Instructions to use exploitintel/cve-cwe-qwen3-32b with libraries, inference providers, notebooks, and local apps. Follow these links to get started.

Libraries

How to use exploitintel/cve-cwe-qwen3-32b with Transformers:

# Use a pipeline as a high-level helper
from transformers import pipeline

pipe = pipeline("text-generation", model="exploitintel/cve-cwe-qwen3-32b")
messages = [
    {"role": "user", "content": "Who are you?"},
]
pipe(messages)

# Load model directly
from transformers import AutoTokenizer, AutoModelForCausalLM

tokenizer = AutoTokenizer.from_pretrained("exploitintel/cve-cwe-qwen3-32b")
model = AutoModelForCausalLM.from_pretrained("exploitintel/cve-cwe-qwen3-32b")
messages = [
    {"role": "user", "content": "Who are you?"},
]
inputs = tokenizer.apply_chat_template(
	messages,
	add_generation_prompt=True,
	tokenize=True,
	return_dict=True,
	return_tensors="pt",
).to(model.device)

outputs = model.generate(**inputs, max_new_tokens=40)
print(tokenizer.decode(outputs[0][inputs["input_ids"].shape[-1]:]))

llama-cpp-python

How to use exploitintel/cve-cwe-qwen3-32b with llama-cpp-python:

# !pip install llama-cpp-python

from llama_cpp import Llama

llm = Llama.from_pretrained(
	repo_id="exploitintel/cve-cwe-qwen3-32b",
	filename="q32-Q4_K_M.gguf",
)

llm.create_chat_completion(
	messages = [
		{
			"role": "user",
			"content": "What is the capital of France?"
		}
	]
)

Inference
Notebooks
Google Colab
Kaggle
Local Apps

llama.cpp

How to use exploitintel/cve-cwe-qwen3-32b with llama.cpp:

Install from brew

brew install llama.cpp
# Start a local OpenAI-compatible server with a web UI:
llama-server -hf exploitintel/cve-cwe-qwen3-32b:Q4_K_M
# Run inference directly in the terminal:
llama-cli -hf exploitintel/cve-cwe-qwen3-32b:Q4_K_M

Install from WinGet (Windows)

winget install llama.cpp
# Start a local OpenAI-compatible server with a web UI:
llama-server -hf exploitintel/cve-cwe-qwen3-32b:Q4_K_M
# Run inference directly in the terminal:
llama-cli -hf exploitintel/cve-cwe-qwen3-32b:Q4_K_M

Use pre-built binary

# Download pre-built binary from:
# https://github.com/ggerganov/llama.cpp/releases
# Start a local OpenAI-compatible server with a web UI:
./llama-server -hf exploitintel/cve-cwe-qwen3-32b:Q4_K_M
# Run inference directly in the terminal:
./llama-cli -hf exploitintel/cve-cwe-qwen3-32b:Q4_K_M

Build from source code

git clone https://github.com/ggerganov/llama.cpp.git
cd llama.cpp
cmake -B build
cmake --build build -j --target llama-server llama-cli
# Start a local OpenAI-compatible server with a web UI:
./build/bin/llama-server -hf exploitintel/cve-cwe-qwen3-32b:Q4_K_M
# Run inference directly in the terminal:
./build/bin/llama-cli -hf exploitintel/cve-cwe-qwen3-32b:Q4_K_M

Use Docker

docker model run hf.co/exploitintel/cve-cwe-qwen3-32b:Q4_K_M

LM Studio
Jan

vLLM

How to use exploitintel/cve-cwe-qwen3-32b with vLLM:

Install from pip and serve model

# Install vLLM from pip:
pip install vllm
# Start the vLLM server:
vllm serve "exploitintel/cve-cwe-qwen3-32b"
# Call the server using curl (OpenAI-compatible API):
curl -X POST "http://localhost:8000/v1/chat/completions" \
	-H "Content-Type: application/json" \
	--data '{
		"model": "exploitintel/cve-cwe-qwen3-32b",
		"messages": [
			{
				"role": "user",
				"content": "What is the capital of France?"
			}
		]
	}'

Use Docker

docker model run hf.co/exploitintel/cve-cwe-qwen3-32b:Q4_K_M

SGLang

How to use exploitintel/cve-cwe-qwen3-32b with SGLang:

