PyPI package
transformers
pkg:pypi/transformers
Vulnerabilities (20)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-1839 | Hig | 7.8 | < 5.0.0rc3 | 5.0.0rc3 | Apr 7, 2026 | A vulnerability in the HuggingFace Transformers library, specifically in the `Trainer` class, allows for arbitrary code execution. The `_load_rng_state()` method in `src/transformers/trainer.py` at line 3059 calls `torch.load()` without the `weights_only=True` parameter. This iss | |
| CVE-2025-6921 | — | < 4.53.0 | 4.53.0 | Sep 23, 2025 | The huggingface/transformers library, versions prior to 4.53.0, is vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer. The vulnerability arises from the _do_use_weight_decay method, which processes user-controlled regular expressions in th | ||
| CVE-2025-6051 | — | < 4.53.0 | 4.53.0 | Sep 14, 2025 | A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the `normalize_numbers()` method of the `EnglishNormalizer` class. This vulnerability affects versions up to 4.52.4 and is fixed in version 4. | ||
| CVE-2025-6638 | — | < 4.53.0 | 4.53.0 | Sep 12, 2025 | A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically affecting the MarianTokenizer's `remove_language_code()` method. This vulnerability is present in version 4.52.4 and has been fixed in version 4.53.0 | ||
| CVE-2025-5197 | — | < 4.53.0 | 4.53.0 | Aug 6, 2025 | A Regular Expression Denial of Service (ReDoS) vulnerability exists in the Hugging Face Transformers library, specifically in the `convert_tf_weight_name_to_pt_weight_name()` function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a reg | ||
| CVE-2025-3933 | — | < 4.52.1 | 4.52.1 | Jul 11, 2025 | A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's `token2json()` method. This vulnerability affects versions 4.50.3 and earlier, and is fixed in version 4.52.1. The | ||
| CVE-2025-3777 | — | < 4.52.1 | 4.52.1 | Jul 7, 2025 | Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the `image_utils.py` file. The vulnerability arises from insecure URL validation using the `startswith()` method, which can be bypassed through URL username injection. Th | ||
| CVE-2025-3264 | — | < 4.51.0 | 4.51.0 | Jul 7, 2025 | A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the `get_imports()` function within `dynamic_module_utils.py`. This vulnerability affects versions 4.49.0 and is fixed in version 4.51.0. The issu | ||
| CVE-2025-3263 | — | < 4.51.0 | 4.51.0 | Jul 7, 2025 | A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the `get_configuration_file()` function within the `transformers.configuration_utils` module. The affected version is 4.49.0, and the issue is res | ||
| CVE-2025-3262 | — | >= 4.49.0, < 4.51.0 | 4.51.0 | Jul 7, 2025 | A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular expression complexity in the `SETTING_RE` variable within the `transformers/comm | ||
| CVE-2025-2099 | — | < 4.50.0 | 4.50.0 | May 19, 2025 | A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils` module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service (ReDoS) attack. The regular expression used to process code blocks in docstrings contains | ||
| CVE-2025-1194 | — | < 4.50.0 | 4.50.0 | Apr 29, 2025 | A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file `tokenization_gpt_neox_japanese.py` of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where | ||
| CVE-2024-12720 | — | < 4.48.0 | 4.48.0 | Mar 20, 2025 | A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file tokenization_nougat_fast.py. The vulnerability occurs in the post_process_single() function, where a regular expression processes speciall | ||
| CVE-2024-11394 | — | < 4.48.0 | 4.48.0 | Nov 22, 2024 | Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vu | ||
| CVE-2024-11393 | — | < 4.48.0 | 4.48.0 | Nov 22, 2024 | Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit t | ||
| CVE-2024-11392 | — | < 4.48.0 | 4.48.0 | Nov 22, 2024 | Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this v | ||
| CVE-2024-3568 | — | < 4.38.0 | 4.38.0 | Apr 10, 2024 | The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()` class. Attackers can execute arbitrary code and commands by crafting a malicious seri | ||
| CVE-2023-7018 | — | < 4.36.0 | 4.36.0 | Dec 20, 2023 | Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36. | ||
| CVE-2023-6730 | — | < 4.36.0 | 4.36.0 | Dec 19, 2023 | Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36. | ||
| CVE-2023-2800 | — | < 4.30.0 | 4.30.0 | May 18, 2023 | Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0. |
- affected < 5.0.0rc3fixed 5.0.0rc3
A vulnerability in the HuggingFace Transformers library, specifically in the `Trainer` class, allows for arbitrary code execution. The `_load_rng_state()` method in `src/transformers/trainer.py` at line 3059 calls `torch.load()` without the `weights_only=True` parameter. This iss
- CVE-2025-6921Sep 23, 2025affected < 4.53.0fixed 4.53.0
The huggingface/transformers library, versions prior to 4.53.0, is vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer. The vulnerability arises from the _do_use_weight_decay method, which processes user-controlled regular expressions in th
- CVE-2025-6051Sep 14, 2025affected < 4.53.0fixed 4.53.0
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the `normalize_numbers()` method of the `EnglishNormalizer` class. This vulnerability affects versions up to 4.52.4 and is fixed in version 4.
- CVE-2025-6638Sep 12, 2025affected < 4.53.0fixed 4.53.0
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically affecting the MarianTokenizer's `remove_language_code()` method. This vulnerability is present in version 4.52.4 and has been fixed in version 4.53.0
- CVE-2025-5197Aug 6, 2025affected < 4.53.0fixed 4.53.0
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the Hugging Face Transformers library, specifically in the `convert_tf_weight_name_to_pt_weight_name()` function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a reg
- CVE-2025-3933Jul 11, 2025affected < 4.52.1fixed 4.52.1
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's `token2json()` method. This vulnerability affects versions 4.50.3 and earlier, and is fixed in version 4.52.1. The
- CVE-2025-3777Jul 7, 2025affected < 4.52.1fixed 4.52.1
Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the `image_utils.py` file. The vulnerability arises from insecure URL validation using the `startswith()` method, which can be bypassed through URL username injection. Th
- CVE-2025-3264Jul 7, 2025affected < 4.51.0fixed 4.51.0
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the `get_imports()` function within `dynamic_module_utils.py`. This vulnerability affects versions 4.49.0 and is fixed in version 4.51.0. The issu
- CVE-2025-3263Jul 7, 2025affected < 4.51.0fixed 4.51.0
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the `get_configuration_file()` function within the `transformers.configuration_utils` module. The affected version is 4.49.0, and the issue is res
- CVE-2025-3262Jul 7, 2025affected >= 4.49.0, < 4.51.0fixed 4.51.0
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular expression complexity in the `SETTING_RE` variable within the `transformers/comm
- CVE-2025-2099May 19, 2025affected < 4.50.0fixed 4.50.0
A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils` module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service (ReDoS) attack. The regular expression used to process code blocks in docstrings contains
- CVE-2025-1194Apr 29, 2025affected < 4.50.0fixed 4.50.0
A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file `tokenization_gpt_neox_japanese.py` of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where
- CVE-2024-12720Mar 20, 2025affected < 4.48.0fixed 4.48.0
A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file tokenization_nougat_fast.py. The vulnerability occurs in the post_process_single() function, where a regular expression processes speciall
- CVE-2024-11394Nov 22, 2024affected < 4.48.0fixed 4.48.0
Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vu
- CVE-2024-11393Nov 22, 2024affected < 4.48.0fixed 4.48.0
Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit t
- CVE-2024-11392Nov 22, 2024affected < 4.48.0fixed 4.48.0
Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this v
- CVE-2024-3568Apr 10, 2024affected < 4.38.0fixed 4.38.0
The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()` class. Attackers can execute arbitrary code and commands by crafting a malicious seri
- CVE-2023-7018Dec 20, 2023affected < 4.36.0fixed 4.36.0
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.
- CVE-2023-6730Dec 19, 2023affected < 4.36.0fixed 4.36.0
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.
- CVE-2023-2800May 18, 2023affected < 4.30.0fixed 4.30.0
Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0.