Critical
High
Medium
Low
Secrets
Misconfig
| Severity | CVE ID | Package | Installed | Fixed In | Description |
|---|---|---|---|---|---|
| HIGH | CVE-2026-1260 | sentencepiece | 0.2.0 | 0.2.1 | sentencepiece: Sentencepiece: Invalid memory access leading to potential arbitrary code execution vi |
| MEDIUM | CVE-2026-33682 | streamlit | 1.41.1 | 1.54.0 | Unauthenticated SSRF Vulnerability in Streamlit on Windows (NTLM Credential Exposure) |
| CRITICAL | CVE-2025-32434 | torch | 2.5.1 | 2.6.0 | PyTorch is a Python package that provides tensor computation with stro ... |
| MEDIUM | CVE-2025-3730 | torch | 2.5.1 | 2.8.0 | A vulnerability, which was classified as problematic, was found in PyT ... |
| HIGH | CVE-2024-11392 | transformers | 4.47.1 | 4.48.0 | transformers: Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Ex |
| HIGH | CVE-2024-11393 | transformers | 4.47.1 | 4.48.0 | transformers: Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Co |
| HIGH | CVE-2024-11394 | transformers | 4.47.1 | 4.48.0 | transformers: Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Exe |
| MEDIUM | CVE-2024-12720 | transformers | 4.47.1 | 4.48.0 | Transformers Regular Expression Denial of Service (ReDoS) vulnerability |
| MEDIUM | CVE-2025-1194 | transformers | 4.47.1 | 4.50.0 | Transformers Regular Expression Denial of Service (ReDoS) vulnerability |
| MEDIUM | CVE-2025-2099 | transformers | 4.47.1 | 4.50.0 | transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers |
| MEDIUM | CVE-2025-3263 | transformers | 4.47.1 | 4.51.0 | transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers |
| MEDIUM | CVE-2025-3264 | transformers | 4.47.1 | 4.51.0 | transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers |
| MEDIUM | CVE-2025-3933 | transformers | 4.47.1 | 4.52.1 | transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers |
| MEDIUM | CVE-2025-5197 | transformers | 4.47.1 | 4.53.0 | transformers: Transformers ReDoS Vulnerability |
| MEDIUM | CVE-2025-6051 | transformers | 4.47.1 | 4.53.0 | transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers |
| MEDIUM | CVE-2025-6638 | transformers | 4.47.1 | 4.53.0 | transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers |
| MEDIUM | CVE-2025-6921 | transformers | 4.47.1 | 4.53.0 | transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers |
| MEDIUM | CVE-2026-1839 | transformers | 4.47.1 | 5.0.0rc3 | transformers: HuggingFace Transformers: Arbitrary code execution via malicious checkpoint file |
| MEDIUM | CVE-2024-5629 | pymongo | 4.3.3 | 4.6.3 | python-pymongo: Out-of-bounds read in bson module |
| MEDIUM | CVE-2026-25645 | requests | 2.32.5 | 2.33.0 | requests: Requests: Security bypass due to predictable temporary file creation |
| MEDIUM | CVE-2026-33682 | streamlit | 1.41.1 | 1.54.0 | Unauthenticated SSRF Vulnerability in Streamlit on Windows (NTLM Credential Exposure) |
| CRITICAL | CVE-2025-32434 | torch | 2.5.1 | 2.6.0 | PyTorch is a Python package that provides tensor computation with stro ... |
| MEDIUM | CVE-2025-3730 | torch | 2.5.1 | 2.8.0 | A vulnerability, which was classified as problematic, was found in PyT ... |
| MEDIUM | CVE-2025-1194 | transformers | 4.48.0 | 4.50.0 | Transformers Regular Expression Denial of Service (ReDoS) vulnerability |
| MEDIUM | CVE-2025-2099 | transformers | 4.48.0 | 4.50.0 | transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers |
| MEDIUM | CVE-2025-3263 | transformers | 4.48.0 | 4.51.0 | transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers |
| MEDIUM | CVE-2025-3264 | transformers | 4.48.0 | 4.51.0 | transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers |
| MEDIUM | CVE-2025-3933 | transformers | 4.48.0 | 4.52.1 | transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers |
| MEDIUM | CVE-2025-5197 | transformers | 4.48.0 | 4.53.0 | transformers: Transformers ReDoS Vulnerability |
| MEDIUM | CVE-2025-6051 | transformers | 4.48.0 | 4.53.0 | transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers |
| MEDIUM | CVE-2025-6638 | transformers | 4.48.0 | 4.53.0 | transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers |
| MEDIUM | CVE-2025-6921 | transformers | 4.48.0 | 4.53.0 | transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers |
| MEDIUM | CVE-2026-1839 | transformers | 4.48.0 | 5.0.0rc3 | transformers: HuggingFace Transformers: Arbitrary code execution via malicious checkpoint file |
| Type | File | Line | Match |
|---|---|---|---|
| ✅ No secrets found | |||
| Severity | ID | Check | File | Message |
|---|---|---|---|---|
| HIGH | DS002 | Image user should not be 'root' | Dockerfile | Specify at least 1 USER command in Dockerfile with non-root user as argument |
{
"SchemaVersion": 2,
"CreatedAt": "2026-04-14T06:54:07.818079144Z",
"ArtifactName": "/src",
"ArtifactType": "filesystem",
"Metadata": {
"ImageConfig": {
"architecture": "",
"created": "0001-01-01T00:00:00Z",
"os": "",
"rootfs": {
"type": "",
"diff_ids": null
},
"config": {}
}
},
"Results": [
{
"Target": "misc/requirements.txt",
"Class": "lang-pkgs",
"Type": "pip",
"Vulnerabilities": [
{
"VulnerabilityID": "CVE-2026-1260",
"PkgName": "sentencepiece",
"PkgIdentifier": {
"PURL": "pkg:pypi/sentencepiece@0.2.0"
},
"InstalledVersion": "0.2.0",
"FixedVersion": "0.2.1",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-1260",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "sentencepiece: Sentencepiece: Invalid memory access leading to potential arbitrary code execution via a crafted model file.",
"Description": "Invalid memory access in Sentencepiece versions less than 0.2.1 when using a vulnerable model file, which is not created in the normal training procedure.",
"Severity": "HIGH",
"CweIDs": [
"CWE-119"
],
"VendorSeverity": {
"ghsa": 3,
"nvd": 3,
"redhat": 3
},
"CVSS": {
"ghsa": {},
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 7.8
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"V3Score": 7.8
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2026-1260",
"https://github.com/google/sentencepiece",
"https://github.com/google/sentencepiece/commit/d856b67fdb3492e035489abf9b3aaf486144b2c0",
"https://github.com/google/sentencepiece/releases/tag/v0.2.1",
"https://nvd.nist.gov/vuln/detail/CVE-2026-1260",
"https://www.cve.org/CVERecord?id=CVE-2026-1260"
],
"PublishedDate": "2026-01-22T17:16:30.643Z",
"LastModifiedDate": "2026-01-30T18:33:45.45Z"
},
{
"VulnerabilityID": "CVE-2026-33682",
"PkgName": "streamlit",
"PkgIdentifier": {
"PURL": "pkg:pypi/streamlit@1.41.1"
},
"InstalledVersion": "1.41.1",
"FixedVersion": "1.54.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33682",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "Unauthenticated SSRF Vulnerability in Streamlit on Windows (NTLM Credential Exposure)",
"Description": "Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery (SSRF) vulnerability. The vulnerability arises from improper validation of attacker-supplied filesystem paths. In certain code paths, including within the `ComponentRequestHandler`, filesystem paths are resolved using `os.path.realpath()` or `Path.resolve()` before sufficient validation occurs. On Windows systems, supplying a malicious UNC path (e.g., `\\\\attacker-controlled-host\\share`) can cause the Streamlit server to initiate outbound SMB connections over port 445. When Windows attempts to authenticate to the remote SMB server, NTLMv2 challenge-response credentials of the Windows user running the Streamlit process may be transmitted. This behavior may allow an attacker to perform NTLM relay attacks against other internal services and/or identify internally reachable SMB hosts via timing analysis. The vulnerability has been fixed in Streamlit Open Source version 1.54.0.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-918"
],
"VendorSeverity": {
"ghsa": 2,
"nvd": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"V3Score": 4.7
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"V3Score": 4.8
}
},
"References": [
"https://github.com/streamlit/streamlit",
"https://github.com/streamlit/streamlit/commit/23692ca70b2f2ac720c72d1feb4f190c9d6eed76",
"https://github.com/streamlit/streamlit/releases/tag/1.54.0",
"https://github.com/streamlit/streamlit/security/advisories/GHSA-7p48-42j8-8846",
"https://nvd.nist.gov/vuln/detail/CVE-2026-33682"
],
"PublishedDate": "2026-03-26T22:16:30.88Z",
"LastModifiedDate": "2026-04-01T13:28:47.47Z"
},
{
"VulnerabilityID": "CVE-2025-32434",
"PkgName": "torch",
"PkgIdentifier": {
"PURL": "pkg:pypi/torch@2.5.1"
},
"InstalledVersion": "2.5.1",
"FixedVersion": "2.6.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-32434",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "PyTorch is a Python package that provides tensor computation with stro ...",
"Description": "PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.",
"Severity": "CRITICAL",
"CweIDs": [
"CWE-502"
],
"VendorSeverity": {
"azure": 4,
"bitnami": 4,
"cbl-mariner": 4,
"ghsa": 4,
"nvd": 4
},
"CVSS": {
"bitnami": {},
"ghsa": {},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 9.8
}
},
"References": [
"https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-41.yaml",
"https://github.com/pytorch/pytorch",
"https://github.com/pytorch/pytorch/commit/8d4b8a920a2172523deb95bf20e8e52d50649c04",
"https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6",
"https://lists.debian.org/debian-lts-announce/2025/12/msg00000.html",
"https://nvd.nist.gov/vuln/detail/CVE-2025-32434"
],
"PublishedDate": "2025-04-18T16:15:23.183Z",
"LastModifiedDate": "2025-12-01T07:16:01.807Z"
},
{
"VulnerabilityID": "CVE-2025-3730",
"PkgName": "torch",
"PkgIdentifier": {
"PURL": "pkg:pypi/torch@2.5.1"
},
"InstalledVersion": "2.5.1",
"FixedVersion": "2.8.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-3730",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "A vulnerability, which was classified as problematic, was found in PyT ...",
"Description": "A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 46fc5d8e360127361211cb237d5f9eef0223e567. It is recommended to apply a patch to fix this issue. The security policy of the project warns to use unknown models which might establish malicious effects.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-404"
],
"VendorSeverity": {
"azure": 2,
"bitnami": 2,
"cbl-mariner": 2,
"ghsa": 2,
"nvd": 2
},
"CVSS": {
"bitnami": {},
"ghsa": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 3.3
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://github.com/pytorch/pytorch",
"https://github.com/pytorch/pytorch/commit/01f226bfb8f2c343f5c614a6bbf685d91160f3af",
"https://github.com/pytorch/pytorch/issues/150835",
"https://github.com/pytorch/pytorch/issues/150835#issue-2979082232",
"https://github.com/pytorch/pytorch/pull/150981",
"https://github.com/timocafe/tewart-pytorch/commit/46fc5d8e360127361211cb237d5f9eef0223e567",
"https://nvd.nist.gov/vuln/detail/CVE-2025-3730",
"https://vuldb.com/?ctiid.305076",
"https://vuldb.com/?id.305076",
"https://vuldb.com/?submit.553645"
],
"PublishedDate": "2025-04-16T21:15:48.7Z",
"LastModifiedDate": "2025-05-28T17:35:54.08Z"
},
{
"VulnerabilityID": "CVE-2024-11392",
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.47.1"
},
"InstalledVersion": "4.47.1",
"FixedVersion": "4.48.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-11392",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "transformers: Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability",
"Description": "Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of configuration files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-24322.",
"Severity": "HIGH",
"CweIDs": [
"CWE-502"
],
"VendorSeverity": {
"ghsa": 3,
"nvd": 3,
"redhat": 3
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"V3Score": 7.5
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"V3Score": 8.8
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"V3Score": 7.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2024-11392",
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/issues/34840",
"https://github.com/huggingface/transformers/pull/35296",
"https://github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2024-227.yaml",
"https://nvd.nist.gov/vuln/detail/CVE-2024-11392",
"https://www.cve.org/CVERecord?id=CVE-2024-11392",
"https://www.zerodayinitiative.com/advisories/ZDI-24-1513",
"https://www.zerodayinitiative.com/advisories/ZDI-24-1513/"
],
"PublishedDate": "2024-11-22T22:15:06.97Z",
"LastModifiedDate": "2025-02-10T22:18:55.153Z"
},
{
"VulnerabilityID": "CVE-2024-11393",
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.47.1"
},
"InstalledVersion": "4.47.1",
"FixedVersion": "4.48.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-11393",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "transformers: Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability",
"Description": "Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25191.",
"Severity": "HIGH",
"CweIDs": [
"CWE-502"
],
"VendorSeverity": {
"ghsa": 3,
"nvd": 3,
"redhat": 3
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"V3Score": 8.8
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"V3Score": 8.8
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"V3Score": 8.8
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2024-11393",
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/issues/34840",
"https://github.com/huggingface/transformers/pull/35296",
"https://github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2024-228.yaml",
"https://nvd.nist.gov/vuln/detail/CVE-2024-11393",
"https://www.cve.org/CVERecord?id=CVE-2024-11393",
"https://www.zerodayinitiative.com/advisories/ZDI-24-1514",
"https://www.zerodayinitiative.com/advisories/ZDI-24-1514/"
],
"PublishedDate": "2024-11-22T22:15:07.1Z",
"LastModifiedDate": "2025-02-10T22:18:52.253Z"
},
{
"VulnerabilityID": "CVE-2024-11394",
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.47.1"
},
