apk package
chainguard/py3.11-diffusers-cuda-12.9
pkg:apk/chainguard/py3.11-diffusers-cuda-12.9
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-45804 | hig | — | < 0.38.0-r0 | 0.38.0-r0 | May 20, 2026 | ## Background This vulnerability is found in the `diffusers` package - the `transformers`-equivalent library for diffusion models. It is found in the `DiffusionPipeline.from_pretrained` flow, which is used to load a pipeline from the HuggingFace Hub. This function has a `trust | |
| CVE-2026-44513 | Hig | 8.8 | < 0.38.0-r0 | 0.38.0-r0 | May 14, 2026 | Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trust_remote_code bypass in DiffusionPipeline.from_pretrained allows arbitrary remote code execution despite the user passing trust_remote_code=False (or omitting it, which is the default). The vulner |
- affected < 0.38.0-r0fixed 0.38.0-r0
## Background This vulnerability is found in the `diffusers` package - the `transformers`-equivalent library for diffusion models. It is found in the `DiffusionPipeline.from_pretrained` flow, which is used to load a pipeline from the HuggingFace Hub. This function has a `trust
- affected < 0.38.0-r0fixed 0.38.0-r0
Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trust_remote_code bypass in DiffusionPipeline.from_pretrained allows arbitrary remote code execution despite the user passing trust_remote_code=False (or omitting it, which is the default). The vulner