What the vulnerability does
01Description
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.
CVE-2023-7018
CRITICAL
CVE-2023-7018: Deserialization of Untrusted Data in huggingface/transformers
CVSS base score
9.6/10
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Key dates
02Disclosure timeline
December 20, 2023
CVE published
August 2, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-26999 WordPress ProfileGrid Plugin <= 5.9.4.3 - PHP Object Injection vulnerability
CVE-2023-49773 WordPress BCorp Shortcodes Plugin <= 0.23 is vulnerable to PHP Object Injection
CVE-2023-6580 D-Link DIR-846 QoS POST deserialization
CVE-2025-59285 Azure Monitor Agent Elevation of Privilege Vulnerability
CVE-2026-45484 Microsoft SharePoint Elevation of Privilege Vulnerability