"InstalledVersion": "4.47.1",
"FixedVersion": "4.48.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-11394",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "transformers: Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability",
"Description": "Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25012.",
"Severity": "HIGH",
"CweIDs": [
"CWE-502"
],
"VendorSeverity": {
"ghsa": 3,
"nvd": 3,
"redhat": 3
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"V3Score": 8.8
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"V3Score": 8.8
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"V3Score": 8.8
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2024-11394",
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/issues/34840",
"https://github.com/huggingface/transformers/pull/35296",
"https://github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2024-229.yaml",
"https://nvd.nist.gov/vuln/detail/CVE-2024-11394",
"https://www.cve.org/CVERecord?id=CVE-2024-11394",
"https://www.zerodayinitiative.com/advisories/ZDI-24-1515",
"https://www.zerodayinitiative.com/advisories/ZDI-24-1515/"
],
"PublishedDate": "2024-11-22T22:15:07.223Z",
"LastModifiedDate": "2025-02-10T22:16:16.163Z"
},
{
"VulnerabilityID": "CVE-2024-12720",
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.47.1"
},
"InstalledVersion": "4.47.1",
"FixedVersion": "4.48.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12720",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "Transformers Regular Expression Denial of Service (ReDoS) vulnerability",
"Description": "A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file tokenization_nougat_fast.py. The vulnerability occurs in the post_process_single() function, where a regular expression processes specially crafted input. The issue stems from the regex exhibiting exponential time complexity under certain conditions, leading to excessive backtracking. This can result in significantly high CPU usage and potential application downtime, effectively creating a Denial of Service (DoS) scenario. The affected version is v4.46.3 (latest).",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-1333"
],
"VendorSeverity": {
"ghsa": 2,
"nvd": 3
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/commit/deac971c469bcbb182c2e52da0b82fb3bf54cccf",
"https://huntr.com/bounties/4bed1214-7835-4252-a853-22bbad891f98",
"https://nvd.nist.gov/vuln/detail/CVE-2024-12720"
],
"PublishedDate": "2025-03-20T10:15:29.507Z",
"LastModifiedDate": "2025-08-01T21:11:26.963Z"
},
{
"VulnerabilityID": "CVE-2025-1194",
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.47.1"
},
"InstalledVersion": "4.47.1",
"FixedVersion": "4.50.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1194",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "Transformers Regular Expression Denial of Service (ReDoS) vulnerability",
"Description": "A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file `tokenization_gpt_neox_japanese.py` of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where regular expressions process specially crafted inputs. The issue stems from a regex exhibiting exponential complexity under certain conditions, leading to excessive backtracking. This can result in high CPU usage and potential application downtime, effectively creating a Denial of Service (DoS) scenario. The affected version is v4.48.1 (latest).",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-1333"
],
"VendorSeverity": {
"ghsa": 2,
"nvd": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"V3Score": 4.3
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 6.5
}
},
"References": [
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/commit/92c5ca9dd70de3ade2af2eb835c96215cc50e815",
"https://huntr.com/bounties/86f58dcd-683f-4adc-a735-849f51e9abb2",
"https://nvd.nist.gov/vuln/detail/CVE-2025-1194"
],
"PublishedDate": "2025-04-29T12:15:31.717Z",
"LastModifiedDate": "2025-08-01T21:56:15.79Z"
},
{
"VulnerabilityID": "CVE-2025-2099",
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.47.1"
},
"InstalledVersion": "4.47.1",
"FixedVersion": "4.50.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-2099",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers",
"Description": "A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils` module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service (ReDoS) attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leading to exponential backtracking when processing input with a large number of newline characters. An attacker can exploit this by providing a specially crafted payload, causing high CPU usage and potential application downtime, effectively resulting in a Denial of Service (DoS) scenario.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-1333"
],
"VendorSeverity": {
"ghsa": 2,
"nvd": 3,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-2099",
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/commit/8cb522b4190bd556ce51be04942720650b1a3e57",
"https://github.com/huggingface/transformers/pull/36648",
"https://github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2025-40.yaml",
"https://huntr.com/bounties/97b780f3-ffca-424f-ad5d-0e1c57a5bde4",
"https://nvd.nist.gov/vuln/detail/CVE-2025-2099",
"https://www.cve.org/CVERecord?id=CVE-2025-2099"
],
"PublishedDate": "2025-05-19T12:15:19.64Z",
"LastModifiedDate": "2025-05-21T17:43:15.08Z"
},
{
"VulnerabilityID": "CVE-2025-3263",
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.47.1"
},
"InstalledVersion": "4.47.1",
"FixedVersion": "4.51.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-3263",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers",
"Description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the `get_configuration_file()` function within the `transformers.configuration_utils` module. The affected version is 4.49.0, and the issue is resolved in version 4.51.0. The vulnerability arises from the use of a regular expression pattern `config\\.(.*)\\.json` that can be exploited to cause excessive CPU consumption through crafted input strings, leading to catastrophic backtracking. This can result in model serving disruption, resource exhaustion, and increased latency in applications using the library.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-1333"
],
"VendorSeverity": {
"ghsa": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-3263",
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/commit/0720e206c6ba28887e4d60ef60a6a089f6c1cc76",
"https://github.com/huggingface/transformers/commit/126abe3461762e5fc180e7e614391d1b4ab051ca",
"https://huntr.com/bounties/c7a69150-54f8-4e81-8094-791e7a2a0f29",
"https://nvd.nist.gov/vuln/detail/CVE-2025-3263",
"https://www.cve.org/CVERecord?id=CVE-2025-3263"
],
"PublishedDate": "2025-07-07T10:15:27.35Z",
"LastModifiedDate": "2025-08-07T01:03:17.99Z"
},
{
"VulnerabilityID": "CVE-2025-3264",
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.47.1"
},
