Critical
High
Medium
Low
Secrets
Misconfig
| Severity | CVE ID | Package | Installed | Fixed In | Description |
|---|---|---|---|---|---|
| MEDIUM | CVE-2023-36464 | PyPDF2 | 3.0.1 | No fix | pypdf: Possible Infinite Loop when a comment isn't followed by a character |
| CRITICAL | CVE-2025-14009 | nltk | 3.9.2 | 3.9.3 | nltk: Zip Slip Vulnerability in nltk Leading to Code Execution |
| CRITICAL | CVE-2025-32434 | torch | 2.2.2 | 2.6.0 | PyTorch is a Python package that provides tensor computation with stro ... |
| MEDIUM | CVE-2025-3730 | torch | 2.2.2 | 2.8.0 | A vulnerability, which was classified as problematic, was found in PyT ... |
| HIGH | CVE-2024-11392 | transformers | 4.40.2 | 4.48.0 | transformers: Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Ex |
| HIGH | CVE-2024-11393 | transformers | 4.40.2 | 4.48.0 | transformers: Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Co |
| HIGH | CVE-2024-11394 | transformers | 4.40.2 | 4.48.0 | transformers: Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Exe |
| MEDIUM | CVE-2024-12720 | transformers | 4.40.2 | 4.48.0 | Transformers Regular Expression Denial of Service (ReDoS) vulnerability |
| MEDIUM | CVE-2025-1194 | transformers | 4.40.2 | 4.50.0 | Transformers Regular Expression Denial of Service (ReDoS) vulnerability |
| MEDIUM | CVE-2025-2099 | transformers | 4.40.2 | 4.50.0 | transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers |
| MEDIUM | CVE-2025-3263 | transformers | 4.40.2 | 4.51.0 | transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers |
| MEDIUM | CVE-2025-3264 | transformers | 4.40.2 | 4.51.0 | transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers |
| MEDIUM | CVE-2025-3933 | transformers | 4.40.2 | 4.52.1 | transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers |
| MEDIUM | CVE-2025-5197 | transformers | 4.40.2 | 4.53.0 | transformers: Transformers ReDoS Vulnerability |
| MEDIUM | CVE-2025-6051 | transformers | 4.40.2 | 4.53.0 | transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers |
| MEDIUM | CVE-2025-6638 | transformers | 4.40.2 | 4.53.0 | transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers |
| MEDIUM | CVE-2025-6921 | transformers | 4.40.2 | 4.53.0 | transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers |
| Type | File | Line | Match |
|---|---|---|---|
| ✅ No secrets found | |||
| Severity | ID | Check | File | Message |
|---|---|---|---|---|
| HIGH | DS-0029 | 'apt-get' missing '--no-install-recommends' | Dockerfile | '--no-install-recommends' flag is missed: 'apt-get update && apt-get install -y libgl1 libgl |
{
"SchemaVersion": 2,
"Trivy": {
"Version": "0.69.0"
},
"ReportID": "019c9e93-1059-77a9-a46b-c96c65144bd5",
"CreatedAt": "2026-02-27T10:09:24.057506868Z",
"ArtifactID": "sha256:05b0e7718958242c500af936150a90b4fe6673024f3bd82ac15b04d8ceec10e6",
"ArtifactName": "/src",
"ArtifactType": "repository",
"Metadata": {
"RepoURL": "https://github.com/eizen-ai/eizen-agent-document-service.git",
"Branch": "ldev",
"Commit": "6443d909b611d587ce9f6c0abbc3ae660623df51",
"CommitMsg": "Update requirements.txt",
"Author": "Karthik <karthik.byroni@eizen.ai>",
"Committer": "GitHub <noreply@github.com>"
},
"Results": [
{
"Target": "requirements.txt",
"Class": "lang-pkgs",
"Type": "pip",
"Packages": [
{
"Name": "PyMuPDF",
"Identifier": {
"PURL": "pkg:pypi/pymupdf@1.27.1",
"UID": "7200ff5cfc2ed5ac"
},
"Version": "1.27.1",
"Locations": [
{
"StartLine": 5,
"EndLine": 5
}
],
"AnalyzedBy": "pip"
},
{
"Name": "PyPDF2",
"Identifier": {
"PURL": "pkg:pypi/pypdf2@3.0.1",
"UID": "77a9c84f57c85030"
},
"Version": "3.0.1",
"Locations": [
{
"StartLine": 16,
"EndLine": 16
}
],
"AnalyzedBy": "pip"
},
{
"Name": "aiofiles",
"Identifier": {
"PURL": "pkg:pypi/aiofiles@25.1.0",
"UID": "8f6b03c820b9cca"
},
"Version": "25.1.0",
"Locations": [
{
"StartLine": 12,
"EndLine": 12
}
],
"AnalyzedBy": "pip"
},
{
"Name": "aiohttp",
"Identifier": {
"PURL": "pkg:pypi/aiohttp@3.13.3",
"UID": "e86c4f7c686b26ad"
},
"Version": "3.13.3",
"Locations": [
{
"StartLine": 11,
"EndLine": 11
}
],
"AnalyzedBy": "pip"
},
{
"Name": "boto3",
"Identifier": {
"PURL": "pkg:pypi/boto3@1.40.30",
"UID": "7ae9fa8d1c2ca894"
},
"Version": "1.40.30",
"Locations": [
{
"StartLine": 13,
"EndLine": 13
}
],
"AnalyzedBy": "pip"
},
{
"Name": "fastapi",
"Identifier": {
"PURL": "pkg:pypi/fastapi@0.132.0",
"UID": "3d451fdb4bb58357"
},
"Version": "0.132.0",
"Locations": [
{
"StartLine": 1,
"EndLine": 1
}
],
"AnalyzedBy": "pip"
},
{
"Name": "google-generativeai",
"Identifier": {
"PURL": "pkg:pypi/google-generativeai@0.8.5",
"UID": "ab240fa3a8b00158"
},
"Version": "0.8.5",
"Locations": [
{
"StartLine": 8,
"EndLine": 8
}
],
"AnalyzedBy": "pip"
},
{
"Name": "loguru",
"Identifier": {
"PURL": "pkg:pypi/loguru@0.7.2",
"UID": "144ebf11a8411cbd"
},
"Version": "0.7.2",
"Locations": [
{
"StartLine": 23,
"EndLine": 23
}
],
"AnalyzedBy": "pip"
},
{
"Name": "motor",
"Identifier": {
"PURL": "pkg:pypi/motor@3.7.1",
"UID": "d76622a0225cf758"
},
"Version": "3.7.1",
"Locations": [
{
"StartLine": 10,
"EndLine": 10
}
],
"AnalyzedBy": "pip"
},
{
"Name": "nltk",
"Identifier": {
"PURL": "pkg:pypi/nltk@3.9.2",
"UID": "f2f8e45579df7fb1"
},
"Version": "3.9.2",
"Locations": [
{
"StartLine": 19,
"EndLine": 19
}
],
"AnalyzedBy": "pip"
},
{
"Name": "numpy",
"Identifier": {
"PURL": "pkg:pypi/numpy@1.26.4",
"UID": "b0ef90a5a5de832f"
},
"Version": "1.26.4",
"Locations": [
{
"StartLine": 15,
"EndLine": 15
}
],
"AnalyzedBy": "pip"
},
{
"Name": "opencv-python",
"Identifier": {
"PURL": "pkg:pypi/opencv-python@4.11.0.86",
"UID": "857dabb679808042"
},
"Version": "4.11.0.86",
"Locations": [
{
"StartLine": 7,
"EndLine": 7
}
],
"AnalyzedBy": "pip"
},
{
"Name": "paddleocr",
"Identifier": {
"PURL": "pkg:pypi/paddleocr@2.9.1",
"UID": "f0046dbdb32fc170"
},
"Version": "2.9.1",
"Locations": [
{
"StartLine": 20,
"EndLine": 20
}
],
"AnalyzedBy": "pip"
},
{
"Name": "paddlepaddle",
"Identifier": {
"PURL": "pkg:pypi/paddlepaddle@2.6.2",
"UID": "6a24581bc645fd41"
},
"Version": "2.6.2",
"Locations": [
{
"StartLine": 21,
"EndLine": 21
}
],
"AnalyzedBy": "pip"
},
{
"Name": "pillow",
"Identifier": {
"PURL": "pkg:pypi/pillow@12.1.1",
"UID": "954093f89f703c76"
},
"Version": "12.1.1",
"Locations": [
{
"StartLine": 6,
"EndLine": 6
}
],
"AnalyzedBy": "pip"
},
{
"Name": "pydantic",
"Identifier": {
"PURL": "pkg:pypi/pydantic@2.12.5",
"UID": "3060d29a29f4c921"
},
"Version": "2.12.5",
"Locations": [
{
"StartLine": 3,
"EndLine": 3
}
],
"AnalyzedBy": "pip"
},
{
"Name": "pymongo",
"Identifier": {
"PURL": "pkg:pypi/pymongo@4.16.0",
"UID": "ec2f125e07998640"
},
"Version": "4.16.0",
"Locations": [
{
"StartLine": 9,
"EndLine": 9
}
],
"AnalyzedBy": "pip"
},
{
"Name": "pytesseract",
"Identifier": {
"PURL": "pkg:pypi/pytesseract@0.3.13",
"UID": "16bf0a0d2e0ed730"
},
"Version": "0.3.13",
"Locations": [
{
"StartLine": 22,
"EndLine": 22
}
],
"AnalyzedBy": "pip"
},
{
"Name": "python-dotenv",
"Identifier": {
"PURL": "pkg:pypi/python-dotenv@1.2.1",
"UID": "e5887929dda70be4"
},
"Version": "1.2.1",
"Locations": [
{
"StartLine": 4,
"EndLine": 4
}
],
"AnalyzedBy": "pip"
},
{
"Name": "requests",
"Identifier": {
"PURL": "pkg:pypi/requests@2.32.5",
"UID": "121e89a27a8c6af3"
},
"Version": "2.32.5",
"Locations": [
{
"StartLine": 14,
"EndLine": 14
}
],
"AnalyzedBy": "pip"
},
{
"Name": "torch",
"Identifier": {
"PURL": "pkg:pypi/torch@2.2.2",
"UID": "60af271f416c8cf3"
},
"Version": "2.2.2",
"Locations": [
{
"StartLine": 18,
"EndLine": 18
}
],
"AnalyzedBy": "pip"
},
{
"Name": "transformers",
"Identifier": {
"PURL": "pkg:pypi/transformers@4.40.2",
"UID": "27aac2de600fe28"
},
"Version": "4.40.2",
"Locations": [
{
"StartLine": 17,
"EndLine": 17
}
],
"AnalyzedBy": "pip"
},
{
"Name": "uvicorn",
"Identifier": {
"PURL": "pkg:pypi/uvicorn@0.41.0",
"UID": "7d5971c6ae2d565d"
},
"Version": "0.41.0",
"Locations": [
{
"StartLine": 2,
"EndLine": 2
}
],
"AnalyzedBy": "pip"
}
],
"Vulnerabilities": [
{
"VulnerabilityID": "CVE-2023-36464",
"VendorIDs": [
"GHSA-4vvm-4w3v-6mr8"
],
"PkgName": "PyPDF2",
"PkgIdentifier": {
"PURL": "pkg:pypi/pypdf2@3.0.1",
"UID": "77a9c84f57c85030"
},
"InstalledVersion": "3.0.1",
"Status": "affected",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-36464",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Fingerprint": "sha256:3901d2ac492e2b631f09e81652edd56fe695518b8d4814d2daf7c278ccd892c1",
"Title": "pypdf: Possible Infinite Loop when a comment isn't followed by a character",
"Description": "pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if `__parse_content_stream` is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request #969 and resolved in pull request #1828. Users are advised to upgrade. Users unable to upgrade may modify the line `while peek not in (b\"\\r\", b\"\\n\")` in `pypdf/generic/_data_structures.py` to `while peek not in (b\"\\r\", b\"\\n\", b\"\")`.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-835"
],
"VendorSeverity": {
"ghsa": 2,
"nvd": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 6.2
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 6.2
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2023-36464",
"https://github.com/py-pdf/pypdf",
"https://github.com/py-pdf/pypdf/commit/b0e5c689df689ab173df84dacd77b6fc3c161932",
"https://github.com/py-pdf/pypdf/pull/1828",
"https://github.com/py-pdf/pypdf/pull/969",
"https://github.com/py-pdf/pypdf/releases/tag/3.9.0",
"https://github.com/py-pdf/pypdf/security/advisories/GHSA-4vvm-4w3v-6mr8",
"https://nvd.nist.gov/vuln/detail/CVE-2023-36464",
"https://www.cve.org/CVERecord?id=CVE-2023-36464"
],
"PublishedDate": "2023-06-27T22:15:11.79Z",
"LastModifiedDate": "2024-11-21T08:09:45.95Z"
},
{
"VulnerabilityID": "CVE-2025-14009",
"VendorIDs": [
"GHSA-7p94-766c-hgjp"
],
"PkgName": "nltk",
"PkgIdentifier": {
"PURL": "pkg:pypi/nltk@3.9.2",
"UID": "f2f8e45579df7fb1"
},
"InstalledVersion": "3.9.2",
"FixedVersion": "3.9.3",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-14009",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Fingerprint": "sha256:56927217e1e1f2ec00767e8c389dfa05a1e33586bbb7e5f5ba9f0717a00a093a",
"Title": "nltk: Zip Slip Vulnerability in nltk Leading to Code Execution",
"Description": "A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The _unzip_iter function in nltk/downloader.py uses zipfile.extractall() without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when downloaded and extracted by NLTK, can execute arbitrary code. The vulnerability arises because NLTK assumes all downloaded packages are trusted and extracts them without validation. If a malicious package contains Python files, such as __init__.py, these files are executed automatically upon import, leading to remote code execution. This issue can result in full system compromise, including file system access, network access, and potential persistence mechanisms.",
"Severity": "CRITICAL",
"CweIDs": [
"CWE-94"
],
"VendorSeverity": {
"ghsa": 4,
"redhat": 3
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"V3Score": 10
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 8.8
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-14009",
"https://github.com/nltk/nltk",
"https://github.com/nltk/nltk/blob/4154eb85e832f266660a09286c7e37e308292284/ChangeLog#L1",
"https://github.com/nltk/nltk/commit/1056b323af6462455571302e766b67cf300aea18",
"https://github.com/nltk/nltk/pull/3468",
"https://huntr.com/bounties/49ecbc02-054e-4470-b2e0-b267936cc4e4",
"https://nvd.nist.gov/vuln/detail/CVE-2025-14009",
"https://www.cve.org/CVERecord?id=CVE-2025-14009"
],
"PublishedDate": "2026-02-18T18:24:19.41Z",
"LastModifiedDate": "2026-02-19T15:53:02.85Z"
},
{
"VulnerabilityID": "CVE-2025-32434",
"VendorIDs": [
"GHSA-53q9-r3pm-6pq6"
],
"PkgName": "torch",
"PkgIdentifier": {
"PURL": "pkg:pypi/torch@2.2.2",
"UID": "60af271f416c8cf3"
},
"InstalledVersion": "2.2.2",
"FixedVersion": "2.6.0",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-32434",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Fingerprint": "sha256:66b8227b43e82726c707d13e329db6e5723c894ffe673389e3339d8e7cd19c77",
"Title": "PyTorch is a Python package that provides tensor computation with stro ...",
"Description": "PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.",
"Severity": "CRITICAL",
"CweIDs": [
"CWE-502"
],
"VendorSeverity": {
"azure": 4,
"bitnami": 4,
"cbl-mariner": 4,
"ghsa": 4,
"nvd": 4
},
"CVSS": {
"bitnami": {
"V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"V40Score": 9.3
},
"ghsa": {
"V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"V40Score": 9.3
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 9.8
}
},
"References": [
"https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-41.yaml",
"https://github.com/pytorch/pytorch",
"https://github.com/pytorch/pytorch/commit/8d4b8a920a2172523deb95bf20e8e52d50649c04",
"https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6",
"https://lists.debian.org/debian-lts-announce/2025/12/msg00000.html",
"https://nvd.nist.gov/vuln/detail/CVE-2025-32434"
],
"PublishedDate": "2025-04-18T16:15:23.183Z",
"LastModifiedDate": "2025-12-01T07:16:01.807Z"
},
{
"VulnerabilityID": "CVE-2025-3730",
"VendorIDs": [
"GHSA-887c-mr87-cxwp"
],
"PkgName": "torch",
"PkgIdentifier": {
"PURL": "pkg:pypi/torch@2.2.2",
"UID": "60af271f416c8cf3"
},
"InstalledVersion": "2.2.2",
"FixedVersion": "2.8.0",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-3730",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Fingerprint": "sha256:8dc94321dff1d822abe4dd094b119e6e937377a9149e3c30922543cb215997cd",
"Title": "A vulnerability, which was classified as problematic, was found in PyT ...",
"Description": "A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 46fc5d8e360127361211cb237d5f9eef0223e567. It is recommended to apply a patch to fix this issue. The security policy of the project warns to use unknown models which might establish malicious effects.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-404"
],
"VendorSeverity": {
"azure": 2,
"bitnami": 2,
"cbl-mariner": 2,
"ghsa": 2,
"nvd": 2
},
"CVSS": {
"bitnami": {
"V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"V40Score": 4.8
},
"ghsa": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"V3Score": 3.3,
"V40Score": 4.8
