Known Vulnerabilities for products from Huggingface
Listed below are 5 of the newest known vulnerabilities associated with the vendor "Huggingface".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-31239 json | Not Provided | 2026-05-12 | 2026-05-12 | |
| CVE-2026-25874 json | LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads() i... | Not Provided | 2026-04-23 | 2026-04-28 |
| CVE-2026-7669 json | Not Provided | 2026-05-02 | 2026-05-05 | |
| CVE-2026-6859 json | Not Provided | 2026-04-22 | 2026-05-04 | |
| CVE-2026-4963 json | A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affects the function evaluate_augassign/evaluate_c... | Not Provided | 2026-03-27 | 2026-04-30 |
| CVE-2026-2654 json | A weakness has been identified in huggingface smolagents 1.24.0. Impacted is the function requests.get/requests.post of the c... | Not Provided | 2026-02-18 | 2026-04-29 |
| CVE-2026-1839 json | A vulnerability in the HuggingFace Transformers library, specifically in the `Trainer` class, allows for arbitrary code execu... | Not Provided | 2026-04-07 | 2026-04-28 |
| CVE-2023-2800 json | Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0. | 4.7 - MEDIUM | 2023-05-18 | 2023-05-26 |