"InstalledVersion": "4.47.1",
"FixedVersion": "4.51.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-3264",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers",
"Description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the `get_imports()` function within `dynamic_module_utils.py`. This vulnerability affects versions 4.49.0 and is fixed in version 4.51.0. The issue arises from a regular expression pattern `\\s*try\\s*:.*?except.*?:` used to filter out try/except blocks from Python code, which can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. This vulnerability can lead to remote code loading disruption, resource exhaustion in model serving, supply chain attack vectors, and development pipeline disruption.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-1333"
],
"VendorSeverity": {
"ghsa": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-3264",
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/commit/0720e206c6ba28887e4d60ef60a6a089f6c1cc76",
"https://github.com/huggingface/transformers/commit/126abe3461762e5fc180e7e614391d1b4ab051ca",
"https://huntr.com/bounties/3c6f7822-9992-476d-8cf0-b0b1623427df",
"https://nvd.nist.gov/vuln/detail/CVE-2025-3264",
"https://www.cve.org/CVERecord?id=CVE-2025-3264"
],
"PublishedDate": "2025-07-07T10:15:27.5Z",
"LastModifiedDate": "2025-08-07T01:02:30.7Z"
},
{
"VulnerabilityID": "CVE-2025-3933",
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.47.1"
},
"InstalledVersion": "4.47.1",
"FixedVersion": "4.52.1",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-3933",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers",
"Description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's `token2json()` method. This vulnerability affects versions 4.50.3 and earlier, and is fixed in version 4.52.1. The issue arises from the regex pattern `<s_(.*?)>` which can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. This vulnerability can lead to service disruption, resource exhaustion, and potential API service vulnerabilities, impacting document processing tasks using the Donut model.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-1333"
],
"VendorSeverity": {
"ghsa": 2,
"nvd": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-3933",
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/commit/ebbe9b12dd75b69f92100d684c47f923ee262a93",
"https://github.com/huggingface/transformers/pull/37788",
"https://huntr.com/bounties/25282953-5827-4384-bb6f-5790d275721b",
"https://nvd.nist.gov/vuln/detail/CVE-2025-3933",
"https://www.cve.org/CVERecord?id=CVE-2025-3933"
],
"PublishedDate": "2025-07-11T10:15:22.293Z",
"LastModifiedDate": "2025-08-07T01:01:46.78Z"
},
{
"VulnerabilityID": "CVE-2025-5197",
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.47.1"
},
"InstalledVersion": "4.47.1",
"FixedVersion": "4.53.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5197",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "transformers: Transformers ReDoS Vulnerability",
"Description": "A Regular Expression Denial of Service (ReDoS) vulnerability exists in the Hugging Face Transformers library, specifically in the `convert_tf_weight_name_to_pt_weight_name()` function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern `/[^/]*___([^/]*)/` that can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. The vulnerability affects versions up to 4.51.3 and is fixed in version 4.53.0. This issue can lead to service disruption, resource exhaustion, and potential API service vulnerabilities, impacting model conversion processes between TensorFlow and PyTorch formats.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-1333"
],
"VendorSeverity": {
"ghsa": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-5197",
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/commit/701caef704e356dc2f9331cc3fd5df0eccb4720a",
"https://github.com/huggingface/transformers/commit/944b56000be5e9b61af8301aa340838770ad8a0b",
"https://huntr.com/bounties/3f8b3fd0-166b-46e7-b60f-60dd9d2678bf",
"https://nvd.nist.gov/vuln/detail/CVE-2025-5197",
"https://www.cve.org/CVERecord?id=CVE-2025-5197"
],
"PublishedDate": "2025-08-06T12:15:26.837Z",
"LastModifiedDate": "2025-10-21T16:46:13.38Z"
},
{
"VulnerabilityID": "CVE-2025-6051",
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.47.1"
},
"InstalledVersion": "4.47.1",
"FixedVersion": "4.53.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-6051",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers",
"Description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the `normalize_numbers()` method of the `EnglishNormalizer` class. This vulnerability affects versions up to 4.52.4 and is fixed in version 4.53.0. The issue arises from the method's handling of numeric strings, which can be exploited using crafted input strings containing long sequences of digits, leading to excessive CPU consumption. This vulnerability impacts text-to-speech and number normalization tasks, potentially causing service disruption, resource exhaustion, and API vulnerabilities.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-1333"
],
"VendorSeverity": {
"ghsa": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-6051",
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/commit/54a02160eb030da9be18231c77791f2eb3a52216",
"https://github.com/huggingface/transformers/commit/ba8eaba9865618253f997784aa565b96206426f0",
"https://github.com/huggingface/transformers/pull/38844",
"https://huntr.com/bounties/af929523-7b59-418a-bf55-301830b2ac9d",
"https://nvd.nist.gov/vuln/detail/CVE-2025-6051",
"https://www.cve.org/CVERecord?id=CVE-2025-6051"
],
"PublishedDate": "2025-09-14T17:15:34.21Z",
"LastModifiedDate": "2025-10-21T14:16:24.77Z"
},
{
"VulnerabilityID": "CVE-2025-6638",
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.47.1"
},
"InstalledVersion": "4.47.1",
"FixedVersion": "4.53.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-6638",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers",
"Description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically affecting the MarianTokenizer's `remove_language_code()` method. This vulnerability is present in version 4.52.4 and has been fixed in version 4.53.0. The issue arises from inefficient regex processing, which can be exploited by crafted input strings containing malformed language code patterns, leading to excessive CPU consumption and potential denial of service.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-1333"
],
"VendorSeverity": {
"ghsa": 2,
"nvd": 3,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-6638",
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/commit/47c34fba5c303576560cb29767efb452ff12b8be",
"https://github.com/huggingface/transformers/commit/d37f7517972f67e3f2194c000ed0f87f064e5099",
"https://huntr.com/bounties/6a6c933f-9ce8-4ded-8b3b-2c1444c61f36",
"https://nvd.nist.gov/vuln/detail/CVE-2025-6638",
"https://www.cve.org/CVERecord?id=CVE-2025-6638"
],
