Hugging Face

Security Scorecard

Score

90B

Total CVEs

6

Patch Rate

83%

5 patched

Avg Response

-

days to patch

Critical Gaps

0

exploitable, no detection

Severity Breakdown

Critical0

High5

Medium1

Low0

Patch Status

Patched5 (83%)

Partial/Workaround0 (0%)

Unpatched1 (17%)

CVEs (11)

CVE ID	Title	Severity	Score	Days	Patch
CVE-2025-14929	X-CLIP Checkpoint Conversion Vulnerability	High	7.8	29d	Unpatched
CVE-2025-14928	HuBERT Code Injection Vulnerability	High	7.8	-	Patched
CVE-2025-14920	Hugging Face Transformers Perceiver Model Deserialization of Untrusted Data Remote Code Execution Vulnerability	High	7.8	-	Patched
CVE-2025-14921	Transformer-XL Model Deserialization Vulnerability	High	7.8	-	Patched
CVE-2025-14930	Hugging Face Transformers GLM4 Remote Code Execution Vulnerability	High	7.8	-	Patched
CVE-2025-11844	-	Medium	5.4	-	Patched
CVE-2025-14924	-	N/A	-	0d	Unpatched
CVE-2025-14925	-	N/A	-	0d	Unpatched
CVE-2025-14926	-	N/A	-	0d	Unpatched
CVE-2025-14927	-	N/A	-	0d	Unpatched