Bounties
Partners
Community
Info
facebookresearch / fairseq
Project repository
Facebook AI Research Sequence-to-Sequence Toolkit written in Python.
Submit a report
FIRST INTERACTION
WITHIN
N/A DAYS
REVIEW
WITHIN
8 DAYS
FIX
WITHIN
N/A DAYS
Arbitrary code execution via unsafe torch.load(weights_only=False) and unprotect...
Mar 29th 2026
pulkit7070
•
duplicate
High
Arbitrary Code Execution via unsafe deserialization in checkpoint loading (torch...
Mar 29th 2026
romain-deperne
•
duplicate
High
RCE via torch.load(weights_only=False) + pickle.loads() in checkpoints and distr...
Mar 29th 2026
nhomyk
•
duplicate
Critical
SSRF via cached_path() downloading from user-controlled URLs in BPE/tokenizer co...
Mar 16th 2026
elucidator-hky
•
self closed
Arbitrary code execution via unsafe torch.load(weights_only=False) in fairseq ch...
Mar 16th 2026
elucidator-hky
•
self closed
Path traversal via tarfile.extractall() on archives downloaded from URLs in load...
Feb 28th 2026
avienma007
•
duplicate
Critical
Arbitrary Code Execution via eval() in Manifest File Parsing (5 instances)
Feb 27th 2026
jeremysommerfeld8910-cpu
•
self closed
Arbitrary File Write (Zip Slip) in `fairseq.hub_utils.from_pretrained` via `file...
Feb 28th 2026
zitoxxx
•
duplicate
High
Unsafe tar extraction allows path traversal and arbitrary file write
Jan 11th 2026
f00dat
•
duplicate
Critical
Arbitrary Code Execution via Insecure Model Loading in Fairseq
Mar 8th 2026
aydinnyunus
•
duplicate
High
Remote Code Execution in facebookresearch/fairseq via Unsafe Model Deserializati...
Mar 5th 2026
jonnylitten
•
pending
Remote Code Execution (RCE) via Unsafe eval() on CLI Argument in Fairseq Scripts
Sep 18th 2025
imshagufta
•
pending
Arbitrary Code Execution Leading to Arbitrary File Read via Fairseq's `--user-di...
Sep 17th 2025
theneelofficial
•
pending
Arbitrary File Write via Path Traversal
Sep 17th 2025
theneelofficial
•
pending
Path Traversal
Aug 29th 2025
sahiloj
•
pending
Remote Code Execution by Pickle Deserialization via distributed.utils.all_gather...
Jun 27th 2025
chenpinji
•
pending
Arbitrary File Overwrite in from_pretrained api
May 14th 2024
sunrisexu
•
duplicate
High
Code Injection via the _build_index() Function in the FastaDataset Class
Apr 8th 2024
williwollo
•
informative
Critical
Arbitrary File Write via Path Traversal
May 14th 2024
williwollo
•
informative
High
Arbitrary file write during tarfile extraction at file_utils
Feb 16th 2024
rook1337
•
informative
Critical
CRITICAL
$1500
HIGH
$750
MEDIUM
$125
LOW
$20
