VYPR

PyPI package

diffusers

pkg:pypi/diffusers

Vulnerabilities (2)

  • CVE-2026-44827HigMay 14, 2026
    affected < 0.38.0fixed 0.38.0

    Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trust_remote_code=True safeguard when loading pipelines from Hugging Face Hub repositories. The _resolve_custom_pipeline_and_cls function in pip

  • CVE-2026-44513HigMay 14, 2026
    affected < 0.38.0fixed 0.38.0

    Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trust_remote_code bypass in DiffusionPipeline.from_pretrained allows arbitrary remote code execution despite the user passing trust_remote_code=False (or omitting it, which is the default). The vulner