Install from pip and serve model

# Install SGLang from pip:
pip install sglang
# Start the SGLang server:
python3 -m sglang.launch_server \
    --model-path "exploitintel/cve-cwe-qwen3-32b" \
    --host 0.0.0.0 \
    --port 30000
# Call the server using curl (OpenAI-compatible API):
curl -X POST "http://localhost:30000/v1/chat/completions" \
	-H "Content-Type: application/json" \
	--data '{
		"model": "exploitintel/cve-cwe-qwen3-32b",
		"messages": [
			{
				"role": "user",
				"content": "What is the capital of France?"
			}
		]
	}'

Use Docker images

docker run --gpus all \
    --shm-size 32g \
    -p 30000:30000 \
    -v ~/.cache/huggingface:/root/.cache/huggingface \
    --env "HF_TOKEN=<secret>" \
    --ipc=host \
    lmsysorg/sglang:latest \
    python3 -m sglang.launch_server \
        --model-path "exploitintel/cve-cwe-qwen3-32b" \
        --host 0.0.0.0 \
        --port 30000
# Call the server using curl (OpenAI-compatible API):
curl -X POST "http://localhost:30000/v1/chat/completions" \
	-H "Content-Type: application/json" \
	--data '{
		"model": "exploitintel/cve-cwe-qwen3-32b",
		"messages": [
			{
				"role": "user",
				"content": "What is the capital of France?"
			}
		]
	}'

Ollama
How to use exploitintel/cve-cwe-qwen3-32b with Ollama:
```
ollama run hf.co/exploitintel/cve-cwe-qwen3-32b:Q4_K_M
```

Unsloth Studio

How to use exploitintel/cve-cwe-qwen3-32b with Unsloth Studio:

Install Unsloth Studio (macOS, Linux, WSL)

curl -fsSL https://unsloth.ai/install.sh | sh
# Run unsloth studio
unsloth studio -H 0.0.0.0 -p 8888
# Then open http://localhost:8888 in your browser
# Search for exploitintel/cve-cwe-qwen3-32b to start chatting

Install Unsloth Studio (Windows)

irm https://unsloth.ai/install.ps1 | iex
# Run unsloth studio
unsloth studio -H 0.0.0.0 -p 8888
# Then open http://localhost:8888 in your browser
# Search for exploitintel/cve-cwe-qwen3-32b to start chatting

Using HuggingFace Spaces for Unsloth

# No setup required
# Open https://huggingface.co/spaces/unsloth/studio in your browser
# Search for exploitintel/cve-cwe-qwen3-32b to start chatting

How to use exploitintel/cve-cwe-qwen3-32b with Pi:

Start the llama.cpp server

# Install llama.cpp:
brew install llama.cpp
# Start a local OpenAI-compatible server:
llama-server -hf exploitintel/cve-cwe-qwen3-32b:Q4_K_M

Configure the model in Pi

# Install Pi:
npm install -g @mariozechner/pi-coding-agent
# Add to ~/.pi/agent/models.json:
{
  "providers": {
    "llama-cpp": {
      "baseUrl": "http://localhost:8080/v1",
      "api": "openai-completions",
      "apiKey": "none",
      "models": [
        {
          "id": "exploitintel/cve-cwe-qwen3-32b:Q4_K_M"
        }
      ]
    }
  }
}

Run Pi

# Start Pi in your project directory:
pi

Hermes Agent new

How to use exploitintel/cve-cwe-qwen3-32b with Hermes Agent:

Start the llama.cpp server

# Install llama.cpp:
brew install llama.cpp
# Start a local OpenAI-compatible server:
llama-server -hf exploitintel/cve-cwe-qwen3-32b:Q4_K_M

Configure Hermes

# Install Hermes:
curl -fsSL https://hermes-agent.nousresearch.com/install.sh | bash
hermes setup
# Point Hermes at the local server:
hermes config set model.provider custom
hermes config set model.base_url http://127.0.0.1:8080/v1
hermes config set model.default exploitintel/cve-cwe-qwen3-32b:Q4_K_M

Run Hermes

hermes

Docker Model Runner
How to use exploitintel/cve-cwe-qwen3-32b with Docker Model Runner:
```
docker model run hf.co/exploitintel/cve-cwe-qwen3-32b:Q4_K_M
```

Lemonade

How to use exploitintel/cve-cwe-qwen3-32b with Lemonade:

Pull the model

# Download Lemonade from https://lemonade-server.ai/
lemonade pull exploitintel/cve-cwe-qwen3-32b:Q4_K_M

Run and chat with the model

lemonade run user.cve-cwe-qwen3-32b-Q4_K_M

List all available models

lemonade list

CVE → CWE Classifier (Qwen3-32B)

A QLoRA fine-tune of Qwen3-32B that maps a free-text CVE description to the CWE weakness ID(s) it corresponds to. The LoRA adapter is merged into the base and released in 16-bit, so it loads directly with transformers. A smaller/faster variant is available at exploitintel/cve-cwe-qwen3-8b.