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://github.com/pytorch/pytorch",
"https://github.com/pytorch/pytorch/commit/01f226bfb8f2c343f5c614a6bbf685d91160f3af",
"https://github.com/pytorch/pytorch/issues/150835",
"https://github.com/pytorch/pytorch/issues/150835#issue-2979082232",
"https://github.com/pytorch/pytorch/pull/150981",
"https://github.com/timocafe/tewart-pytorch/commit/46fc5d8e360127361211cb237d5f9eef0223e567",
"https://nvd.nist.gov/vuln/detail/CVE-2025-3730",
"https://vuldb.com/?ctiid.305076",
"https://vuldb.com/?id.305076",
"https://vuldb.com/?submit.553645"
],
"PublishedDate": "2025-04-16T21:15:48.7Z",
"LastModifiedDate": "2025-05-28T17:35:54.08Z"
},
{
"VulnerabilityID": "CVE-2024-11392",
"VendorIDs": [
"GHSA-qxrp-vhvm-j765"
],
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.40.2",
"UID": "27aac2de600fe28"
},
"InstalledVersion": "4.40.2",
"FixedVersion": "4.48.0",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-11392",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Fingerprint": "sha256:1d93894feb6df10f8059525ce17298999bb6de7b17f9c8c7bc088a9dd4099b82",
"Title": "transformers: Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability",
"Description": "Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of configuration files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-24322.",
"Severity": "HIGH",
"CweIDs": [
"CWE-502"
],
"VendorSeverity": {
"ghsa": 3,
"nvd": 3,
"redhat": 3
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"V3Score": 7.5
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"V3Score": 8.8
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"V3Score": 7.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2024-11392",
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/issues/34840",
"https://github.com/huggingface/transformers/pull/35296",
"https://github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2024-227.yaml",
"https://nvd.nist.gov/vuln/detail/CVE-2024-11392",
"https://www.cve.org/CVERecord?id=CVE-2024-11392",
"https://www.zerodayinitiative.com/advisories/ZDI-24-1513",
"https://www.zerodayinitiative.com/advisories/ZDI-24-1513/"
],
"PublishedDate": "2024-11-22T22:15:06.97Z",
"LastModifiedDate": "2025-02-10T22:18:55.153Z"
},
{
"VulnerabilityID": "CVE-2024-11393",
"VendorIDs": [
"GHSA-wrfc-pvp9-mr9g"
],
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.40.2",
"UID": "27aac2de600fe28"
},
"InstalledVersion": "4.40.2",
"FixedVersion": "4.48.0",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-11393",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Fingerprint": "sha256:0c6ed401c3140f9a53feebb8e376c5108785973c2565a43857ec692d84b9b204",
"Title": "transformers: Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability",
"Description": "Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25191.",
"Severity": "HIGH",
"CweIDs": [
"CWE-502"
],
"VendorSeverity": {
"ghsa": 3,
"nvd": 3,
"redhat": 3
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"V3Score": 8.8
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"V3Score": 8.8
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"V3Score": 8.8
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2024-11393",
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/issues/34840",
"https://github.com/huggingface/transformers/pull/35296",
"https://github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2024-228.yaml",
"https://nvd.nist.gov/vuln/detail/CVE-2024-11393",
"https://www.cve.org/CVERecord?id=CVE-2024-11393",
"https://www.zerodayinitiative.com/advisories/ZDI-24-1514",
"https://www.zerodayinitiative.com/advisories/ZDI-24-1514/"
],
"PublishedDate": "2024-11-22T22:15:07.1Z",
"LastModifiedDate": "2025-02-10T22:18:52.253Z"
},
{
"VulnerabilityID": "CVE-2024-11394",
"VendorIDs": [
"GHSA-hxxf-235m-72v3"
],
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.40.2",
"UID": "27aac2de600fe28"
},
"InstalledVersion": "4.40.2",
"FixedVersion": "4.48.0",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-11394",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Fingerprint": "sha256:7643d9516f46e9d7f4350a0cf6f9056517c76f4570c7c661ff360a5b55464dd3",
"Title": "transformers: Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability",
"Description": "Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25012.",
"Severity": "HIGH",
"CweIDs": [
"CWE-502"
],
"VendorSeverity": {
"ghsa": 3,
"nvd": 3,
"redhat": 3
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"V3Score": 8.8
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"V3Score": 8.8
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"V3Score": 8.8
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2024-11394",
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/issues/34840",
