Skip to main content

Transformers CVE-2023-2800

MEDIUM
Insecure Temporary File (CWE-377)
2023-05-18 security@huntr.dev
4.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.7 MEDIUM
AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
May 18, 2023 - 17:15 nvd
MEDIUM 4.7

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 12 pypi packages depend on transformers (12 direct, 0 indirect)

Ecosystem-wide dependent count for version 4.30.0.

DescriptionNVD

Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0.

AnalysisAI

Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0. Rated medium severity (CVSS 4.7). Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-377. Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0. Affected products include: Huggingface Transformers. Version information: prior to 4.30.0..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2024-3568 CRITICAL POC
9.6 Apr 10

The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data

CVE-2023-6730 HIGH POC
8.8 Dec 19

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36. Rated high severity (CVSS

CVE-2023-7018 HIGH POC
7.8 Dec 20

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36. Rated high severity (CVSS

CVE-2025-3262 HIGH POC
7.5 Jul 07

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the huggingface/transformers repository,

CVE-2025-1194 MEDIUM POC
6.5 Apr 29

A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, spe

CVE-2026-5241 CRITICAL
9.6 Jun 03

Remote code execution in Hugging Face Transformers 5.2.0 allows a malicious model repository to bypass the user's explic

CVE-2025-3264 MEDIUM POC
5.3 Jul 07

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, sp

CVE-2025-3263 MEDIUM POC
5.3 Jul 07

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, sp

CVE-2025-6051 MEDIUM POC
5.3 Sep 14

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, sp

CVE-2025-3933 MEDIUM POC
5.3 Jul 11

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, sp

CVE-2024-11394 HIGH
8.8 Nov 22

Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. Rated high s

CVE-2024-11393 HIGH
8.8 Nov 22

Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. Rated

Share

CVE-2023-2800 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy