Tag

#deserialization

3 posts tagged deserialization.

Vulnerability Tracking

Hugging Face Transformers & Hub: Supply-Chain Risks and Real Advisories

The Hugging Face ecosystem is the npm of machine learning — and it carries the same supply-chain exposure. A tour of verified Transformers CVEs and what they reveal about trusting models, configs, and the tooling meant to protect you.
May 22, 2026
Vulnerability Tracking

PyTorch Security: Notable CVEs and How to Harden Your Loading Path

PyTorch's most consequential CVEs cluster around one thing — loading a model file that runs code. A walk through the verified entries, what each actually requires to exploit, and the hardening that holds.
May 22, 2026
Vulnerability Tracking

Unsafe Model Deserialization: The Pickle Problem Behind ML CVEs

Loading a model file can execute arbitrary code. This is the single most repeated vulnerability class in the ML supply chain — the real CVEs, why the fixes keep arriving late, and what actually mitigates it.
May 8, 2026