Medium severity4.7NVD Advisory· Published May 18, 2023· Updated Jun 17, 2026
CVE-2023-2800
CVE-2023-2800
Description
Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
transformersPyPI | < 4.30.0 | 4.30.0 |
Affected products
2- huggingface/huggingface/transformersv5Range: unspecified
Patches
Vulnerability mechanics
References
6- github.com/huggingface/transformers/commit/80ca92470938bbcc348e2d9cf4734c7c25cb1c43nvdPatchWEB
- huntr.dev/bounties/a3867b4e-6701-4418-8c20-3c6e7084a44anvdExploitPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-282v-666c-3fvgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-2800ghsaADVISORY
- github.com/huggingface/transformers/pull/23372ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2023-299.yamlghsaWEB
News mentions
0No linked articles in our index yet.