"https://github.com/huggingface/transformers/pull/35296",
"https://github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2024-229.yaml",
"https://nvd.nist.gov/vuln/detail/CVE-2024-11394",
"https://www.cve.org/CVERecord?id=CVE-2024-11394",
"https://www.zerodayinitiative.com/advisories/ZDI-24-1515",
"https://www.zerodayinitiative.com/advisories/ZDI-24-1515/"
],
"PublishedDate": "2024-11-22T22:15:07.223Z",
"LastModifiedDate": "2025-02-10T22:16:16.163Z"
},
{
"VulnerabilityID": "CVE-2024-12720",
"VendorIDs": [
"GHSA-6rvg-6v2m-4j46"
],
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.40.2",
"UID": "27aac2de600fe28"
},
"InstalledVersion": "4.40.2",
"FixedVersion": "4.48.0",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12720",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Fingerprint": "sha256:2b5c0f2ad484be1cbade26a91ec9726b306ccd602b54ea6e05155f38b9b2f1bb",
"Title": "Transformers Regular Expression Denial of Service (ReDoS) vulnerability",
"Description": "A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file tokenization_nougat_fast.py. The vulnerability occurs in the post_process_single() function, where a regular expression processes specially crafted input. The issue stems from the regex exhibiting exponential time complexity under certain conditions, leading to excessive backtracking. This can result in significantly high CPU usage and potential application downtime, effectively creating a Denial of Service (DoS) scenario. The affected version is v4.46.3 (latest).",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-1333"
],
"VendorSeverity": {
"ghsa": 2,
"nvd": 3
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/commit/deac971c469bcbb182c2e52da0b82fb3bf54cccf",
"https://huntr.com/bounties/4bed1214-7835-4252-a853-22bbad891f98",
"https://nvd.nist.gov/vuln/detail/CVE-2024-12720"
],
"PublishedDate": "2025-03-20T10:15:29.507Z",
"LastModifiedDate": "2025-08-01T21:11:26.963Z"
},
{
"VulnerabilityID": "CVE-2025-1194",
"VendorIDs": [
"GHSA-fpwr-67px-3qhx"
],
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.40.2",
"UID": "27aac2de600fe28"
},
"InstalledVersion": "4.40.2",
"FixedVersion": "4.50.0",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1194",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Fingerprint": "sha256:b88d170019e266c5a3da9fb8fd08c6cc0a745821832120646ad520eaac7439ce",
"Title": "Transformers Regular Expression Denial of Service (ReDoS) vulnerability",
"Description": "A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file `tokenization_gpt_neox_japanese.py` of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where regular expressions process specially crafted inputs. The issue stems from a regex exhibiting exponential complexity under certain conditions, leading to excessive backtracking. This can result in high CPU usage and potential application downtime, effectively creating a Denial of Service (DoS) scenario. The affected version is v4.48.1 (latest).",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-1333"
],
"VendorSeverity": {
"ghsa": 2,
"nvd": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"V3Score": 4.3
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 6.5
}
},
"References": [
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/commit/92c5ca9dd70de3ade2af2eb835c96215cc50e815",
"https://huntr.com/bounties/86f58dcd-683f-4adc-a735-849f51e9abb2",
"https://nvd.nist.gov/vuln/detail/CVE-2025-1194"
],
"PublishedDate": "2025-04-29T12:15:31.717Z",
"LastModifiedDate": "2025-08-01T21:56:15.79Z"
},
{
"VulnerabilityID": "CVE-2025-2099",
"VendorIDs": [
"GHSA-qq3j-4f4f-9583"
],
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.40.2",
"UID": "27aac2de600fe28"
},
"InstalledVersion": "4.40.2",
"FixedVersion": "4.50.0",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-2099",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Fingerprint": "sha256:0da6cba020fd37870f0dd4b8dc78b23c843766eea9944feaa1657a3573b557aa",
"Title": "transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers",
"Description": "A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils` module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service (ReDoS) attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leading to exponential backtracking when processing input with a large number of newline characters. An attacker can exploit this by providing a specially crafted payload, causing high CPU usage and potential application downtime, effectively resulting in a Denial of Service (DoS) scenario.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-1333"
],
"VendorSeverity": {
"ghsa": 2,
"nvd": 3,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-2099",
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/commit/8cb522b4190bd556ce51be04942720650b1a3e57",
