Huggingface Security Vulnerabilities (CVEs)
Track 12 security vulnerabilities affecting Huggingface products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in huggingface smolagents 1.24.0. Attackers can exploit the LocalPythonExecutor ...
Feb 18, 2026Hugging Face Smolagents version 1.20.0 contains an XPath injection vulnerability in the search_item_ctrl_f function that allows attackers to inject ma...
Oct 22, 2025This CVE describes a Regular Expression Denial of Service (ReDoS) vulnerability in the huggingface/transformers library's AdamWeightDecay optimizer. A...
Sep 23, 2025A Regular Expression Denial of Service (ReDoS) vulnerability in Hugging Face Transformers allows attackers to cause excessive CPU consumption by provi...
Aug 6, 2025This CVE describes a critical sandbox escape vulnerability in huggingface/smolagents version 1.14.0 that allows attackers to bypass execution restrict...
Jul 27, 2025A Regular Expression Denial of Service (ReDoS) vulnerability in huggingface/transformers allows attackers to degrade application performance or cause ...
Jul 7, 2025A Regular Expression Denial of Service (ReDoS) vulnerability in Hugging Face Transformers library allows attackers to cause excessive CPU consumption ...
Jul 7, 2025A Regular Expression Denial of Service (ReDoS) vulnerability exists in the huggingface/transformers library's tokenization_nougat_fast.py file. The po...
Mar 20, 2025This vulnerability allows remote attackers to execute arbitrary code by tricking users into loading malicious model files in Hugging Face Transformers...
Nov 22, 2024This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of Hugging Face Transformers with MobileVi...
Nov 22, 2024The huggingface/transformers library contains a critical vulnerability allowing arbitrary code execution through malicious serialized checkpoints. Att...
Apr 10, 2024This vulnerability in the Hugging Face Transformers library allows remote code execution through unsafe deserialization of untrusted data. Attackers c...
Dec 19, 2023Why Monitor Huggingface Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 12+ known vulnerabilities affecting Huggingface products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Huggingface packages in under 60 seconds. No agents required - completely agentless scanning that works across Huggingface deployments.
Free vulnerability database: Access detailed information about every Huggingface CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Huggingface CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
