gw
Aliases: CVE-2025-3933 GHSA-37mw-44qp-f5jm |
Transformers is vulnerable to ReDoS attack through its DonutProcessor class A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's `token2json()` method. This vulnerability affects versions 4.51.3 and earlier, and is fixed in version 4.52.1. The issue arises from the regex pattern `<s_(.*?)>` which can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. This vulnerability can lead to service disruption, resource exhaustion, and potential API service vulnerabilities, impacting document processing tasks using the Donut model. |
Affected by 5 other vulnerabilities. |
|
VCID-qyfa-xf7d-n3gt
Aliases: CVE-2025-3264 GHSA-jjph-296x-mrcr |
Transformers vulnerable to ReDoS attack through its get_imports() function A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the `get_imports()` function within `dynamic_module_utils.py`. This vulnerability affects versions 4.49.0 and is fixed in version 4.51.0. The issue arises from a regular expression pattern `\s*try\s*:.*?except.*?:` used to filter out try/except blocks from Python code, which can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. This vulnerability can lead to remote code loading disruption, resource exhaustion in model serving, supply chain attack vectors, and development pipeline disruption. |
Affected by 7 other vulnerabilities. |
|
VCID-re51-pz3b-xbc5
Aliases: CVE-2023-6730 GHSA-3863-2447-669p PYSEC-2023-300 |
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36. |
Affected by 16 other vulnerabilities. |
|
VCID-s9jb-vbrz-2qa5
Aliases: CVE-2025-6051 GHSA-rcv9-qm8p-9p6j |
transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers |
Affected by 1 other vulnerability. |
|
VCID-smqc-ecxk-eqe6
Aliases: CVE-2023-2800 GHSA-282v-666c-3fvg PYSEC-2023-299 |
Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0. |
Affected by 18 other vulnerabilities. |
|
VCID-w57w-5mrk-cqbr
Aliases: CVE-2025-5197 GHSA-9356-575x-2w9m |
Hugging Face Transformers Regular Expression Denial of Service (ReDoS) vulnerability A Regular Expression Denial of Service (ReDoS) vulnerability exists in the Hugging Face Transformers library, specifically in the `convert_tf_weight_name_to_pt_weight_name()` function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern `/[^/]*___([^/]*)/` that can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. The vulnerability affects versions up to 4.51.3 and is fixed in version 4.53.0. This issue can lead to service disruption, resource exhaustion, and potential API service vulnerabilities, impacting model conversion processes between TensorFlow and PyTorch formats. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||