Bounties
Partners
Community
Info
huggingface / transformers
Project repository
🤗 Transformers: State-of-the-art Machine Learning for Pytorch, TensorFlow, and JAX.
Submit a report
FIRST INTERACTION
WITHIN
N/A DAYS
REVIEW
WITHIN
46 DAYS
FIX
WITHIN
88 DAYS
Path Traversal (Tarslip) in Hugging Face Transformers
Jan 9th 2026
locus-x64
•
duplicate
High
Arbitrary Code Execution via Unsafe Deserialization in convert_nanochat_checkpoi...
Jan 9th 2026
daddyjamwal
•
duplicate
High
Arbitrary Code Execution via Unsafe torch.load() in Trainer Checkpoint Loading
Jan 7th 2026
colemurray
•
duplicate
High
Critical Remote Code Execution via Insecure Pickle Deserialization in HuggingFac...
Jan 6th 2026
abdallaabdalrhman
•
duplicate
Critical
Arbitrary Code Execution via Pickle Deserialization in TextDataset
Dec 25th 2025
vitalysim
•
duplicate
High
Arbitrary Code Execution via `eval()` in SEW-D Checkpoint Converter
Dec 23rd 2025
vitalysim
•
duplicate
High
Insecure Deserialization in RAG module's LegacyIndex allows Arbitrary Code Exe...
Jan 6th 2026
stevenjulian1528
•
duplicate
High
ZDI-CAN-28309: Hugging Face Transformers GLM4 Deserialization of Untrusted Data...
Dec 10th 2025
zdi-disclosures
•
duplicate
High
Remote Code Execution in Nanochat Converter via Unsafe Tokenizer Deserialization
Dec 8th 2025
jonnylitten
•
informative
High
Remote Code Execution via eval() in Fairseq Checkpoint Conversion Scripts
Nov 26th 2025
daridor9
•
duplicate
High
Exposed Hugging Face Hub Staging Token in Test Utilities
Nov 28th 2025
gyde04
•
informative
High
Exposed Hugging Face Hub Token in CircleCI Configuration
Nov 28th 2025
gyde04
•
informative
Critical
Arbitrary Directory Deletion via Symlink Attack in Transformers setup.py
Nov 17th 2025
manasharsh
•
informative
High
Remote Code Execution via unsafe torch.load() in LLaMA Weights Converter
Dec 8th 2025
daridor9
•
duplicate
High
Memory DoS in Doge Model MoE Layer
Nov 13th 2025
0xmrniko
•
informative
High
Downmix Implementation as Attack Vector Against Audio Transformer Models
Nov 13th 2025
kexinoh
•
informative
Medium
Malicious model on Hugging Face → Arbitrary File Write (TarSlip) in NeMo (Parake...
Nov 10th 2025
taiphung217
•
self closed
Critical RCE: Explicit weights_only=False in Megatron GPT-2 Checkpoint Converter
Nov 6th 2025
daridor9
•
duplicate
Critical
RCE via insecure pickle deserialization
Oct 22nd 2025
sonw-vh
•
informative
Critical
Path Traversal Vulnerability in HuggingFace Transformers Model Conversion Script...
Nov 3rd 2025
yousefabdelmohymen
•
informative
Medium
Path Traversal Leading to Arbitrary File Read
Jan 5th 2026
joelindra
•
informative
High
Path Traversal in Checkpoint Resumption
Jan 6th 2026
joelindra
•
pending
Server-Side Request Forgery (SSRF)
Jan 6th 2026
joelindra
•
informative
Critical
Insecure Deserialization leading to Remote Code Execution (RCE)
Nov 6th 2025
joelindra
•
duplicate
Critical
Path Traversal leading to Arbitrary File Write/Read
Jan 5th 2026
joelindra
•
informative
Critical
Division by Zero (Leading to Denial of Service)
Nov 17th 2025
joelindra
•
informative
High
Unsafe tarfile extraction allows directory traversal and arbitrary file overwrit...
Jan 5th 2026
slezzz
•
informative
High
Unsafe eval() usage in configuration parsing allows code execution
Nov 6th 2025
slezzz
•
duplicate
High
Unsafe torch.load() Without weights_only Parameter
Nov 6th 2025
slezzz
•
duplicate
High
Unrestricted CORS Configuration
Nov 18th 2025
swilliams9772
•
informative
Medium
Path Traversal in Archive Extraction (Zip/TarSlip)
Jan 5th 2026
swilliams9772
•
informative
High
Code Injection via Unsafe YAML Deserialization
Nov 6th 2025
swilliams9772
•
duplicate
Critical
Command Injection in SageMaker Distributed Training Script
Nov 26th 2025
vutuanviet123
•
informative
Critical
Arbitrary Code Execution via eval() in SEW Model Conversion Scripts
Nov 6th 2025
vutuanviet123
•
duplicate
Critical
Path Traversal Vulnerability in Llama Model Conversion Script
Oct 16th 2025
vutuanviet123
•
informative
High
RCE in Hugging Face Transformers: Unsafe Deserialization in Dataset Loaders
Oct 9th 2025
grugrog
•
informative
Critical
TOCTOU Race Condition in Transformers Configuration Loading Compromises Training...
Oct 8th 2025
rudra2018
•
informative
Medium
CRITICAL Rce
Jan 7th 2026
shemshallah
•
not applicable
Critical RCE via trust_remote_code in Hugging Face Transformers Pipelines (Code...
Sep 24th 2025
rudra2018
•
duplicate
Critical
Unsafe use of torch.load() in HuggingFace Transformers leads to Arbitrary Code E...
Dec 8th 2025
ko7-dev
•
informative
Critical
ZDI-CAN-27984: Hugging Face Transformers megatron_gpt2 Deserialization of Untrus...
Dec 8th 2025
zdi-disclosures
•
informative
High
Regular expression Denial of Service - ReDoS
Aug 12th 2025
mhnrv
•
duplicate
Medium
ReDoS Vulnerability Reoccurred in tokenization_gptsan_japanese.py Due to Inadequ...
Sep 12th 2025
freedom-of-the-mind
•
informative
Medium
Server-Side Request Forgery (SSRF) via Transformers Pipelines
Oct 16th 2025
ohmymagic
•
informative
Medium
Remote Code Execution in transformers.AutoModel.from_pretrained via malicious mo...
Jul 17th 2025
echooriginai
•
duplicate
Critical
Regular expression Denial of Service - ReDoS in huggingface/transformers in hugg...
Jul 16th 2025
jiang-niao
•
duplicate
Medium
Regular expression Denial of Service - ReDoS
Sep 12th 2025
arjunshibu
•
informative
Medium
Infinite Loop DoS via Malicious Tokenizer In Transformers TextGenerationPipeline
Oct 27th 2025
ashmitsh4rma
•
informative
High
Remote Code Execution via trust_remote_code Parameter in Transformers Model Load...
Jul 6th 2025
kn0x0x
•
duplicate
Critical
Arbitrary Code Execution via `trust_remote_code=True` in Hugging Face Transforme...
Jul 6th 2025
balook
•
duplicate
Medium
Dependacy chain attack through hijacking broken github repository at https://gi...
Oct 1st 2025
gopal-ethical
•
Low
•
$20
Low
•
$20
•
CVE-2025-11264
CVE-2025-11264
Remote Code Execution (RCE) via Deserialization in BloomTokenizerFast
Jul 1st 2025
mohammad-abd-el-fattah
•
informative
High
Secrets Exfiltration via vulnerable workflow
Jun 26th 2025
gauss-security
•
informative
Critical
Regular Expression Denial of Service (ReDoS) in AdamWeightDecay Optimizer
Sep 23rd 2025
joelindra
•
Medium
•
$125
Medium
•
$125
•
CVE-2025-6921
CVE-2025-6921
Arbitrary Code Execution via YAML Deserialization and Gadget Chaining
Nov 13th 2025
joelindra
•
informative
High
Path Traversal in Tokenizer Conversion Script
Sep 16th 2025
joelindra
•
Low
•
$20
Low
•
$20
•
CVE-2025-11231
CVE-2025-11231
Regular expression Denial of Service - ReDoS
Sep 12th 2025
arjunshibu
•
Medium
•
$125
Medium
•
$125
•
CVE-2025-6638
CVE-2025-6638
Remote Code Execution via Unsafe eval() in SEW/SEW-D Model Conversion Scripts
Jun 13th 2025
sahiloj
•
not applicable
Regular expression Denial of Service - ReDoS
Sep 14th 2025
arjunshibu
•
Medium
•
$125
Medium
•
$125
•
CVE-2025-6051
CVE-2025-6051
Insecure Deserialization via Pickle Cache
May 26th 2025
taiphung217
•
informative
High
Regular expression Denial of Service - ReDoS
Aug 6th 2025
arjunshibu
•
Medium
•
$125
Medium
•
$125
•
CVE-2025-5197
CVE-2025-5197
Remote Code Execution in Hugging Face Transformers via trust_remote_code=True Us...
Apr 15th 2025
michaelpierre
•
informative
High
Sandbox Escape in Python Code Interpreter Tool in transformers
Apr 17th 2025
jackfromeast
•
informative
High
Regular expression Denial of Service - ReDoS in huggingface/transformers
Jul 11th 2025
arjunshibu
•
Medium
•
$125
Medium
•
$125
•
CVE-2025-3933
CVE-2025-3933
Code Injection via Unsafe Model Configuration in transformershubconf.py
Apr 11th 2025
54j4n
•
informative
Critical
Potential Arbitrary Code Execution Vulnerability in convert_mlcvnets_to_pytorch....
Apr 14th 2025
kexinoh
•
informative
High
ReDOS Vulnerability
Mar 19th 2025
aydinnyunus
•
duplicate
High
URL Parsing Issue
Jun 24th 2025
aydinnyunus
•
Low
•
$20
Low
•
$20
•
CVE-2025-3777
CVE-2025-3777
Regular expression Denial of Service - ReDoS
Jun 15th 2025
arjunshibu
•
Medium
•
$125
Medium
•
$125
•
CVE-2025-3264
CVE-2025-3264
Regular expression Denial of Service - ReDoS
Jun 13th 2025
arjunshibu
•
Medium
•
$125
Medium
•
$125
•
CVE-2025-3263
CVE-2025-3263
Regular expression Denial of Service - ReDoS
Jun 5th 2025
taiphung217
•
Medium
•
$125
Medium
•
$125
•
CVE-2025-3262
CVE-2025-3262
Regular expression Denial of Service - ReDoS
May 19th 2025
taiphung217
•
Medium
•
$125
Medium
•
$125
•
CVE-2025-2099
CVE-2025-2099
Regular expression Denial of Service - ReDoS
Apr 29th 2025
taiphung217
•
Medium
•
$125
Medium
•
$125
•
CVE-2025-1194
CVE-2025-1194
Regular expression Denial of Service - ReDoS
Mar 10th 2025
taiphung217
•
Medium
•
$125
Medium
•
$125
•
CVE-2024-12720
CVE-2024-12720
WaitCanDeadlock
Jan 6th 2025
amanhasan01
•
informative
Critical
Path Traversal
Mar 5th 2025
amanhasan01
•
spam
Remote Code Execution via Unsafe Torch Load in TransfoXLCorpus
Mar 3rd 2025
zpbrent
•
Low
•
$20
Low
•
$20
Malicious model deployed in HF repo to reversed RCE and worm infection by RealmR...
Nov 20th 2024
azraelxuemo
•
duplicate
High
ZDI-CAN-25424: Hugging Face Transformers Transformer-XL Model Deserialization of...
Dec 17th 2024
zdi-disclosures
•
informative
High
ZDI-CAN-25423: Hugging Face Transformers Perceiver Model Deserialization of Untr...
Oct 17th 2024
zdi-disclosures
•
duplicate
High
ZDI-CAN-25012: New Vulnerability Report
Oct 14th 2024
zdi-disclosures
•
informative
High
ZDI-CAN-25191: Hugging Face Transformers MaskFormer Model Deserialization of Unt...
Oct 14th 2024
zdi-disclosures
•
informative
High
Improper sanitization of Branch Name Leads to Arbitrary Code Injection
Oct 14th 2024
arunstar
•
informative
High
ZDI-CAN-24322: Hugging Face Transformers MobileViTV2 Deserialization of Untruste...
Oct 14th 2024
zdi-disclosures
•
informative
High
RCE when loading HuggingFace Hub tool from a collection using the ToolCollection
Sep 5th 2024
wangxuefei0912
•
duplicate
High
Access tokens exposure in git repo
Aug 9th 2024
giantathos
•
informative
None
Remote Code Execution through Deserilization of Untrusted data in convert_maskfo...
Aug 19th 2024
piyush-bhor
•
informative
High
Code execution with CodeAgent
Aug 13th 2024
0gur1
•
informative
High
Insecure Temporary File
May 13th 2024
h2oa
•
informative
Medium
OS command injection
Apr 8th 2024
tuna18dv
•
informative
Critical
RCE when loading HuggingFace Hub 'tools' in 'src/transformers/tools/base.py' ->...
Apr 30th 2024
retr0reg
•
Medium
•
$125
Medium
•
$125
test
Mar 9th 2024
lengochoa7112000
•
self closed
Transformers has a Deserialization of Untrusted Data vulnerability
Mar 27th 2024
retr0reg
•
Low
•
$20
Low
•
$20
•
CVE-2024-3568
CVE-2024-3568
ReDos in tokenization_gptsan_japanese.py#L466
Jan 26th 2024
lujiefsi
•
spam
Malicious model deployed in HF repo to reversed RCE and worm infection by RagRet...
Dec 12th 2023
zpbrent
•
Critical
•
$1500
Critical
•
$1500
•
CVE-2023-6730
CVE-2023-6730
An unverified deserialized data stream of function trust was found in transform...
Nov 22nd 2023
carnival-z
•
informative
Critical
Time of check time of use (toctou) Race Condition
Nov 22nd 2023
hiu240900
•
not applicable
Arbitrary Code Execution via YAML Deserialisation
Nov 22nd 2023
b3ef
•
informative
Medium
Remote Code Execution (RCE)
Oct 5th 2023
ready-research
•
self closed
Stored XSS reflected on model endpoint
Oct 31st 2023
immortalengine1
•
informative
Critical
Re: “Per-reference”: Enter: Brute-Level Bot
Oct 19th 2023
xavier6
•
spam
Malicious model to RCE by vocab file load in TransfoXLTokenizer (as well as the...
Dec 20th 2023
zpbrent
•
Critical
•
$1500
Critical
•
$1500
•
CVE-2023-7018
CVE-2023-7018
Deserialisation of Untrusted data Leading to Arbitrary Code Execution
Aug 22nd 2023
b3ef
•
not applicable
Unsafe `yaml.load` is used in `convert_mlcvnets_to_pytorch` and `convert_marian_...
Oct 14th 2024
lyutoon
•
informative
High
Unsafe deserialize
Apr 12th 2024
nhienit2010
•
self closed
RATE CONDITION LEAD TO DOS
Apr 16th 2023
novemberdad
•
not applicable
CORS - In COmments reaction..
Apr 3rd 2023
panveanyy
•
spam
CVE-2021-30473 - Detected
Mar 8th 2023
saintsconnor
•
informative
Critical
Buffer Overflow - aom/libaom0@1.0.0.errata1-3
Mar 8th 2023
saintsconnor
•
informative
Critical
Vulnearble to path travelsal
Mar 8th 2023
0xparth
•
informative
Critical
Amazon AWS S3 Bucket Misconfigurations (Upload, Dowload, List out any file to S3...
Feb 23rd 2024
harshbanshpal
•
informative
Critical
EXIF Geolocation Data Not Stripped From Uploaded Profile Images in https://huggi...
Feb 23rd 2024
harshbanshpal
•
informative
Medium
Inefficient Regular Expression Complexity(ReDoS)
Mar 8th 2023
ready-research
•
informative
High
Insecure Temporary File
May 18th 2023
ready-research
•
Medium
•
$980
Medium
•
$980
•
CVE-2023-2800
CVE-2023-2800
Command Injection in utils/check_self_hosted_runner.py
Mar 8th 2023
danmcinerney
•
informative
Low
Lack of Character Limit in Full Name Sections Leads to Denial of Service in
Jan 23rd 2023
7h3h4ckv157
•
not applicable
Inefficient Regular Expression Complexity
Mar 8th 2023
dwisiswant0
•
informative
Medium
CRITICAL
$1500
HIGH
$750
MEDIUM
$125
LOW
$20
