Bounties
Partners
Community
Info
huggingface / tokenizers
Project repository
💥 Fast State-of-the-Art Tokenizers optimized for Research and Production
Submit a report
FIRST INTERACTION
WITHIN
N/A DAYS
REVIEW
WITHIN
52 DAYS
FIX
WITHIN
N/A DAYS
Denial of Service via Rust Panic in Precompiled Normalizer — .expect() crashes p...
Mar 22nd 2026
mscgo
•
self closed
Denial of Service via Long Added Token in Tokenizer Configuration
Mar 17th 2026
w0termelon
•
duplicate
None
OS Command Injection in HuggingFace Tokenizers Python Bindings
Feb 22nd 2026
aybanda
•
self closed
Denial of Service (DoS) via Excessive Memory Consumption with Long Text Input
Mar 14th 2026
stevenjulian1528
•
pending
Out-of-Bounds Access in NormalizedString::transform_range Leading to Memory Safe...
Feb 16th 2026
hyperps1
•
pending
Insecure deserialization and arbitrary file creation leading to memory exhaustio...
Jan 19th 2026
sonw-vh
•
informative
Critical
Critical Panic-based Denial of Service via Serialization Double Unwrap Pattern
Jan 19th 2026
gokul-labb
•
informative
Critical
Path Traversal vulnerability on Unigram Model
Aug 20th 2024
h3c-t0r
•
informative
High
SSRF in extractor.py
Jul 9th 2024
hohky
•
informative
High
Path Traversal in extractor.py
Jul 17th 2024
hohky
•
informative
Medium
CRITICAL
$1500
HIGH
$750
MEDIUM
$125
LOW
$20
