GHSA-hqmj-h5c6-369m: ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack
highvulnerability
security
Summary
ONNX's onnx.hub.load() function has a security flaw where the silent=True parameter completely disables warnings and user confirmations when loading models from untrusted repositories (sources not officially verified). This means an attacker could trick an application into silently downloading and running malicious models from their own GitHub repository without the user knowing, potentially allowing theft of sensitive files like SSH keys or cloud credentials.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Disclosure Date
March 16, 2026
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
integrityconfidentiality
Taxonomy References
MITRE ATLAS (AI/ML Threat Technique)
Affected Vendors
HuggingFace
Affected Packages
onnx@<= 1.20.1
Related Issues
Original source: https://github.com/advisories/GHSA-hqmj-h5c6-369m
First tracked: March 16, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 92%