transformers-4.38.1-py3-none-any.whl: 14 vulnerabilities (highest severity is: 8.8) #52
Description
Vulnerable Library - transformers-4.38.1-py3-none-any.whl
State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow
Library home page: https://files.pythonhosted.org/packages/3e/6b/1b589f7b69aaea8193cf5bc91cf97410284aecd97b6312cdb08baedbdffe/transformers-4.38.1-py3-none-any.whl
Path to dependency file: /models/selfies_ted/requirements.txt
Path to vulnerable library: /tmp/ws-ua_20250918082811_EVRJPN/python_EMJYWP/20250918082812/transformers-4.38.1-py3-none-any.whl
Found in HEAD commit: de615824db77a7030c9d4126994d28cbe005791b
Vulnerabilities
| Vulnerability | Severity |  CVSS |
Dependency | Type | Fixed in (transformers version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2024-11394 |  High |
8.8 | transformers-4.38.1-py3-none-any.whl | Direct | transformers - 4.48.0 | ✅ |
| CVE-2024-11393 | High |
8.8 | transformers-4.38.1-py3-none-any.whl | Direct | transformers - 4.48.0 | ✅ |
| CVE-2024-11392 | High |
8.8 | transformers-4.38.1-py3-none-any.whl | Direct | transformers - 4.48.0 | ✅ |
| CVE-2025-3262 | High |
7.5 | transformers-4.38.1-py3-none-any.whl | Direct | https://github.com/huggingface/transformers.git - v4.51.0 | ✅ |
| CVE-2025-2099 | High |
7.5 | transformers-4.38.1-py3-none-any.whl | Direct | transformers - 4.50.0 | ✅ |
| CVE-2025-6638 |  Medium |
5.3 | transformers-4.38.1-py3-none-any.whl | Direct | transformers - 4.53.0 | ✅ |
| CVE-2025-6051 | Medium |
5.3 | transformers-4.38.1-py3-none-any.whl | Direct | transformers - 4.53.0 | ✅ |
| CVE-2025-5197 | Medium |
5.3 | transformers-4.38.1-py3-none-any.whl | Direct | transformers - 4.53.0 | ✅ |
| CVE-2025-3933 | Medium |
5.3 | transformers-4.38.1-py3-none-any.whl | Direct | https://github.com/huggingface/transformers.git - v4.52.1 | ✅ |
| CVE-2025-3264 | Medium |
5.3 | transformers-4.38.1-py3-none-any.whl | Direct | transformers - 4.51.0 | ✅ |
| CVE-2025-3263 | Medium |
5.3 | transformers-4.38.1-py3-none-any.whl | Direct | transformers - 4.51.0 | ✅ |
| CVE-2024-12720 | Medium |
5.3 | transformers-4.38.1-py3-none-any.whl | Direct | transformers - 4.48.0 | ✅ |
| CVE-2025-1194 | Medium |
4.3 | transformers-4.38.1-py3-none-any.whl | Direct | https://github.com/huggingface/transformers.git - v4.50.0 | ✅ |
| CVE-2025-3777 |  Low |
3.5 | transformers-4.38.1-py3-none-any.whl | Direct | transformers - 4.52.1 | ✅ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2024-11394
Vulnerable Library - transformers-4.38.1-py3-none-any.whl
State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow
Library home page: https://files.pythonhosted.org/packages/3e/6b/1b589f7b69aaea8193cf5bc91cf97410284aecd97b6312cdb08baedbdffe/transformers-4.38.1-py3-none-any.whl
Path to dependency file: /models/selfies_ted/requirements.txt
Path to vulnerable library: /tmp/ws-ua_20250918082811_EVRJPN/python_EMJYWP/20250918082812/transformers-4.38.1-py3-none-any.whl
Dependency Hierarchy:
- ❌ transformers-4.38.1-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: de615824db77a7030c9d4126994d28cbe005791b
Found in base branch: main
Vulnerability Details
Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25012.
Mend Note: The description of this vulnerability differs from MITRE.
