VYPR

Transformers

by Huggingface

pypi: transformers

Source repositories

CVEs (14)

  • CVE-2026-5241CriJun 3, 2026
    risk 0.55cvss 9.6epss 0.00

    A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the `trust_remote_code` parameter, intended to prevent…

  • CVE-2026-4372HigMay 24, 2026
    risk 0.44cvss 7.8epss 0.00

    A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3.0. The vulnerability allows an attacker to craft a malicious `config.json` file containing the `_attn_implementation_internal` field set to an…

  • CVE-2026-1839HigApr 7, 2026
    risk 0.44cvss 7.8epss 0.00

    A vulnerability in the HuggingFace Transformers library, specifically in the `Trainer` class, allows for arbitrary code execution. The `_load_rng_state()` method in `src/transformers/trainer.py` at line 3059 calls `torch.load()` without the `weights_only=True` parameter. This…

  • CVE-2024-11392Nov 22, 2024
    risk 0.01cvss epss 0.07

    Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this…

  • CVE-2025-14930Dec 23, 2025
    risk 0.00cvss epss 0.00

    Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this…

  • CVE-2025-14928Dec 23, 2025
    risk 0.00cvss epss 0.00

    Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this…

  • CVE-2025-14924Dec 23, 2025
    risk 0.00cvss epss 0.00

    Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit…

  • CVE-2025-14920Dec 23, 2025
    risk 0.00cvss epss 0.00

    Hugging Face Transformers Perceiver Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit…

  • CVE-2025-14926Dec 23, 2025
    risk 0.00cvss epss 0.00

    Hugging Face Transformers SEW convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this…

  • CVE-2025-14927Dec 23, 2025
    risk 0.00cvss epss 0.00

    Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this…

  • CVE-2025-14921Dec 23, 2025
    risk 0.00cvss epss 0.00

    Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to…

  • CVE-2025-14929Dec 23, 2025
    risk 0.00cvss epss 0.00

    Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required…

  • CVE-2024-11394Nov 22, 2024
    risk 0.00cvss epss 0.02

    Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this…

  • CVE-2024-11393Nov 22, 2024
    risk 0.00cvss epss 0.03

    Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit…