Huggingface/transformers
This hub aggregates every CVE we track for Huggingface/transformers, a product in the ai ml space. Use it to gauge the current risk picture and drill into individual advisories.
19
CVEs tracked
2
Critical
9
High
0
In CISA KEV
Severity distribution
HIGH9MEDIUM7CRITICAL2LOW1
Monthly trend
0
0
0
0
0
0
0
0
1
1
1
0
5
1
3
0
0
0
0
0
0
1
1
1
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Huggingface/transformers.
- CVE-2026-5241Policy Bypass in LightGlue Nested Config Resolution in huggingface/transformers9.6
- CVE-2026-4372Arbitrary Remote Code Execution via `_attn_implementation_internal` Config Injection in huggingface/transformers7.8
- CVE-2026-1839Arbitrary Code Execution via Unsafe torch.load() in Trainer Checkpoint Loading in huggingface/transformers7.8
- CVE-2025-6921Regular Expression Denial of Service (ReDoS) in huggingface/transformers7.5
- CVE-2025-6051Regular Expression Denial of Service (ReDoS) in huggingface/transformers5.3
- CVE-2025-6638Regular Expression Denial of Service (ReDoS) in huggingface/transformers7.5
- CVE-2025-5197Regular Expression Denial of Service (ReDoS) in huggingface/transformers5.3
- CVE-2025-3933Regular Expression Denial of Service (ReDoS) in huggingface/transformers5.3
- CVE-2025-3777Improper Input Validation in huggingface/transformers3.5
- CVE-2025-3264Regular Expression Denial of Service (ReDoS) in huggingface/transformers5.3
- CVE-2025-3263Regular Expression Denial of Service (ReDoS) in huggingface/transformers5.3
- CVE-2025-3262Regular Expression Denial of Service (ReDoS) in huggingface/transformers7.5
- CVE-2025-2099Regular Expression Denial of Service (ReDoS) in huggingface/transformers7.5
- CVE-2025-1194Regular Expression Denial of Service (ReDoS) in huggingface/transformers6.5
- CVE-2024-12720Regular Expression Denial of Service (ReDoS) in huggingface/transformers7.5
Product normalization is registry-driven with AI assist and human review. How it works