Package impact
PyPI / diffusers
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44827 | high | 8.8 | 8.8 | 21d ago | Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trust_remote_code=True safeguard when loading pipelines from Hu… | |||
| CVE-2026-44513 | high | 8.8 | 8.8 | 21d ago | Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trust_remote_code bypass in DiffusionPipeline.from_pretrained allows arbitrary remote code execution despite the user p… | |||
| CVE-2026-45804 | high | — | 8.0 | 15d ago | Diffusers: TOCTOU Trust Remote Code Bypass |