High severity7.8NVD Advisory· Published Dec 20, 2023· Updated Jun 17, 2026
CVE-2023-7018
CVE-2023-7018
Description
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
transformersPyPI | < 4.36.0 | 4.36.0 |
Affected products
2- huggingface/huggingface/transformersv5Range: unspecified
Patches
Vulnerability mechanics
References
5- github.com/huggingface/transformers/commit/1d63b0ec361e7a38f1339385e8a5a855085532cenvdPatchWEB
- huntr.com/bounties/e1a3e548-e53a-48df-b708-9ee62140963cnvdExploitPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-v68g-wm8c-6x7jghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-7018ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2023-301.yamlghsaWEB
News mentions
0No linked articles in our index yet.