"PublishedDate": "2025-09-12T11:15:31.77Z",
"LastModifiedDate": "2025-10-21T13:33:08.58Z"
},
{
"VulnerabilityID": "CVE-2025-6921",
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.47.1"
},
"InstalledVersion": "4.47.1",
"FixedVersion": "4.53.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-6921",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers",
"Description": "The huggingface/transformers library, versions prior to 4.53.0, is vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer. The vulnerability arises from the _do_use_weight_decay method, which processes user-controlled regular expressions in the include_in_weight_decay and exclude_from_weight_decay lists. Malicious regular expressions can cause catastrophic backtracking during the re.search call, leading to 100% CPU utilization and a denial of service. This issue can be exploited by attackers who can control the patterns in these lists, potentially causing the machine learning task to hang and rendering services unresponsive.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-400"
],
"VendorSeverity": {
"ghsa": 2,
"nvd": 3,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-6921",
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/commit/47c34fba5c303576560cb29767efb452ff12b8be",
"https://github.com/huggingface/transformers/commit/d37f7517972f67e3f2194c000ed0f87f064e5099",
"https://huntr.com/bounties/287d15a7-6e7c-45d2-8c05-11e305776f1f",
"https://nvd.nist.gov/vuln/detail/CVE-2025-6921",
"https://www.cve.org/CVERecord?id=CVE-2025-6921"
],
"PublishedDate": "2025-09-23T14:15:41.387Z",
"LastModifiedDate": "2025-10-10T21:31:30.23Z"
},
{
"VulnerabilityID": "CVE-2026-1839",
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.47.1"
},
"InstalledVersion": "4.47.1",
"FixedVersion": "5.0.0rc3",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-1839",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "transformers: HuggingFace Transformers: Arbitrary code execution via malicious checkpoint file",
"Description": "A vulnerability in the HuggingFace Transformers library, specifically in the `Trainer` class, allows for arbitrary code execution. The `_load_rng_state()` method in `src/transformers/trainer.py` at line 3059 calls `torch.load()` without the `weights_only=True` parameter. This issue affects all versions of the library supporting `torch>=2.2` when used with PyTorch versions below 2.6, as the `safe_globals()` context manager provides no protection in these versions. An attacker can exploit this vulnerability by supplying a malicious checkpoint file, such as `rng_state.pth`, which can execute arbitrary code when loaded. The issue is resolved in version v5.0.0rc3.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-502"
],
"VendorSeverity": {
"ghsa": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:H",
"V3Score": 6.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"V3Score": 6.7
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2026-1839",
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/commit/03c8082ba4594c9b8d6fe190ca9bed0e5f8ca396",
"https://github.com/huggingface/transformers/releases/tag/v5.0.0rc3",
"https://huntr.com/bounties/3c77bb97-e493-493d-9a88-c57f5c536485",
"https://nvd.nist.gov/vuln/detail/CVE-2026-1839",
"https://www.cve.org/CVERecord?id=CVE-2026-1839"
],
"PublishedDate": "2026-04-07T06:16:41.49Z",
"LastModifiedDate": "2026-04-07T14:16:18.903Z"
}
]
},
{
"Target": "requirements.txt",
"Class": "lang-pkgs",
"Type": "pip",
"Vulnerabilities": [
{
"VulnerabilityID": "CVE-2024-5629",
"PkgName": "pymongo",
"PkgIdentifier": {
"PURL": "pkg:pypi/pymongo@4.3.3"
},
"InstalledVersion": "4.3.3",
"FixedVersion": "4.6.3",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-5629",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "python-pymongo: Out-of-bounds read in bson module",
"Description": "An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-125"
],
"VendorSeverity": {
"alma": 1,
"amazon": 2,
"ghsa": 2,
"nvd": 3,
"oracle-oval": 1,
"redhat": 1,
"rocky": 1,
"ubuntu": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:L",
"V3Score": 4.7
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"V3Score": 8.1
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:L",
"V3Score": 4.7
}
},
"References": [
"https://access.redhat.com/errata/RHSA-2025:8419",
"https://access.redhat.com/security/cve/CVE-2024-5629",
"https://bugzilla.redhat.com/2290585",
"https://bugzilla.redhat.com/show_bug.cgi?id=2290585",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5629",
"https://errata.almalinux.org/8/ALSA-2025-8419.html",
"https://errata.rockylinux.org/RLSA-2025:8419",
"https://gist.github.com/keltecc/62a7c2bf74a997d0a7b48a0ff3853a03",
"https://github.com/mongodb/mongo-python-driver",
"https://github.com/mongodb/mongo-python-driver/commit/56b6b6dbc267d365d97c037082369dabf37405d2",
"https://jira.mongodb.org/browse/PYTHON-4305",
"https://linux.oracle.com/cve/CVE-2024-5629.html",
"https://linux.oracle.com/errata/ELSA-2025-8419.html",
"https://lists.debian.org/debian-lts-announce/2024/06/msg00007.html",
"https://lists.debian.org/debian-lts-announce/2024/09/msg00032.html",
"https://nvd.nist.gov/vuln/detail/CVE-2024-5629",
"https://security.snyk.io/vuln/SNYK-PYTHON-PYMONGO-6370597",
"https://ubuntu.com/security/notices/USN-6904-1",
"https://www.cve.org/CVERecord?id=CVE-2024-5629"
],
"PublishedDate": "2024-06-05T15:15:12.737Z",
"LastModifiedDate": "2024-11-21T09:48:02.86Z"
},
{
"VulnerabilityID": "CVE-2026-25645",
"PkgName": "requests",
"PkgIdentifier": {
"PURL": "pkg:pypi/requests@2.32.5"
},
"InstalledVersion": "2.32.5",
"FixedVersion": "2.33.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25645",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "requests: Requests: Security bypass due to predictable temporary file creation",
"Description": "Requests is a HTTP library. Prior to version 2.33.0, the `requests.utils.extract_zipped_paths()` utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could pre-create a malicious file that would be loaded in place of the legitimate one. Standard usage of the Requests library is not affected by this vulnerability. Only applications that call `extract_zipped_paths()` directly are impacted. Starting in version 2.33.0, the library extracts files to a non-deterministic location. If developers are unable to upgrade, they can set `TMPDIR` in their environment to a directory with restricted write access.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-377"
],
"VendorSeverity": {
"azure": 2,
"ghsa": 2,
"nvd": 2,
"photon": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
"V3Score": 4.4
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"V3Score": 4.7
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2026-25645",
"https://github.com/psf/requests",
"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7",
"https://github.com/psf/requests/releases/tag/v2.33.0",
"https://github.com/psf/requests/security/advisories/GHSA-gc5v-m9x4-r6x2",