"https://github.com/huggingface/transformers/pull/36648",
"https://github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2025-40.yaml",
"https://huntr.com/bounties/97b780f3-ffca-424f-ad5d-0e1c57a5bde4",
"https://nvd.nist.gov/vuln/detail/CVE-2025-2099",
"https://www.cve.org/CVERecord?id=CVE-2025-2099"
],
"PublishedDate": "2025-05-19T12:15:19.64Z",
"LastModifiedDate": "2025-05-21T17:43:15.08Z"
},
{
"VulnerabilityID": "CVE-2025-3263",
"VendorIDs": [
"GHSA-q2wp-rjmx-x6x9"
],
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.40.2",
"UID": "27aac2de600fe28"
},
"InstalledVersion": "4.40.2",
"FixedVersion": "4.51.0",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-3263",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Fingerprint": "sha256:fcc6aa53152757b3a53dc635d72d30538d24d5f34efe65dbe022fe8d6c7931f6",
"Title": "transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers",
"Description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the `get_configuration_file()` function within the `transformers.configuration_utils` module. The affected version is 4.49.0, and the issue is resolved in version 4.51.0. The vulnerability arises from the use of a regular expression pattern `config\\.(.*)\\.json` that can be exploited to cause excessive CPU consumption through crafted input strings, leading to catastrophic backtracking. This can result in model serving disruption, resource exhaustion, and increased latency in applications using the library.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-1333"
],
"VendorSeverity": {
"ghsa": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-3263",
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/commit/0720e206c6ba28887e4d60ef60a6a089f6c1cc76",
"https://github.com/huggingface/transformers/commit/126abe3461762e5fc180e7e614391d1b4ab051ca",
"https://huntr.com/bounties/c7a69150-54f8-4e81-8094-791e7a2a0f29",
"https://nvd.nist.gov/vuln/detail/CVE-2025-3263",
"https://www.cve.org/CVERecord?id=CVE-2025-3263"
],
"PublishedDate": "2025-07-07T10:15:27.35Z",
"LastModifiedDate": "2025-08-07T01:03:17.99Z"
},
{
"VulnerabilityID": "CVE-2025-3264",
"VendorIDs": [
"GHSA-jjph-296x-mrcr"
],
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.40.2",
"UID": "27aac2de600fe28"
},
"InstalledVersion": "4.40.2",
"FixedVersion": "4.51.0",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-3264",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Fingerprint": "sha256:97670fd4073ac30b0e0445297512876ff05896b1f5670c99e572b67eeebb2e63",
"Title": "transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers",
"Description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the `get_imports()` function within `dynamic_module_utils.py`. This vulnerability affects versions 4.49.0 and is fixed in version 4.51.0. The issue arises from a regular expression pattern `\\s*try\\s*:.*?except.*?:` used to filter out try/except blocks from Python code, which can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. This vulnerability can lead to remote code loading disruption, resource exhaustion in model serving, supply chain attack vectors, and development pipeline disruption.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-1333"
],
"VendorSeverity": {
"ghsa": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-3264",
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/commit/0720e206c6ba28887e4d60ef60a6a089f6c1cc76",
"https://github.com/huggingface/transformers/commit/126abe3461762e5fc180e7e614391d1b4ab051ca",
"https://huntr.com/bounties/3c6f7822-9992-476d-8cf0-b0b1623427df",
"https://nvd.nist.gov/vuln/detail/CVE-2025-3264",
"https://www.cve.org/CVERecord?id=CVE-2025-3264"
],
"PublishedDate": "2025-07-07T10:15:27.5Z",
"LastModifiedDate": "2025-08-07T01:02:30.7Z"
},
{
"VulnerabilityID": "CVE-2025-3933",
"VendorIDs": [
"GHSA-37mw-44qp-f5jm"
],
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.40.2",
"UID": "27aac2de600fe28"
},
"InstalledVersion": "4.40.2",
"FixedVersion": "4.52.1",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-3933",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Fingerprint": "sha256:76d0b15c980a9127909a3a24bf55dc4af4ada1fe992bca67a2c8ad72e767ed0c",
"Title": "transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers",
"Description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's `token2json()` method. This vulnerability affects versions 4.50.3 and earlier, and is fixed in version 4.52.1. The issue arises from the regex pattern `<s_(.*?)>` which can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. This vulnerability can lead to service disruption, resource exhaustion, and potential API service vulnerabilities, impacting document processing tasks using the Donut model.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-1333"
