Found a CVSS 10.0 bypass in Hugging Face's model scanner. We open-sourced ours (www.promptfoo.dev)

A critical vulnerability (CVSS 10.0) was discovered in Hugging Face's model scanning tools, capable of bypassing existing security measures. While working at Promptfoo, the team developed ModelAudit, a static security scanner for ML model files that analyzes over 42 formats without executing the models. This tool can flag unsafe loading behaviors, known Common Vulnerabilities and Exposures (CVEs), and suspicious artifacts. Recently, ModelAudit was released as an open-source project under the MIT license, significantly enhancing safeguards for AI model usage. The significance of ModelAudit lies in its ability to preemptively identify security risks within machine learning models, which are often treated as inert data during downloads. Traditional scanners have missed critical exploits, leaving users vulnerable when using models from public registries like Hugging Face, where many contain potentially harmful payloads. ModelAudit employs an allowlist approach and runs entirely offline, greatly reducing the risk of false positives. This comprehensive and efficient tool is essential for AppSec and platform teams that interface with model artifacts, as it closes a critical gap in securing ML deployments against malicious code execution during model loading.