Every CVE whose affected-product data names Huggingface Lerobot, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (1)
CVE-2026-25874 — CVSS 9.8 (critical): LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads() is used to…