],
"VendorSeverity": {
"ghsa": 2,
"nvd": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-3933",
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/commit/ebbe9b12dd75b69f92100d684c47f923ee262a93",
"https://github.com/huggingface/transformers/pull/37788",
"https://huntr.com/bounties/25282953-5827-4384-bb6f-5790d275721b",
"https://nvd.nist.gov/vuln/detail/CVE-2025-3933",
"https://www.cve.org/CVERecord?id=CVE-2025-3933"
],
"PublishedDate": "2025-07-11T10:15:22.293Z",
"LastModifiedDate": "2025-08-07T01:01:46.78Z"
},
{
"VulnerabilityID": "CVE-2025-5197",
"VendorIDs": [
"GHSA-9356-575x-2w9m"
],
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.40.2",
"UID": "27aac2de600fe28"
},
"InstalledVersion": "4.40.2",
"FixedVersion": "4.53.0",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5197",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Fingerprint": "sha256:430f11d23a9271973fbd5aae56567f6fdd1872fa81a9475974c5cec0566aa4c6",
"Title": "transformers: Transformers ReDoS Vulnerability",
"Description": "A Regular Expression Denial of Service (ReDoS) vulnerability exists in the Hugging Face Transformers library, specifically in the `convert_tf_weight_name_to_pt_weight_name()` function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern `/[^/]*___([^/]*)/` that can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. The vulnerability affects versions up to 4.51.3 and is fixed in version 4.53.0. This issue can lead to service disruption, resource exhaustion, and potential API service vulnerabilities, impacting model conversion processes between TensorFlow and PyTorch formats.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-1333"
],
"VendorSeverity": {
"ghsa": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-5197",
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/commit/701caef704e356dc2f9331cc3fd5df0eccb4720a",
"https://github.com/huggingface/transformers/commit/944b56000be5e9b61af8301aa340838770ad8a0b",
"https://huntr.com/bounties/3f8b3fd0-166b-46e7-b60f-60dd9d2678bf",
"https://nvd.nist.gov/vuln/detail/CVE-2025-5197",
"https://www.cve.org/CVERecord?id=CVE-2025-5197"
],
"PublishedDate": "2025-08-06T12:15:26.837Z",
"LastModifiedDate": "2025-10-21T16:46:13.38Z"
},
{
"VulnerabilityID": "CVE-2025-6051",
"VendorIDs": [
"GHSA-rcv9-qm8p-9p6j"
],
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.40.2",
"UID": "27aac2de600fe28"
},
"InstalledVersion": "4.40.2",
"FixedVersion": "4.53.0",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-6051",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Fingerprint": "sha256:adcdb47bbee9d61324c75cb793a38088b55743e0d67926014789626d65d56a7e",
"Title": "transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers",
"Description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the `normalize_numbers()` method of the `EnglishNormalizer` class. This vulnerability affects versions up to 4.52.4 and is fixed in version 4.53.0. The issue arises from the method's handling of numeric strings, which can be exploited using crafted input strings containing long sequences of digits, leading to excessive CPU consumption. This vulnerability impacts text-to-speech and number normalization tasks, potentially causing service disruption, resource exhaustion, and API vulnerabilities.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-1333"
],
"VendorSeverity": {
"ghsa": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-6051",
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/commit/54a02160eb030da9be18231c77791f2eb3a52216",
"https://github.com/huggingface/transformers/commit/ba8eaba9865618253f997784aa565b96206426f0",
"https://github.com/huggingface/transformers/pull/38844",
"https://huntr.com/bounties/af929523-7b59-418a-bf55-301830b2ac9d",
"https://nvd.nist.gov/vuln/detail/CVE-2025-6051",
"https://www.cve.org/CVERecord?id=CVE-2025-6051"
],
"PublishedDate": "2025-09-14T17:15:34.21Z",
"LastModifiedDate": "2025-10-21T14:16:24.77Z"
},
{
"VulnerabilityID": "CVE-2025-6638",
"VendorIDs": [
"GHSA-59p9-h35m-wg4g"
],
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.40.2",
"UID": "27aac2de600fe28"
},
"InstalledVersion": "4.40.2",
"FixedVersion": "4.53.0",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-6638",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Fingerprint": "sha256:e1806659234ce042be87fe65f63569a1a922fc23c10f5039ab5f20db2bf18178",
"Title": "transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers",
