Skip to content

[GHSA-29pf-2h5f-8g72] Enrich CVE-2026-4372 - HuggingFace Transformers RCE#7853

Merged
advisory-database[bot] merged 1 commit into
aaronmaxlevy/advisory-improvement-7853from
aaronmaxlevy-GHSA-29pf-2h5f-8g72
Jul 1, 2026
Merged

[GHSA-29pf-2h5f-8g72] Enrich CVE-2026-4372 - HuggingFace Transformers RCE#7853
advisory-database[bot] merged 1 commit into
aaronmaxlevy/advisory-improvement-7853from
aaronmaxlevy-GHSA-29pf-2h5f-8g72

Conversation

@aaronmaxlevy

Copy link
Copy Markdown

Updates

  • Affected products
  • Summary

Comments
This GHSA is missing an association with the vulnerable package, and as a result isn't being detected by Dependabot.

@github-actions github-actions Bot changed the base branch from main to aaronmaxlevy/advisory-improvement-7853 May 29, 2026 19:36
@aaronmaxlevy aaronmaxlevy changed the title [GHSA-29pf-2h5f-8g72] A critical remote code execution vulnerability exists in... [GHSA-29pf-2h5f-8g72] Enrich CVE-2026-4372 - HuggingFace Transformers RCE Jun 3, 2026
@advisory-database advisory-database Bot merged commit ad203d7 into aaronmaxlevy/advisory-improvement-7853 Jul 1, 2026
4 checks passed
@advisory-database

Copy link
Copy Markdown
Contributor

Hi @aaronmaxlevy! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future!

@advisory-database advisory-database Bot deleted the aaronmaxlevy-GHSA-29pf-2h5f-8g72 branch July 1, 2026 18:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant