Vulnerabilidades en huggingface
28 resultadosCVE-2026-0599HIGHUnbounded External Image Fetch in Validation Leads to Resource-Exhaustion DoS in huggingface/text-generation-inferenceEPSS 23.7%CVE-2025-5120HIGHSandbox Escape Vulnerability in huggingface/smolagentsEPSS 17.7%CVE-2024-3568LOWArbitrary Code Execution via Deserialization in huggingface/transformersEPSS 2.1%CVE-2023-6730CRITICALDeserialization of Untrusted Data in huggingface/transformersEPSS 0.9%CVE-2023-7018CRITICALDeserialization of Untrusted Data in huggingface/transformersEPSS 0.7%CVE-2024-12720MEDIUMRegular Expression Denial of Service (ReDoS) in huggingface/transformersEPSS 0.7%CVE-2026-44513HIGHDiffusers: `trust_remote_code` bypass via `custom_pipeline` and local custom componentsEPSS 0.7%CVE-2026-4963MEDIUMhuggingface smolagents Incomplete Fix CVE-2025-9959 local_python_executor.py evaluate_with code injectionEPSS 0.6%CVE-2026-44827HIGHDiffusers: None.py Trust Remote Code BypassEPSS 0.6%CVE-2025-2099MEDIUMRegular Expression Denial of Service (ReDoS) in huggingface/transformersEPSS 0.5%CVE-2025-6638MEDIUMRegular Expression Denial of Service (ReDoS) in huggingface/transformersEPSS 0.5%CVE-2026-4372HIGHArbitrary Remote Code Execution via `_attn_implementation_internal` Config Injection in huggingface/transformersEPSS 0.5%CVE-2025-6921MEDIUMRegular Expression Denial of Service (ReDoS) in huggingface/transformersEPSS 0.5%CVE-2025-3933MEDIUMRegular Expression Denial of Service (ReDoS) in huggingface/transformersEPSS 0.4%CVE-2025-3263MEDIUMRegular Expression Denial of Service (ReDoS) in huggingface/transformersEPSS 0.4%CVE-2025-3264MEDIUMRegular Expression Denial of Service (ReDoS) in huggingface/transformersEPSS 0.4%CVE-2026-5241HIGHPolicy Bypass in LightGlue Nested Config Resolution in huggingface/transformersEPSS 0.4%CVE-2025-3262MEDIUMRegular Expression Denial of Service (ReDoS) in huggingface/transformersEPSS 0.4%CVE-2025-1194MEDIUMRegular Expression Denial of Service (ReDoS) in huggingface/transformersEPSS 0.4%CVE-2026-2654MEDIUMhuggingface smolagents LocalPythonExecutor requests.post server-side request forgeryEPSS 0.4%