Publish Date: 2024-11-22
URL: CVE-2024-11394
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2024-11394
Release Date: 2024-11-22
Fix Resolution: transformers - 4.48.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2024-11393
Vulnerable Library - transformers-4.38.1-py3-none-any.whl
State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow
Library home page: https://files.pythonhosted.org/packages/3e/6b/1b589f7b69aaea8193cf5bc91cf97410284aecd97b6312cdb08baedbdffe/transformers-4.38.1-py3-none-any.whl
Path to dependency file: /models/selfies_ted/requirements.txt
Path to vulnerable library: /tmp/ws-ua_20250918082811_EVRJPN/python_EMJYWP/20250918082812/transformers-4.38.1-py3-none-any.whl
Dependency Hierarchy:
- ❌ transformers-4.38.1-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: de615824db77a7030c9d4126994d28cbe005791b
Found in base branch: main
Vulnerability Details
Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25191.
Mend Note: The description of this vulnerability differs from MITRE.
Publish Date: 2024-11-22
URL: CVE-2024-11393
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2024-11393
Release Date: 2024-11-22
Fix Resolution: transformers - 4.48.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2024-11392
Vulnerable Library - transformers-4.38.1-py3-none-any.whl
State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow
Library home page: https://files.pythonhosted.org/packages/3e/6b/1b589f7b69aaea8193cf5bc91cf97410284aecd97b6312cdb08baedbdffe/transformers-4.38.1-py3-none-any.whl
Path to dependency file: /models/selfies_ted/requirements.txt
Path to vulnerable library: /tmp/ws-ua_20250918082811_EVRJPN/python_EMJYWP/20250918082812/transformers-4.38.1-py3-none-any.whl
Dependency Hierarchy:
- ❌ transformers-4.38.1-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: de615824db77a7030c9d4126994d28cbe005791b
Found in base branch: main
Vulnerability Details
Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of configuration files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-24322.
Mend Note: The description of this vulnerability differs from MITRE.
Publish Date: 2024-11-22
URL: CVE-2024-11392
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2024-11392
Release Date: 2024-11-22
Fix Resolution: transformers - 4.48.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2025-3262
Vulnerable Library - transformers-4.38.1-py3-none-any.whl
State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow
Library home page: https://files.pythonhosted.org/packages/3e/6b/1b589f7b69aaea8193cf5bc91cf97410284aecd97b6312cdb08baedbdffe/transformers-4.38.1-py3-none-any.whl
Path to dependency file: /models/selfies_ted/requirements.txt
Path to vulnerable library: /tmp/ws-ua_20250918082811_EVRJPN/python_EMJYWP/20250918082812/transformers-4.38.1-py3-none-any.whl
Dependency Hierarchy:
- ❌ transformers-4.38.1-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: de615824db77a7030c9d4126994d28cbe005791b
Found in base branch: main
Vulnerability Details
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular expression complexity in the "SETTING_RE" variable within the "transformers/commands/chat.py" file. The regex contains repetition groups and non-optimized quantifiers, leading to exponential backtracking when processing 'almost matching' payloads. This can degrade application performance and potentially result in a denial-of-service (DoS) when handling specially crafted input strings. The issue is fixed in version 4.51.0.
Mend Note: The description of this vulnerability differs from MITRE.
Publish Date: 2025-07-07
URL: CVE-2025-3262
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: huggingface/transformers#36964
Release Date: 2025-07-07
Fix Resolution: https://github.com/huggingface/transformers.git - v4.51.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2025-2099
Vulnerable Library - transformers-4.38.1-py3-none-any.whl
State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow
Library home page: https://files.pythonhosted.org/packages/3e/6b/1b589f7b69aaea8193cf5bc91cf97410284aecd97b6312cdb08baedbdffe/transformers-4.38.1-py3-none-any.whl
Path to dependency file: /models/selfies_ted/requirements.txt
Path to vulnerable library: /tmp/ws-ua_20250918082811_EVRJPN/python_EMJYWP/20250918082812/transformers-4.38.1-py3-none-any.whl
Dependency Hierarchy:
- ❌ transformers-4.38.1-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: de615824db77a7030c9d4126994d28cbe005791b
Found in base branch: main
Vulnerability Details
A vulnerability in the "preprocess_string()" function of the "transformers.testing_utils" module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service (ReDoS) attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leading to exponential backtracking when processing input with a large number of newline characters. An attacker can exploit this by providing a specially crafted payload, causing high CPU usage and potential application downtime, effectively resulting in a Denial of Service (DoS) scenario.
Publish Date: 2025-05-19
URL: CVE-2025-2099
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-qq3j-4f4f-9583
Release Date: 2025-05-19
Fix Resolution: transformers - 4.50.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2025-6638
Vulnerable Library - transformers-4.38.1-py3-none-any.whl
State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow
Library home page: https://files.pythonhosted.org/packages/3e/6b/1b589f7b69aaea8193cf5bc91cf97410284aecd97b6312cdb08baedbdffe/transformers-4.38.1-py3-none-any.whl
Path to dependency file: /models/selfies_ted/requirements.txt
Path to vulnerable library: /tmp/ws-ua_20250918082811_EVRJPN/python_EMJYWP/20250918082812/transformers-4.38.1-py3-none-any.whl
Dependency Hierarchy:
- ❌ transformers-4.38.1-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: de615824db77a7030c9d4126994d28cbe005791b
Found in base branch: main
Vulnerability Details
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically affecting the MarianTokenizer's "remove_language_code()" method. This vulnerability is present in version 4.52.4 and has been fixed in version 4.53.0. The issue arises from inefficient regex processing, which can be exploited by crafted input strings containing malformed language code patterns, leading to excessive CPU consumption and potential denial of service.
Publish Date: 2025-09-12
URL: CVE-2025-6638
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
Suggested Fix
Type: Upgrade version
Origin: https://huntr.com/bounties/6a6c933f-9ce8-4ded-8b3b-2c1444c61f36
Release Date: 2025-09-12
Fix Resolution: transformers - 4.53.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2025-6051
Vulnerable Library - transformers-4.38.1-py3-none-any.whl
State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow
Library home page: https://files.pythonhosted.org/packages/3e/6b/1b589f7b69aaea8193cf5bc91cf97410284aecd97b6312cdb08baedbdffe/transformers-4.38.1-py3-none-any.whl
Path to dependency file: /models/selfies_ted/requirements.txt
Path to vulnerable library: /tmp/ws-ua_20250918082811_EVRJPN/python_EMJYWP/20250918082812/transformers-4.38.1-py3-none-any.whl
Dependency Hierarchy:
- ❌ transformers-4.38.1-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: de615824db77a7030c9d4126994d28cbe005791b
Found in base branch: main
Vulnerability Details
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the "normalize_numbers()" method of the "EnglishNormalizer" class. This vulnerability affects versions up to 4.52.4 and is fixed in version 4.53.0. The issue arises from the method's handling of numeric strings, which can be exploited using crafted input strings containing long sequences of digits, leading to excessive CPU consumption. This vulnerability impacts text-to-speech and number normalization tasks, potentially causing service disruption, resource exhaustion, and API vulnerabilities.
Publish Date: 2025-09-14
URL: CVE-2025-6051
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
Suggested Fix
Type: Upgrade version
Origin: huggingface/transformers@ba8eaba
Release Date: 2025-09-14
Fix Resolution: transformers - 4.53.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2025-5197
Vulnerable Library - transformers-4.38.1-py3-none-any.whl
State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow
Library home page: https://files.pythonhosted.org/packages/3e/6b/1b589f7b69aaea8193cf5bc91cf97410284aecd97b6312cdb08baedbdffe/transformers-4.38.1-py3-none-any.whl
Path to dependency file: /models/selfies_ted/requirements.txt
Path to vulnerable library: /tmp/ws-ua_20250918082811_EVRJPN/python_EMJYWP/20250918082812/transformers-4.38.1-py3-none-any.whl
Dependency Hierarchy:
- ❌ transformers-4.38.1-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: de615824db77a7030c9d4126994d28cbe005791b
Found in base branch: main
Vulnerability Details
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the Hugging Face Transformers library, specifically in the "convert_tf_weight_name_to_pt_weight_name()" function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern "/[^/]___([^/])/" that can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. The vulnerability affects versions up to 4.51.3 and is fixed in version 4.53.0. This issue can lead to service disruption, resource exhaustion, and potential API service vulnerabilities, impacting model conversion processes between TensorFlow and PyTorch formats.
