Vulnerabilities in Linked Code
Vulnerability Info
Description
Vulnerability Summary
The model luciolrv/sd-class-butterflies-32 is associated with a code repository https://github.com/huggingface/diffusion-models-class for which 3 CWEs (including 0 high severity vulnerabilities) were identified. The weaknesses and vulnerabilities listed here are for informational purposes about the model supply chain and may not be explicit in the model itself.
The model associated with luciolrv/sd-class-butterflies-32 has been found to have 1 Common Weakness Enumeration (CWE), including 0 high severity vulnerabilities.
The identified weakness is CWE-676: Use of Potentially Dangerous Function. This weakness highlights that the product invokes a potentially dangerous function that could introduce a vulnerability if used incorrectly, but can also be used safely.
For more information, visit CWE-676.
The GitHub repository is linked in the huggingface README.md.
The vulnerabilities were discovered using Semgrep and Bandit.
URL: https://huggingface.co/luciolrv/sd-class-butterflies-32
PURL: pkg:huggingface/luciolrv/sd-class-butterflies-32@b6bd078895fa85dc7641fc0e227e80c769c6395d
SHA: b6bd078895fa85dc7641fc0e227e80c769c6395d
Author: luciolrv
Tags: ['diffusers', 'pytorch', 'unconditional-image-generation', 'diffusion-models-class', 'license:mit', 'diffusers:DDPMPipeline', 'region:us']
Downloads: 5
Likes: 0
GitHub Link: https://github.com/huggingface/diffusion-models-class
Low Severity Weaknesses: 3
Medium Severity Weaknesses: 0
High Severity Weaknesses: 0
Total Weaknesses Identified: 3
Common Weaknesses Enumerations (CWEs) Identified:
| CWE | Description | URL |
|---|---|---|
| CWE - 676 : Use of Potentially Dangerous Function | The product invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely. | 676 |