"https://nvd.nist.gov/vuln/detail/CVE-2026-25645",
"https://www.cve.org/CVERecord?id=CVE-2026-25645"
],
"PublishedDate": "2026-03-25T17:16:52.97Z",
"LastModifiedDate": "2026-03-30T14:23:16.127Z"
},
{
"VulnerabilityID": "CVE-2026-33682",
"PkgName": "streamlit",
"PkgIdentifier": {
"PURL": "pkg:pypi/streamlit@1.41.1"
},
"InstalledVersion": "1.41.1",
"FixedVersion": "1.54.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33682",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "Unauthenticated SSRF Vulnerability in Streamlit on Windows (NTLM Credential Exposure)",
"Description": "Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery (SSRF) vulnerability. The vulnerability arises from improper validation of attacker-supplied filesystem paths. In certain code paths, including within the `ComponentRequestHandler`, filesystem paths are resolved using `os.path.realpath()` or `Path.resolve()` before sufficient validation occurs. On Windows systems, supplying a malicious UNC path (e.g., `\\\\attacker-controlled-host\\share`) can cause the Streamlit server to initiate outbound SMB connections over port 445. When Windows attempts to authenticate to the remote SMB server, NTLMv2 challenge-response credentials of the Windows user running the Streamlit process may be transmitted. This behavior may allow an attacker to perform NTLM relay attacks against other internal services and/or identify internally reachable SMB hosts via timing analysis. The vulnerability has been fixed in Streamlit Open Source version 1.54.0.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-918"
],
"VendorSeverity": {
"ghsa": 2,
"nvd": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"V3Score": 4.7
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"V3Score": 4.8
}
},
"References": [
"https://github.com/streamlit/streamlit",
"https://github.com/streamlit/streamlit/commit/23692ca70b2f2ac720c72d1feb4f190c9d6eed76",
"https://github.com/streamlit/streamlit/releases/tag/1.54.0",
"https://github.com/streamlit/streamlit/security/advisories/GHSA-7p48-42j8-8846",
"https://nvd.nist.gov/vuln/detail/CVE-2026-33682"
],
"PublishedDate": "2026-03-26T22:16:30.88Z",
"LastModifiedDate": "2026-04-01T13:28:47.47Z"
},
{
"VulnerabilityID": "CVE-2025-32434",
"PkgName": "torch",
"PkgIdentifier": {
"PURL": "pkg:pypi/torch@2.5.1"
},
"InstalledVersion": "2.5.1",
"FixedVersion": "2.6.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-32434",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "PyTorch is a Python package that provides tensor computation with stro ...",
"Description": "PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.",
"Severity": "CRITICAL",
"CweIDs": [
"CWE-502"
],
"VendorSeverity": {
"azure": 4,
"bitnami": 4,
"cbl-mariner": 4,
"ghsa": 4,
"nvd": 4
},
"CVSS": {
"bitnami": {},
"ghsa": {},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"V3Score": 9.8
}
},
"References": [
"https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-41.yaml",
"https://github.com/pytorch/pytorch",
"https://github.com/pytorch/pytorch/commit/8d4b8a920a2172523deb95bf20e8e52d50649c04",
"https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6",
"https://lists.debian.org/debian-lts-announce/2025/12/msg00000.html",
"https://nvd.nist.gov/vuln/detail/CVE-2025-32434"
],
"PublishedDate": "2025-04-18T16:15:23.183Z",
"LastModifiedDate": "2025-12-01T07:16:01.807Z"
},
{
"VulnerabilityID": "CVE-2025-3730",
"PkgName": "torch",
"PkgIdentifier": {
"PURL": "pkg:pypi/torch@2.5.1"
},
"InstalledVersion": "2.5.1",
"FixedVersion": "2.8.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-3730",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "A vulnerability, which was classified as problematic, was found in PyT ...",
"Description": "A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 46fc5d8e360127361211cb237d5f9eef0223e567. It is recommended to apply a patch to fix this issue. The security policy of the project warns to use unknown models which might establish malicious effects.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-404"
],
"VendorSeverity": {
"azure": 2,
"bitnami": 2,
"cbl-mariner": 2,
"ghsa": 2,
"nvd": 2
},
"CVSS": {
"bitnami": {},
"ghsa": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 3.3
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.5
}
},
"References": [
"https://github.com/pytorch/pytorch",
"https://github.com/pytorch/pytorch/commit/01f226bfb8f2c343f5c614a6bbf685d91160f3af",
"https://github.com/pytorch/pytorch/issues/150835",
"https://github.com/pytorch/pytorch/issues/150835#issue-2979082232",
"https://github.com/pytorch/pytorch/pull/150981",
"https://github.com/timocafe/tewart-pytorch/commit/46fc5d8e360127361211cb237d5f9eef0223e567",
"https://nvd.nist.gov/vuln/detail/CVE-2025-3730",
"https://vuldb.com/?ctiid.305076",
"https://vuldb.com/?id.305076",
"https://vuldb.com/?submit.553645"
],
"PublishedDate": "2025-04-16T21:15:48.7Z",
"LastModifiedDate": "2025-05-28T17:35:54.08Z"
},
{
"VulnerabilityID": "CVE-2025-1194",
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.48.0"
},
"InstalledVersion": "4.48.0",
"FixedVersion": "4.50.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1194",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "Transformers Regular Expression Denial of Service (ReDoS) vulnerability",
"Description": "A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file `tokenization_gpt_neox_japanese.py` of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where regular expressions process specially crafted inputs. The issue stems from a regex exhibiting exponential complexity under certain conditions, leading to excessive backtracking. This can result in high CPU usage and potential application downtime, effectively creating a Denial of Service (DoS) scenario. The affected version is v4.48.1 (latest).",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-1333"
],
"VendorSeverity": {
"ghsa": 2,
"nvd": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"V3Score": 4.3
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"V3Score": 6.5
}
},
"References": [
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/commit/92c5ca9dd70de3ade2af2eb835c96215cc50e815",
"https://huntr.com/bounties/86f58dcd-683f-4adc-a735-849f51e9abb2",
"https://nvd.nist.gov/vuln/detail/CVE-2025-1194"
],
"PublishedDate": "2025-04-29T12:15:31.717Z",
"LastModifiedDate": "2025-08-01T21:56:15.79Z"
},
{
"VulnerabilityID": "CVE-2025-2099",
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.48.0"
},
"InstalledVersion": "4.48.0",
"FixedVersion": "4.50.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-2099",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers",
"Description": "A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils` module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service (ReDoS) attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leading to exponential backtracking when processing input with a large number of newline characters. An attacker can exploit this by providing a specially crafted payload, causing high CPU usage and potential application downtime, effectively resulting in a Denial of Service (DoS) scenario.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-1333"
],
"VendorSeverity": {
"ghsa": 2,
"nvd": 3,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-2099",
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/commit/8cb522b4190bd556ce51be04942720650b1a3e57",
"https://github.com/huggingface/transformers/pull/36648",
"https://github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2025-40.yaml",
"https://huntr.com/bounties/97b780f3-ffca-424f-ad5d-0e1c57a5bde4",
"https://nvd.nist.gov/vuln/detail/CVE-2025-2099",
"https://www.cve.org/CVERecord?id=CVE-2025-2099"
],
"PublishedDate": "2025-05-19T12:15:19.64Z",
"LastModifiedDate": "2025-05-21T17:43:15.08Z"
},
{
"VulnerabilityID": "CVE-2025-3263",
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.48.0"
},
"InstalledVersion": "4.48.0",
"FixedVersion": "4.51.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-3263",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers",
"Description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the `get_configuration_file()` function within the `transformers.configuration_utils` module. The affected version is 4.49.0, and the issue is resolved in version 4.51.0. The vulnerability arises from the use of a regular expression pattern `config\\.(.*)\\.json` that can be exploited to cause excessive CPU consumption through crafted input strings, leading to catastrophic backtracking. This can result in model serving disruption, resource exhaustion, and increased latency in applications using the library.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-1333"
],
"VendorSeverity": {
"ghsa": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-3263",
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/commit/0720e206c6ba28887e4d60ef60a6a089f6c1cc76",
"https://github.com/huggingface/transformers/commit/126abe3461762e5fc180e7e614391d1b4ab051ca",
"https://huntr.com/bounties/c7a69150-54f8-4e81-8094-791e7a2a0f29",
"https://nvd.nist.gov/vuln/detail/CVE-2025-3263",
"https://www.cve.org/CVERecord?id=CVE-2025-3263"
],
"PublishedDate": "2025-07-07T10:15:27.35Z",
"LastModifiedDate": "2025-08-07T01:03:17.99Z"
},
{
"VulnerabilityID": "CVE-2025-3264",
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.48.0"
},
"InstalledVersion": "4.48.0",
"FixedVersion": "4.51.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-3264",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers",
"Description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the `get_imports()` function within `dynamic_module_utils.py`. This vulnerability affects versions 4.49.0 and is fixed in version 4.51.0. The issue arises from a regular expression pattern `\\s*try\\s*:.*?except.*?:` used to filter out try/except blocks from Python code, which can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. This vulnerability can lead to remote code loading disruption, resource exhaustion in model serving, supply chain attack vectors, and development pipeline disruption.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-1333"
],
"VendorSeverity": {
"ghsa": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-3264",
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/commit/0720e206c6ba28887e4d60ef60a6a089f6c1cc76",
"https://github.com/huggingface/transformers/commit/126abe3461762e5fc180e7e614391d1b4ab051ca",
"https://huntr.com/bounties/3c6f7822-9992-476d-8cf0-b0b1623427df",
"https://nvd.nist.gov/vuln/detail/CVE-2025-3264",
"https://www.cve.org/CVERecord?id=CVE-2025-3264"
],
"PublishedDate": "2025-07-07T10:15:27.5Z",
"LastModifiedDate": "2025-08-07T01:02:30.7Z"
},
{
"VulnerabilityID": "CVE-2025-3933",
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.48.0"
},
"InstalledVersion": "4.48.0",
"FixedVersion": "4.52.1",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-3933",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers",
"Description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's `token2json()` method. This vulnerability affects versions 4.50.3 and earlier, and is fixed in version 4.52.1. The issue arises from the regex pattern `<s_(.*?)>` which can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. This vulnerability can lead to service disruption, resource exhaustion, and potential API service vulnerabilities, impacting document processing tasks using the Donut model.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-1333"
],
"VendorSeverity": {
"ghsa": 2,
"nvd": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-3933",
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/commit/ebbe9b12dd75b69f92100d684c47f923ee262a93",
"https://github.com/huggingface/transformers/pull/37788",
"https://huntr.com/bounties/25282953-5827-4384-bb6f-5790d275721b",
"https://nvd.nist.gov/vuln/detail/CVE-2025-3933",
"https://www.cve.org/CVERecord?id=CVE-2025-3933"
],
"PublishedDate": "2025-07-11T10:15:22.293Z",
"LastModifiedDate": "2025-08-07T01:01:46.78Z"
},
{
"VulnerabilityID": "CVE-2025-5197",
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.48.0"
},
"InstalledVersion": "4.48.0",
"FixedVersion": "4.53.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5197",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "transformers: Transformers ReDoS Vulnerability",
"Description": "A Regular Expression Denial of Service (ReDoS) vulnerability exists in the Hugging Face Transformers library, specifically in the `convert_tf_weight_name_to_pt_weight_name()` function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern `/[^/]*___([^/]*)/` that can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. The vulnerability affects versions up to 4.51.3 and is fixed in version 4.53.0. This issue can lead to service disruption, resource exhaustion, and potential API service vulnerabilities, impacting model conversion processes between TensorFlow and PyTorch formats.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-1333"
],
"VendorSeverity": {
"ghsa": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-5197",
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/commit/701caef704e356dc2f9331cc3fd5df0eccb4720a",
"https://github.com/huggingface/transformers/commit/944b56000be5e9b61af8301aa340838770ad8a0b",
"https://huntr.com/bounties/3f8b3fd0-166b-46e7-b60f-60dd9d2678bf",
"https://nvd.nist.gov/vuln/detail/CVE-2025-5197",
"https://www.cve.org/CVERecord?id=CVE-2025-5197"
],
"PublishedDate": "2025-08-06T12:15:26.837Z",
"LastModifiedDate": "2025-10-21T16:46:13.38Z"
},
{
"VulnerabilityID": "CVE-2025-6051",
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.48.0"
},
"InstalledVersion": "4.48.0",
"FixedVersion": "4.53.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-6051",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers",
