Popular Python Libraries Used in Hugging Face Models (www.theregister.com)

Recent security vulnerabilities have been discovered in three popular Python libraries—NeMo, Uni2TS, and FlexTok—that are widely used in Hugging Face models. These vulnerabilities allow remote code execution (RCE) through poisoned metadata, where malicious code can be embedded within model files and executed automatically when loaded. The issues stem from the libraries’ use of the hydra.utils.instantiate() function, which lacked proper metadata sanitization, leaving a significant attack surface open for exploitation. This revelation is crucial for the AI/ML community, especially given that library integrations significantly impact model safety and reliability. Hugging Face hosts over 100 Python libraries, nearly 50 of which use the vulnerable Hydra library. The vulnerabilities were identified by Palo Alto Networks' Unit 42, prompting swift action from the libraries' maintainers who have issued fixes and security advisories. While no evidence of in-the-wild attacks has been reported, the potential for harm underscores the importance of rigorous security practices in AI/ML development, particularly as more developers utilize and modify existing models without sufficient oversight.