Bounties
Partners
Community
Info
facebookresearch / fairseq
Project repository
Facebook AI Research Sequence-to-Sequence Toolkit written in Python.
Submit a report
FIRST INTERACTION
WITHIN
N/A DAYS
REVIEW
WITHIN
9 DAYS
FIX
WITHIN
N/A DAYS
Remote code execution via unsafe pickle.loads() in distributed training all_gath...
Apr 12th 2026
snakeyworm
•
duplicate
None
RCE via torch.load(weights_only=False) and Arbitrary Module Import in facebookre...
Apr 11th 2026
sucloudflare
•
duplicate
High
Command injection via unsanitized CLI arguments interpolated into subprocess she...
Apr 8th 2026
elliottower
•
self closed
Arbitrary code execution via unsafe torch.load(weights_only=False) and unprotect...
Mar 29th 2026
pulkit7070
•
duplicate
High
Arbitrary Code Execution via unsafe deserialization in checkpoint loading (torch...
Mar 29th 2026
romain-deperne
•
duplicate
High
RCE via torch.load(weights_only=False) + pickle.loads() in checkpoints and distr...
Mar 29th 2026
nhomyk
•
duplicate
Critical
Unsafe torch.load() Across 4 fairseq Modules Enables RCE via Malicious Checkpoin...
Apr 12th 2026
odysseypro25-project
•
duplicate
Critical
Explicit weights_only=False in load_checkpoint_to_cpu() enables RCE via Remote C...
Apr 12th 2026
theoddesseyp-ai
•
duplicate
High
Arbitrary Code Execution via pickle.loads() on Untrusted Distributed Training Da...
Apr 12th 2026
theoddesseyp-ai
•
duplicate
High
SSRF via cached_path() downloading from user-controlled URLs in BPE/tokenizer co...
Mar 16th 2026
elucidator-hky
•
self closed
Arbitrary code execution via unsafe torch.load(weights_only=False) in fairseq ch...
Mar 16th 2026
elucidator-hky
•
self closed
Path traversal via tarfile.extractall() on archives downloaded from URLs in load...
Feb 28th 2026
avienma007
•
duplicate
Critical
Arbitrary Code Execution via eval() in Manifest File Parsing (5 instances)
Feb 27th 2026
jeremysommerfeld8910-cpu
•
self closed
Arbitrary File Write (Zip Slip) in `fairseq.hub_utils.from_pretrained` via `file...
Feb 28th 2026
zitoxxx
•
duplicate
High
Arbitrary Code Execution via eval() on Untrusted Manifest Data File Content in p...
May 10th 2026
phenggeler
•
pending
Additional RCE via Unsafe eval() in fairseq Core Library (28 Occurrences, 14 Fil...
May 10th 2026
responsiblereport10
•
pending
Command Injection via subprocess shell=True
May 9th 2026
responsiblereport10
•
pending
Arbitrary Code Execution via Unsafe PyTorch Model Deserialization
May 9th 2026
responsiblereport10
•
duplicate
High
Arbitrary Code Execution via Unsafe PyTorch Model Deserialization
May 8th 2026
responsiblereport10
•
duplicate
High
Unrestricted URL fetching in `cached_path` enables SSRF-style network access and...
Apr 11th 2026
f00dat
•
pending
Unsafe PyTorch checkpoint deserialization via `torch.load(..., weights_only=Fals...
Apr 11th 2026
f00dat
•
duplicate
Critical
Unsafe tar extraction allows path traversal and arbitrary file write
Jan 11th 2026
f00dat
•
duplicate
Critical
Arbitrary Code Execution via Insecure Model Loading in Fairseq
Mar 8th 2026
aydinnyunus
•
duplicate
High
Remote Code Execution in facebookresearch/fairseq via Unsafe Model Deserializati...
Mar 5th 2026
jonnylitten
•
pending
Remote Code Execution (RCE) via Unsafe eval() on CLI Argument in Fairseq Scripts
Sep 18th 2025
imshagufta
•
pending
Arbitrary Code Execution Leading to Arbitrary File Read via Fairseq's `--user-di...
Sep 17th 2025
theneelofficial
•
pending
Arbitrary File Write via Path Traversal
Sep 17th 2025
theneelofficial
•
pending
Path Traversal
Aug 29th 2025
sahiloj
•
pending
Remote Code Execution by Pickle Deserialization via distributed.utils.all_gather...
Jun 27th 2025
chenpinji
•
pending
Arbitrary File Overwrite in from_pretrained api
May 14th 2024
sunrisexu
•
duplicate
High
Code Injection via the _build_index() Function in the FastaDataset Class
Apr 8th 2024
williwollo
•
informative
Critical
Arbitrary File Write via Path Traversal
May 14th 2024
williwollo
•
informative
High
Arbitrary file write during tarfile extraction at file_utils
Feb 16th 2024
rook1337
•
informative
Critical
CRITICAL
$1500
HIGH
$750
MEDIUM
$125
LOW
$20
