Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Hugging Face — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting Hugging Face. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Hugging Face develops open-source machine learning platforms and models, hosting thousands of AI artifacts for researchers and developers. Historically, common vulnerabilities include remote code execution (RCE) in model repositories, cross-site scripting (XSS) in web interfaces, and privilege escalation flaws in API access controls. Notable security characteristics include a bug bounty program and public vulnerability disclosure process. While no major public incidents have been widely reported, the platform's 15 CVEs highlight risks associated with third-party dependencies and containerized model deployments, requiring careful input validation and access management to prevent exploitation.

Top products by Hugging Face: Transformers Diffusers smolagents Accelerate LeRobot
CVE IDTitleCVSSSeverityPublished
CVE-2026-25874 LeRobot Unsafe Deserialization Remote Code Execution via gRPC — LeRobotCWE-502 9.8AICriticalAI2026-04-23
CVE-2025-14925 Hugging Face Accelerate Deserialization of Untrusted Data Remote Code Execution Vulnerability — AccelerateCWE-502 7.8AIHighAI2025-12-23
CVE-2025-14922 Hugging Face Diffusers CogView4 Deserialization of Untrusted Data Remote Code Execution Vulnerability — DiffusersCWE-502 7.8AIHighAI2025-12-23
CVE-2025-14931 Hugging Face smolagents Remote Python Executor Deserialization of Untrusted Data Remote Code Execution Vulnerability — smolagentsCWE-502 9.8AICriticalAI2025-12-23
CVE-2025-14930 Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Execution Vulnerability — TransformersCWE-502 7.8AIHighAI2025-12-23
CVE-2025-14928 Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execution Vulnerability — TransformersCWE-94 8.8AIHighAI2025-12-23
CVE-2025-14924 Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability — TransformersCWE-502 7.8AIHighAI2025-12-23
CVE-2025-14920 Hugging Face Transformers Perceiver Model Deserialization of Untrusted Data Remote Code Execution Vulnerability — TransformersCWE-502 7.8AIHighAI2025-12-23
CVE-2025-14926 Hugging Face Transformers SEW convert_config Code Injection Remote Code Execution Vulnerability — TransformersCWE-94 8.8AIHighAI2025-12-23
CVE-2025-14927 Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execution Vulnerability — TransformersCWE-94 8.8AIHighAI2025-12-23
CVE-2025-14921 Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Execution Vulnerability — TransformersCWE-502 7.8AIHighAI2025-12-23
CVE-2025-14929 Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability — TransformersCWE-502 8.8AIHighAI2025-12-23
CVE-2024-11394 Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability — TransformersCWE-502 7.8 -2024-11-22
CVE-2024-11393 Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability — TransformersCWE-502 7.8 -2024-11-22
CVE-2024-11392 Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability — TransformersCWE-502 7.8 -2024-11-22

This page lists every published CVE security advisory associated with Hugging Face. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.