"Description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically affecting the MarianTokenizer's `remove_language_code()` method. This vulnerability is present in version 4.52.4 and has been fixed in version 4.53.0. The issue arises from inefficient regex processing, which can be exploited by crafted input strings containing malformed language code patterns, leading to excessive CPU consumption and potential denial of service.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-1333"
],
"VendorSeverity": {
"ghsa": 2,
"nvd": 3,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-6638",
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/commit/47c34fba5c303576560cb29767efb452ff12b8be",
"https://github.com/huggingface/transformers/commit/d37f7517972f67e3f2194c000ed0f87f064e5099",
"https://huntr.com/bounties/6a6c933f-9ce8-4ded-8b3b-2c1444c61f36",
"https://nvd.nist.gov/vuln/detail/CVE-2025-6638",
"https://www.cve.org/CVERecord?id=CVE-2025-6638"
],
"PublishedDate": "2025-09-12T11:15:31.77Z",
"LastModifiedDate": "2025-10-21T13:33:08.58Z"
},
{
"VulnerabilityID": "CVE-2025-6921",
"VendorIDs": [
"GHSA-4w7r-h757-3r74"
],
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.40.2",
"UID": "27aac2de600fe28"
},
"InstalledVersion": "4.40.2",
"FixedVersion": "4.53.0",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-6921",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Fingerprint": "sha256:5dcc19aa62a87927010a1044bf028792ebb509c39f0c16d3acca39ce1614dd35",
"Title": "transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers",
"Description": "The huggingface/transformers library, versions prior to 4.53.0, is vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer. The vulnerability arises from the _do_use_weight_decay method, which processes user-controlled regular expressions in the include_in_weight_decay and exclude_from_weight_decay lists. Malicious regular expressions can cause catastrophic backtracking during the re.search call, leading to 100% CPU utilization and a denial of service. This issue can be exploited by attackers who can control the patterns in these lists, potentially causing the machine learning task to hang and rendering services unresponsive.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-400"
],
"VendorSeverity": {
"ghsa": 2,
"nvd": 3,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-6921",
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/commit/47c34fba5c303576560cb29767efb452ff12b8be",
"https://github.com/huggingface/transformers/commit/d37f7517972f67e3f2194c000ed0f87f064e5099",
"https://huntr.com/bounties/287d15a7-6e7c-45d2-8c05-11e305776f1f",
"https://nvd.nist.gov/vuln/detail/CVE-2025-6921",
"https://www.cve.org/CVERecord?id=CVE-2025-6921"
],
"PublishedDate": "2025-09-23T14:15:41.387Z",
"LastModifiedDate": "2025-10-10T21:31:30.23Z"
}
]
},
{
"Target": "Dockerfile",
"Class": "config",
"Type": "dockerfile",
"MisconfSummary": {
"Successes": 23,
"Failures": 1
},
"Misconfigurations": [
{
"Type": "Dockerfile Security Check",
"ID": "DS-0029",
"Title": "'apt-get' missing '--no-install-recommends'",
"Description": "'apt-get' install should use '--no-install-recommends' to minimize image size.",
"Message": "'--no-install-recommends' flag is missed: 'apt-get update && apt-get install -y libgl1 libglib2.0-0 tesseract-ocr && rm -rf /var/lib/apt/lists/*'",
"Namespace": "builtin.dockerfile.DS029",
"Query": "data.builtin.dockerfile.DS029.deny",
"Resolution": "Add '--no-install-recommends' flag to 'apt-get'",
"Severity": "HIGH",
"PrimaryURL": "https://avd.aquasec.com/misconfig/ds-0029",
"References": [
"https://docs.docker.com/develop/develop-images/dockerfile_best-practices/",
"https://avd.aquasec.com/misconfig/ds-0029"
],
"Status": "FAIL",
"CauseMetadata": {
"Provider": "Dockerfile",
"Service": "general",
"StartLine": 3,
"EndLine": 7,
"Code": {
"Lines": [
{
"Number": 3,
"Content": "RUN apt-get update && apt-get install -y \\",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": "\u001b[38;5;64mRUN\u001b[0m apt-get update \u001b[38;5;245m&&\u001b[0m apt-get install -y \u001b[38;5;124m\\",
"FirstCause": true,
"LastCause": false
},
{
"Number": 4,
"Content": " libgl1 \\",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": "\u001b[0m libgl1 \u001b[38;5;124m\\",
"FirstCause": false,
"LastCause": false
},
{
"Number": 5,
"Content": " libglib2.0-0 \\",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": "\u001b[0m libglib2.0-0 \u001b[38;5;124m\\",
"FirstCause": false,
"LastCause": false
},
{
"Number": 6,
"Content": " tesseract-ocr \\",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": "\u001b[0m tesseract-ocr \u001b[38;5;124m\\",
"FirstCause": false,
"LastCause": false
},
{
"Number": 7,
"Content": " && rm -rf /var/lib/apt/lists/*",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": "\u001b[0m \u001b[38;5;245m&&\u001b[0m rm -rf /var/lib/apt/lists/*",
"FirstCause": false,
"LastCause": true
}
]
}
}
}
]
}
]
}