repository icon
huggingface / transformers Project repository

🤗 Transformers: State-of-the-art Machine Learning for Pytorch, TensorFlow, and JAX.

Submit a report

FIRST INTERACTION

WITHIN9 DAYS

REVIEW

WITHIN9 DAYS

FIX

WITHINN/A DAYS

Insecure Pickle Deserialization in Trax Model Loading Allows Remote Code Executi...
pratikbarahatte87
duplicate
Critical
Tar slip in parakeet and nemotron .nemo conversion utilities
goldberg8
self closed
Missing GGUF tokenizer merges cause CPU amplification during tokenizer loading i...
76embiid21
self closed
SSRF via Unvalidated URLs in transformers-cli serve Inference Endpoints (image_u...
jd-admrl-ai
self closed
Conversion-time torch.load in convert_csm.py and convert_janus_weights_to_hf.py...
mirr2
informative
High
Incomplete Path Traversal Validation in `_local_folder.py` — `..` Check Only Enf...
penguinmiaou
informative
Critical
Unsafe torch.load() Without weights_only=True in 27 Converter Scripts — Arbitrar...
willardjansen
informative
High
RCE via torch.load without weights_only in .ckpt conversion utilities — bypasses...
snakeyworm
duplicate
High
Unauthenticated RCE via arbitrary model loading in serving API — trust_remote_co...
snakeyworm
duplicate
Critical
SSRF via unvalidated image/video/audio URL fetching in transformers serving API...
snakeyworm
duplicate
High
Remote Code Execution (RCE) via Insecure torch.load in multiple model conversion...
mr-jeneral
duplicate
High
Arbitrary File Overwrite (ZipSlip / TarSlip) via Path Traversal in Model Convers...
finddabugs
duplicate
High
Unauthenticated RCE via POST /load_model when trust-remote-code is enabled (tran...
fg0x0
duplicate
Critical
Unauthenticated SSRF via image_url in POST /v1/chat/completions ( transformers s...
fg0x0
duplicate
High
Unauthenticated RCE via arbitrary model loading in serving API — trust_remote_co...
wormysnake
duplicate
Critical
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N = 8.6 High
wormysnake
duplicate
High
Test: RCE in parakeet YAML FullLoader
radikhoroshev
self closed
SSRF via unvalidated image URL in transformers serve CLI (/v1/chat/completions)
minicoai
self closed
SSRF via follow_redirects in load_image() reachable from transformers-cli serve
dolevmiz1
duplicate
Critical
Jailbreak and Automated OS-Level Exploit Generation in Qwen3-8B via Persona-Indu...
s05161497-sudo
informative
Critical
TOCTOU in Remote Code Loading
zafido
informative
High
Server-Side Template Injection via Untrusted chat_template in apply_chat_templat...
rohanmulay1
informative
Critical
Arbitrary Code Execution via Unsafe torch.load() in Multiple Conversion Scripts
0xbassia
informative
High
Arbitrary Code Execution via torch.load(weights_only=False) in Conversion Script...
seory0
informative
High
Critical Scanner Bypass in PickleScan via Unblocked importlib, vars, and operato...
starrohan-dotcom
informative
Critical
SSRF via Unvalidated Image URL in transformers serve Chat Completion Endpoint
nhomyk
duplicate
High
Unsafe torch.load() Deserialization in Newest Model Converters (edgetam_video, m...
nhomyk
informative
High
Systemic RCE via Insecure torch.load in Transformers Model Conversion Utilities
ccwlester26
informative
Critical
SSRF via unvalidated HTTP redirects in httpx.get() across 10 sinks (load_image,...
gengyscan
duplicate
High
Arbitrary Code Execution via `eval()` in SEW checkpoint conversion script
buttergolemcode
informative
High
Unsafe torch.load() in 8 HuggingFace Transformers Convert Scripts Enables RCE vi...
odysseypro25-project
duplicate
High
Unsafe torch.load() in 3 HuggingFace Transformers Convert Scripts Enables RCE vi...
odysseypro25-project
informative
High
Unsafe torch.load() Across 8 Convert Scripts in HuggingFace Transformers Enables...
odysseypro25-project
self closed
RCE via torch.load() without weights_only=True in convert_dia/eomt/janus scripts...
theoddesseyp-ai
informative
High
Pickle RCE in convert_maskformer_resnet_to_pytorch.py — pickle.load() on User-Su...
theoddesseyp-ai
informative
High
Pickle RCE in convert_maskformer_swin_to_pytorch.py — pickle.load() on User-Supp...
theoddesseyp-ai
informative
High
convert_csm.py and convert_higgs_audio_v2_tokenizer_to_hf.py Use cached_file() t...
theoddesseyp-ai
informative
High
Transformers convert_dia_to_hf.py, convert_janus_weights_to_hf.py, convert_eomt_...
theoddesseyp-ai
informative
High
Transformers convert_csm.py and convert_higgs_audio_v2_tokenizer_to_hf.py use ca...
theoddesseyp-ai
informative
High
Arbitrary Code Execution via Explicit torch.load(weights_only=False) in GLM4V an...
theoddesseyp-ai
informative
High
Arbitrary Code Execution via torch.load() Without weights_only in SAM2 and EdgeT...
theoddesseyp-ai
duplicate
High
Arbitrary Code Execution via torch.load(weights_only=False) in Multiple convert_...
theoddesseyp-ai
duplicate
High
Pickle RCE in convert_maskformer_resnet_to_pytorch.py via --checkpoint_path
theoddesseyp-ai
informative
High
Arbitrary File Write via Tar Path Traversal in NeMo Model Conversion Scripts
0xbassia
duplicate
High
Unsafe torch.load without weights_only=True in 100+ conversion scripts enables R...
narrator3333-hash
duplicate
High
Unsafe torch.load() without weights_only=True in 20+ Model Conversion Scripts (A...
elucidator-hky
self closed
SSRF via unvalidated image URL in cli/serve.py chat completions endpoint
elucidator-hky
duplicate
High
Arbitrary code execution via eval() on model config data in Hubert, SEW, and SEW...
elucidator-hky
self closed
Remote Code Execution via unsafe torch.load() without weights_only=True in multi...
elucidator-hky
self closed
Path Traversal via tarfile.extractall() in parakeet convert_nemo_to_hf.py allows...
elucidator-hky
self closed
Arbitrary Code Execution via Unsafe torch.load() in 27+ Model Converter Scripts
appsecguardian-hash
informative
High