VYPR

Diffusers

by Huggingface

pypi: diffusers

Source repositories

CVEs (4)

  • CVE-2025-14922HigDec 23, 2025
    risk 0.51cvss 7.8epss 0.00

    Hugging Face Diffusers CogView4 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Diffusers. User interaction is required to exploit this…

  • CVE-2026-44827HigMay 14, 2026
    risk 0.50cvss 8.8epss 0.01

    Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trust_remote_code=True safeguard when loading pipelines from Hugging Face Hub repositories. The _resolve_custom_pipeline_and_cls function in…

  • CVE-2026-44513HigMay 14, 2026
    risk 0.50cvss 8.8epss 0.01

    Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trust_remote_code bypass in DiffusionPipeline.from_pretrained allows arbitrary remote code execution despite the user passing trust_remote_code=False (or omitting it, which is the default). The…

  • CVE-2026-45804higMay 20, 2026
    risk 0.38cvss epss 0.00

    ## Background This vulnerability is found in the `diffusers` package - the `transformers`-equivalent library for diffusion models. It is found in the `DiffusionPipeline.from_pretrained` flow, which is used to load a pipeline from the HuggingFace Hub. This function has a…