← signals
2026-07-15·HUGGINGFACE·security risk
meddown

On July 7, 2026, the Open Source Vulnerabilities (OSV) database published twelve (12) new advisories affecting Hugging...

On July 7, 2026, the Open Source Vulnerabilities (OSV) database published twelve (12) new advisories affecting Hugging Face's transformers library.

window 15devidence 88confidence score 100

confidence score

Strong evidence: 3 independent source classes support this read.

100
medium confidence3 independent source classesotherpasses publish gate

signal brief

On July 7, 2026, the Open Source Vulnerabilities (OSV) database published twelve (12) new advisories affecting Hugging Face's transformers library. The majority are Regular Expression Denial of Service (ReDoS) vulnerabilities in components such as DonutProcessor, SETTING_RE, AdamWeightDecay optimizer, MarianTokenizer, get_imports(), get_configuration_file, and others (CVE-2025-3933, CVE-2025-3262, CVE-2025-6921, CVE-2025-6638, CVE-2025-5197, CVE-2025-1194, CVE-2025-3264, CVE-2025-3777, CVE-2025-3263, CVE-2025-6051, CVE-2024-3568, CVE-2024-12720). Additionally, one advisory describes a username injection vulnerability (CVE-2025-3777) and another a deserialization of untrusted data issue (CVE-2024-3568). The sheer volume of newly published CVEs in a single day indicates a coordinated disclosure or audit. While the transformers library released version 5.13.1 on July 11 (PyPI release), the release notes do not explicitly confirm inclusion of patches for all these vulnerabilities. This concentrated security disclosure poses reputational risk and may erode developer trust, especially in enterprise environments that depend on Hugging Face's ecosystem for production AI workflows. Affected users are advised to audit their usage and apply patches as soon as they become available.

What the sources said:

  • From PYSEC-2026-1977: "Transformers is vulnerable to ReDoS attack through its DonutProcessor class."
  • From PYSEC-2026-1978: "Transformers Deserialization of Untrusted Data vulnerability."
  • From PYSEC-2026-1986: "Transformers's Improper Input Validation vulnerability can be exploited through username injection."
  • PyPI release notes only version bump to 5.13.1 without explicit fix list.

source data used

Decision support, not stock advice. This signal is research with cited evidence — not a recommendation to buy, sell, or hold any security.