Publish Date: 2025-08-06
URL: CVE-2025-5197
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
Suggested Fix
Type: Upgrade version
Origin: GHSA-9356-575x-2w9m
Release Date: 2025-08-06
Fix Resolution: transformers - 4.53.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2025-3933
Vulnerable Library - transformers-4.38.1-py3-none-any.whl
State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow
Library home page: https://files.pythonhosted.org/packages/3e/6b/1b589f7b69aaea8193cf5bc91cf97410284aecd97b6312cdb08baedbdffe/transformers-4.38.1-py3-none-any.whl
Path to dependency file: /models/selfies_ted/requirements.txt
Path to vulnerable library: /tmp/ws-ua_20250918082811_EVRJPN/python_EMJYWP/20250918082812/transformers-4.38.1-py3-none-any.whl
Dependency Hierarchy:
- ❌ transformers-4.38.1-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: de615824db77a7030c9d4126994d28cbe005791b
Found in base branch: main
Vulnerability Details
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's "token2json()" method. This vulnerability affects versions 4.50.3 and earlier, and is fixed in version 4.52.1. The issue arises from the regex pattern "<s_(.*?)>" which can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. This vulnerability can lead to service disruption, resource exhaustion, and potential API service vulnerabilities, impacting document processing tasks using the Donut model.
Mend Note: The description of this vulnerability differs from MITRE.
Publish Date: 2025-07-11
URL: CVE-2025-3933
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
Suggested Fix
Type: Upgrade version
Origin: huggingface/transformers@ebbe9b1
Release Date: 2025-07-11
Fix Resolution: https://github.com/huggingface/transformers.git - v4.52.1
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2025-3264
Vulnerable Library - transformers-4.38.1-py3-none-any.whl
State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow
Library home page: https://files.pythonhosted.org/packages/3e/6b/1b589f7b69aaea8193cf5bc91cf97410284aecd97b6312cdb08baedbdffe/transformers-4.38.1-py3-none-any.whl
Path to dependency file: /models/selfies_ted/requirements.txt
Path to vulnerable library: /tmp/ws-ua_20250918082811_EVRJPN/python_EMJYWP/20250918082812/transformers-4.38.1-py3-none-any.whl
Dependency Hierarchy:
- ❌ transformers-4.38.1-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: de615824db77a7030c9d4126994d28cbe005791b
Found in base branch: main
Vulnerability Details
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the "get_imports()" function within "dynamic_module_utils.py". This vulnerability affects versions 4.49.0 and is fixed in version 4.51.0. The issue arises from a regular expression pattern "\stry\s:.?except.?:" used to filter out try/except blocks from Python code, which can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. This vulnerability can lead to remote code loading disruption, resource exhaustion in model serving, supply chain attack vectors, and development pipeline disruption.
Mend Note: The description of this vulnerability differs from MITRE.
Publish Date: 2025-07-07
URL: CVE-2025-3264
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
Suggested Fix
Type: Upgrade version
Origin: huggingface/transformers@0720e20
Release Date: 2025-07-07
Fix Resolution: transformers - 4.51.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2025-3263
Vulnerable Library - transformers-4.38.1-py3-none-any.whl
State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow
Library home page: https://files.pythonhosted.org/packages/3e/6b/1b589f7b69aaea8193cf5bc91cf97410284aecd97b6312cdb08baedbdffe/transformers-4.38.1-py3-none-any.whl
Path to dependency file: /models/selfies_ted/requirements.txt
Path to vulnerable library: /tmp/ws-ua_20250918082811_EVRJPN/python_EMJYWP/20250918082812/transformers-4.38.1-py3-none-any.whl
Dependency Hierarchy:
- ❌ transformers-4.38.1-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: de615824db77a7030c9d4126994d28cbe005791b
Found in base branch: main
Vulnerability Details
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the "get_configuration_file()" function within the "transformers.configuration_utils" module. The affected version is 4.49.0, and the issue is resolved in version 4.51.0. The vulnerability arises from the use of a regular expression pattern "config.(.*).json" that can be exploited to cause excessive CPU consumption through crafted input strings, leading to catastrophic backtracking. This can result in model serving disruption, resource exhaustion, and increased latency in applications using the library.
Mend Note: The description of this vulnerability differs from MITRE.
Publish Date: 2025-07-07
URL: CVE-2025-3263
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
Suggested Fix
Type: Upgrade version
Origin: huggingface/transformers@0720e20
Release Date: 2025-07-07
Fix Resolution: transformers - 4.51.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2024-12720
Vulnerable Library - transformers-4.38.1-py3-none-any.whl
State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow
Library home page: https://files.pythonhosted.org/packages/3e/6b/1b589f7b69aaea8193cf5bc91cf97410284aecd97b6312cdb08baedbdffe/transformers-4.38.1-py3-none-any.whl
Path to dependency file: /models/selfies_ted/requirements.txt
Path to vulnerable library: /tmp/ws-ua_20250918082811_EVRJPN/python_EMJYWP/20250918082812/transformers-4.38.1-py3-none-any.whl
Dependency Hierarchy:
- ❌ transformers-4.38.1-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: de615824db77a7030c9d4126994d28cbe005791b
Found in base branch: main
Vulnerability Details
A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file tokenization_nougat_fast.py. The vulnerability occurs in the post_process_single() function, where a regular expression processes specially crafted input. The issue stems from the regex exhibiting exponential time complexity under certain conditions, leading to excessive backtracking. This can result in significantly high CPU usage and potential application downtime, effectively creating a Denial of Service (DoS) scenario. The affected version is v4.46.3 (latest).
Publish Date: 2025-03-20
URL: CVE-2024-12720
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2024-12720
Release Date: 2025-03-20
Fix Resolution: transformers - 4.48.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2025-1194
Vulnerable Library - transformers-4.38.1-py3-none-any.whl
State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow
Library home page: https://files.pythonhosted.org/packages/3e/6b/1b589f7b69aaea8193cf5bc91cf97410284aecd97b6312cdb08baedbdffe/transformers-4.38.1-py3-none-any.whl
Path to dependency file: /models/selfies_ted/requirements.txt
Path to vulnerable library: /tmp/ws-ua_20250918082811_EVRJPN/python_EMJYWP/20250918082812/transformers-4.38.1-py3-none-any.whl
Dependency Hierarchy:
- ❌ transformers-4.38.1-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: de615824db77a7030c9d4126994d28cbe005791b
Found in base branch: main
Vulnerability Details
A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file "tokenization_gpt_neox_japanese.py" of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where regular expressions process specially crafted inputs. The issue stems from a regex exhibiting exponential complexity under certain conditions, leading to excessive backtracking. This can result in high CPU usage and potential application downtime, effectively creating a Denial of Service (DoS) scenario. The affected version is v4.48.1 (latest).
Mend Note: The description of this vulnerability differs from MITRE.
Publish Date: 2025-04-29
URL: CVE-2025-1194
CVSS 3 Score Details (4.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
Suggested Fix
Type: Upgrade version
Origin: huggingface/transformers@92c5ca9
Release Date: 2025-04-29
Fix Resolution: https://github.com/huggingface/transformers.git - v4.50.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2025-3777
Vulnerable Library - transformers-4.38.1-py3-none-any.whl
State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow
Library home page: https://files.pythonhosted.org/packages/3e/6b/1b589f7b69aaea8193cf5bc91cf97410284aecd97b6312cdb08baedbdffe/transformers-4.38.1-py3-none-any.whl
Path to dependency file: /models/selfies_ted/requirements.txt
Path to vulnerable library: /tmp/ws-ua_20250918082811_EVRJPN/python_EMJYWP/20250918082812/transformers-4.38.1-py3-none-any.whl
Dependency Hierarchy:
- ❌ transformers-4.38.1-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: de615824db77a7030c9d4126994d28cbe005791b
Found in base branch: main
Vulnerability Details
Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the "image_utils.py" file. The vulnerability arises from insecure URL validation using the "startswith()" method, which can be bypassed through URL username injection. This allows attackers to craft URLs that appear to be from YouTube but resolve to malicious domains, potentially leading to phishing attacks, malware distribution, or data exfiltration. The issue is fixed in version 4.52.1.
Mend Note: The description of this vulnerability differs from MITRE.
Publish Date: 2025-07-07
URL: CVE-2025-3777
CVSS 3 Score Details (3.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: huggingface/transformers@4dda5f7
Release Date: 2025-07-07
Fix Resolution: transformers - 4.52.1
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.