Browse all 15 CVE security advisories affecting Hugging Face. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Hugging Face develops open-source machine learning platforms and models, hosting thousands of AI artifacts for researchers and developers. Historically, common vulnerabilities include remote code execution (RCE) in model repositories, cross-site scripting (XSS) in web interfaces, and privilege escalation flaws in API access controls. Notable security characteristics include a bug bounty program and public vulnerability disclosure process. While no major public incidents have been widely reported, the platform's 15 CVEs highlight risks associated with third-party dependencies and containerized model deployments, requiring careful input validation and access management to prevent exploitation.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-14922 | Hugging Face Diffusers CogView4 Deserialization of Untrusted Data Remote Code Execution Vulnerability — DiffusersCWE-502 | 7.8AI | HighAI | 2025-12-23 |
This page lists every published CVE security advisory associated with Hugging Face. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.