Vulnerabilities > Huggingface > Transformers > 4.28.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-05-19 | CVE-2025-2099 | Unspecified vulnerability in Huggingface Transformers A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils` module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service (ReDoS) attack. | 7.5 |
| 2025-05-19 | CVE-2025-4929 | Injection vulnerability in Huggingface Transformers A vulnerability was found in Campcodes Online Shopping Portal 1.0. | 9.8 |
| 2024-11-22 | CVE-2024-11392 | Deserialization of Untrusted Data vulnerability in Huggingface Transformers Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. | 8.8 |
| 2024-11-22 | CVE-2024-11393 | Deserialization of Untrusted Data vulnerability in Huggingface Transformers Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. | 8.8 |
| 2024-11-22 | CVE-2024-11394 | Deserialization of Untrusted Data vulnerability in Huggingface Transformers Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. | 8.8 |
| 2023-12-20 | CVE-2023-7018 | Unspecified vulnerability in Huggingface Transformers Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36. | 7.8 |
| 2023-12-19 | CVE-2023-6730 | Unspecified vulnerability in Huggingface Transformers Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36. | 8.8 |
| 2023-05-18 | CVE-2023-2800 | Unspecified vulnerability in Huggingface Transformers Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0. | 4.7 |