"Description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the `normalize_numbers()` method of the `EnglishNormalizer` class. This vulnerability affects versions up to 4.52.4 and is fixed in version 4.53.0. The issue arises from the method's handling of numeric strings, which can be exploited using crafted input strings containing long sequences of digits, leading to excessive CPU consumption. This vulnerability impacts text-to-speech and number normalization tasks, potentially causing service disruption, resource exhaustion, and API vulnerabilities.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-1333"
],
"VendorSeverity": {
"ghsa": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-6051",
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/commit/54a02160eb030da9be18231c77791f2eb3a52216",
"https://github.com/huggingface/transformers/commit/ba8eaba9865618253f997784aa565b96206426f0",
"https://github.com/huggingface/transformers/pull/38844",
"https://huntr.com/bounties/af929523-7b59-418a-bf55-301830b2ac9d",
"https://nvd.nist.gov/vuln/detail/CVE-2025-6051",
"https://www.cve.org/CVERecord?id=CVE-2025-6051"
],
"PublishedDate": "2025-09-14T17:15:34.21Z",
"LastModifiedDate": "2025-10-21T14:16:24.77Z"
},
{
"VulnerabilityID": "CVE-2025-6638",
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.48.0"
},
"InstalledVersion": "4.48.0",
"FixedVersion": "4.53.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-6638",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers",
"Description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically affecting the MarianTokenizer's `remove_language_code()` method. This vulnerability is present in version 4.52.4 and has been fixed in version 4.53.0. The issue arises from inefficient regex processing, which can be exploited by crafted input strings containing malformed language code patterns, leading to excessive CPU consumption and potential denial of service.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-1333"
],
"VendorSeverity": {
"ghsa": 2,
"nvd": 3,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-6638",
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/commit/47c34fba5c303576560cb29767efb452ff12b8be",
"https://github.com/huggingface/transformers/commit/d37f7517972f67e3f2194c000ed0f87f064e5099",
"https://huntr.com/bounties/6a6c933f-9ce8-4ded-8b3b-2c1444c61f36",
"https://nvd.nist.gov/vuln/detail/CVE-2025-6638",
"https://www.cve.org/CVERecord?id=CVE-2025-6638"
],
"PublishedDate": "2025-09-12T11:15:31.77Z",
"LastModifiedDate": "2025-10-21T13:33:08.58Z"
},
{
"VulnerabilityID": "CVE-2025-6921",
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.48.0"
},
"InstalledVersion": "4.48.0",
"FixedVersion": "4.53.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-6921",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "transformers: Regular Expression Denial of Service (ReDoS) in huggingface/transformers",
"Description": "The huggingface/transformers library, versions prior to 4.53.0, is vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer. The vulnerability arises from the _do_use_weight_decay method, which processes user-controlled regular expressions in the include_in_weight_decay and exclude_from_weight_decay lists. Malicious regular expressions can cause catastrophic backtracking during the re.search call, leading to 100% CPU utilization and a denial of service. This issue can be exploited by attackers who can control the patterns in these lists, potentially causing the machine learning task to hang and rendering services unresponsive.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-400"
],
"VendorSeverity": {
"ghsa": 2,
"nvd": 3,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-6921",
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/commit/47c34fba5c303576560cb29767efb452ff12b8be",
"https://github.com/huggingface/transformers/commit/d37f7517972f67e3f2194c000ed0f87f064e5099",
"https://huntr.com/bounties/287d15a7-6e7c-45d2-8c05-11e305776f1f",
"https://nvd.nist.gov/vuln/detail/CVE-2025-6921",
"https://www.cve.org/CVERecord?id=CVE-2025-6921"
],
"PublishedDate": "2025-09-23T14:15:41.387Z",
"LastModifiedDate": "2025-10-10T21:31:30.23Z"
},
{
"VulnerabilityID": "CVE-2026-1839",
"PkgName": "transformers",
"PkgIdentifier": {
"PURL": "pkg:pypi/transformers@4.48.0"
},
"InstalledVersion": "4.48.0",
"FixedVersion": "5.0.0rc3",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-1839",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "transformers: HuggingFace Transformers: Arbitrary code execution via malicious checkpoint file",
"Description": "A vulnerability in the HuggingFace Transformers library, specifically in the `Trainer` class, allows for arbitrary code execution. The `_load_rng_state()` method in `src/transformers/trainer.py` at line 3059 calls `torch.load()` without the `weights_only=True` parameter. This issue affects all versions of the library supporting `torch>=2.2` when used with PyTorch versions below 2.6, as the `safe_globals()` context manager provides no protection in these versions. An attacker can exploit this vulnerability by supplying a malicious checkpoint file, such as `rng_state.pth`, which can execute arbitrary code when loaded. The issue is resolved in version v5.0.0rc3.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-502"
],
"VendorSeverity": {
"ghsa": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:H",
"V3Score": 6.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"V3Score": 6.7
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2026-1839",
"https://github.com/huggingface/transformers",
"https://github.com/huggingface/transformers/commit/03c8082ba4594c9b8d6fe190ca9bed0e5f8ca396",
"https://github.com/huggingface/transformers/releases/tag/v5.0.0rc3",
"https://huntr.com/bounties/3c77bb97-e493-493d-9a88-c57f5c536485",
"https://nvd.nist.gov/vuln/detail/CVE-2026-1839",
"https://www.cve.org/CVERecord?id=CVE-2026-1839"
],
"PublishedDate": "2026-04-07T06:16:41.49Z",
"LastModifiedDate": "2026-04-07T14:16:18.903Z"
}
]
},
{
"Target": "Dockerfile",
"Class": "config",
"Type": "dockerfile",
"MisconfSummary": {
"Successes": 23,
"Failures": 1,
"Exceptions": 0
},
"Misconfigurations": [
{
"Type": "Dockerfile Security Check",
"ID": "DS002",
"AVDID": "AVD-DS-0002",
"Title": "Image user should not be 'root'",
"Description": "Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.",
"Message": "Specify at least 1 USER command in Dockerfile with non-root user as argument",
"Namespace": "builtin.dockerfile.DS002",
"Query": "data.builtin.dockerfile.DS002.deny",
"Resolution": "Add 'USER <non root user name>' line to the Dockerfile",
"Severity": "HIGH",
"PrimaryURL": "https://avd.aquasec.com/misconfig/ds002",
"References": [
"https://docs.docker.com/develop/develop-images/dockerfile_best-practices/",
"https://avd.aquasec.com/misconfig/ds002"
],
"Status": "FAIL",
"Layer": {},
"CauseMetadata": {
"Provider": "Dockerfile",
"Service": "general",
"Code": {
"Lines": null
}
}
}
]
}
]
}