Vulnerabilities in Linked Code

Vulnerability Summary

The model luciolrv/sd-class-butterflies-32 is associated with a code repository https://github.com/huggingface/diffusion-models-class for which 3 CWEs (including 0 high severity vulnerabilities) were identified. The weaknesses and vulnerabilities listed here are for informational purposes about the model supply chain and may not be explicit in the model itself.

The model associated with luciolrv/sd-class-butterflies-32 has been found to have 1 Common Weakness Enumeration (CWE), including 0 high severity vulnerabilities.

The identified weakness is CWE-676: Use of Potentially Dangerous Function. This weakness highlights that the product invokes a potentially dangerous function that could introduce a vulnerability if used incorrectly, but can also be used safely.

For more information, visit CWE-676.

The GitHub repository is linked in the huggingface README.md.

The vulnerabilities were discovered using Semgrep and Bandit.

URL: https://huggingface.co/luciolrv/sd-class-butterflies-32

PURL: pkg:huggingface/luciolrv/sd-class-butterflies-32@b6bd078895fa85dc7641fc0e227e80c769c6395d

SHA: b6bd078895fa85dc7641fc0e227e80c769c6395d

Author: luciolrv

Tags: ['diffusers', 'pytorch', 'unconditional-image-generation', 'diffusion-models-class', 'license:mit', 'diffusers:DDPMPipeline', 'region:us']

Downloads: 5

Likes: 0

GitHub Link: https://github.com/huggingface/diffusion-models-class

Low Severity Weaknesses: 3

Medium Severity Weaknesses: 0

High Severity Weaknesses: 0

Total Weaknesses Identified: 3

Common Weaknesses Enumerations (CWEs) Identified: