Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

huggingface — Vulnerabilities & Security Advisories 24

Browse all 24 CVE security advisories affecting huggingface. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Hugging Face operates as a collaborative platform for machine learning, primarily hosting models, datasets, and applications to facilitate open-source AI development. While its core infrastructure relies on standard web technologies, security audits have identified twenty-four recorded Common Vulnerabilities and Exposures (CVEs). Historically, these issues predominantly involve cross-site scripting (XSS) and server-side request forgery (SSRF), stemming from complex input handling within its Python-based backend and JavaScript frontend components. Although critical remote code execution (RCE) vulnerabilities have been rare, the platform’s role as a central hub for model distribution amplifies the impact of any compromise. Notable incidents have largely focused on data exposure risks rather than direct system takeovers, highlighting the inherent challenges in securing large-scale, community-driven repositories. Continuous patching and strict access controls remain essential to mitigate these evolving threats within its extensive ecosystem.

Found 17 results / 24Clear Filters
Top products by huggingface: huggingface/transformers huggingface/text-generation-inference huggingface/smolagents smolagents LeRobot
CVE IDTitleCVSSSeverityPublished
CVE-2026-1839 Arbitrary Code Execution via Unsafe torch.load() in Trainer Checkpoint Loading in huggingface/transformers — huggingface/transformersCWE-502 9.8AICriticalAI2026-04-07
CVE-2025-6921 Regular Expression Denial of Service (ReDoS) in huggingface/transformers — huggingface/transformersCWE-400 7.5 -2025-09-23
CVE-2025-6051 Regular Expression Denial of Service (ReDoS) in huggingface/transformers — huggingface/transformersCWE-1333 7.5 -2025-09-14
CVE-2025-6638 Regular Expression Denial of Service (ReDoS) in huggingface/transformers — huggingface/transformersCWE-1333 7.5 -2025-09-12
CVE-2025-5197 Regular Expression Denial of Service (ReDoS) in huggingface/transformers — huggingface/transformersCWE-1333 7.5 -2025-08-06
CVE-2025-3933 Regular Expression Denial of Service (ReDoS) in huggingface/transformers — huggingface/transformersCWE-1333 7.5AIHighAI2025-07-11
CVE-2025-3777 Improper Input Validation in huggingface/transformers — huggingface/transformersCWE-20 9.1 -2025-07-07
CVE-2025-3264 Regular Expression Denial of Service (ReDoS) in huggingface/transformers — huggingface/transformersCWE-1333 7.5 -2025-07-07
CVE-2025-3263 Regular Expression Denial of Service (ReDoS) in huggingface/transformers — huggingface/transformersCWE-1333 7.5 -2025-07-07
CVE-2025-3262 Regular Expression Denial of Service (ReDoS) in huggingface/transformers — huggingface/transformersCWE-1333 7.5 -2025-07-07
CVE-2025-2099 Regular Expression Denial of Service (ReDoS) in huggingface/transformers — huggingface/transformersCWE-1333 7.5 -2025-05-19
CVE-2025-1194 Regular Expression Denial of Service (ReDoS) in huggingface/transformers — huggingface/transformersCWE-1333 7.5AIHighAI2025-04-29
CVE-2024-12720 Regular Expression Denial of Service (ReDoS) in huggingface/transformers — huggingface/transformersCWE-1333 7.5 -2025-03-20
CVE-2024-3568 Arbitrary Code Execution via Deserialization in huggingface/transformers — huggingface/transformersCWE-502 8.8AIHighAI2024-04-10
CVE-2023-7018 Deserialization of Untrusted Data in huggingface/transformers — huggingface/transformersCWE-502 9.8 -2023-12-20
CVE-2023-6730 Deserialization of Untrusted Data in huggingface/transformers — huggingface/transformersCWE-502 9.8 -2023-12-19
CVE-2023-2800 Insecure Temporary File in huggingface/transformers — huggingface/transformersCWE-377--2023-05-18

This page lists every published CVE security advisory associated with huggingface. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.