Trained only on labels where NVD and the CNA agree after roll-up to CWE View-1003 — see the cve-cwe-consensus dataset.

Results (held-out test split, 6,802 rows)

Metric	This model (32B)	8B variant
Exact-match	0.707	0.676
Micro-F1	0.729	0.702
Macro-F1	0.595	0.511

By difficulty (does the description name the weakness, or must it be inferred?):

Stratum	n	Exact-match	Micro-F1
Easy (weakness named)	2,046	0.871	0.893
Hard (must infer)	4,756	0.636	0.657

Both models are scored identically; the 32B's gains are largest on macro-F1 (rare/long-tail CWEs) and the hard inference split.

Reading the numbers:

Macro-F1 is over the union of gold and predicted labels (118 = 117 gold + ~1 the model predicted outside the gold set), so 0.595 is a conservative figure. The low out-of-label count also means the model rarely hallucinates non-existent CWEs.
Exact-match has an inherent ceiling of ~98.3%: ~1.74% of the test set (273 groups / 1,205 rows) are identical descriptions mapped to different CWEs (e.g. a bare "Windows Kernel Elevation of Privilege Vulnerability"), which a description-only model cannot disambiguate.
Scores are on the capped/balanced test split (~30% "easy" rows), so they are not directly comparable to metrics measured on a different (e.g. natural-distribution) split.

Usage

import torch
from transformers import AutoModelForCausalLM, AutoTokenizer

mid = "exploitintel/cve-cwe-qwen3-32b"
tok = AutoTokenizer.from_pretrained(mid)
model = AutoModelForCausalLM.from_pretrained(mid, torch_dtype="auto", device_map="auto")

messages = [
    {"role": "system", "content": "You are a vulnerability analyst. Given a CVE description, "
                                   "reply with only the CWE ID(s) it maps to, comma-separated."},
    {"role": "user", "content": "A SQL injection vulnerability in the login endpoint allows an "
                                "unauthenticated attacker to execute arbitrary SQL via the username parameter."},
]
inputs = tok.apply_chat_template(messages, add_generation_prompt=True, return_tensors="pt").to(model.device)
out = model.generate(inputs, max_new_tokens=32, do_sample=False)
print(tok.decode(out[0][inputs.shape[-1]:], skip_special_tokens=True))
# -> CWE-89

GGUF / Ollama

A Q4_K_M GGUF (~20 GB) is included in this repo for local runners — needs ~24 GB VRAM:

ollama run hf.co/exploitintel/cve-cwe-qwen3-32b:Q4_K_M

Set the same system prompt (/set system You are a vulnerability analyst...) so it returns bare CWE IDs.

Note: This Ollama command has not been verified end-to-end. This is a standard qwen3 model so the embedded template should apply normally — but if ollama run ignores the system prompt and produces rambling text instead of a bare CWE ID, supply an explicit ChatML Modelfile TEMPLATE as shown in the Qwen3.5-4B card.

Training

Base: Qwen/Qwen3-32B (trained 4-bit via unsloth/Qwen3-32B-unsloth-bnb-4bit)
Method: QLoRA (4-bit) with Unsloth, merged to 16-bit · released checkpoint: checkpoint-960 (final; eval loss declined monotonically through training)
Dataset: exploitintel/cve-cwe-consensus — 69,386 rows (55,810 / 6,774 / 6,802), majority CWEs capped at 2,500
Settings: 2 epochs · context 512 · LR 2e-4 · AdamW 8-bit · linear schedule · packing on · train-on-completions-only off · seed 3407
LoRA fine-tune, rank 16 (confirmed); adapter merged into the base. Exact LoRA alpha, batch size, and weight decay were not logged to the repo.

Prompt format

ChatML (Qwen3 standard). Fixed system prompt; the description is the only user input.

system: You are a vulnerability analyst. Given a CVE description, reply with only the CWE ID(s) it maps to, comma-separated.
user: the CVE description
assistant: CWE-79, CWE-80

Limitations

CWEs below the dataset's 50-example floor are not in the label space and won't be predicted.
Outputs CWE IDs as text; validate against the official CWE list.
English-only; descriptions only (no code, CVSS, or references).
A triage/assist aid, not an authoritative CWE assignment — human-review before acting.

License

Apache-2.0 (inherited from Qwen3-32B). Dataset derives from public upstreams (NVD, MITRE CVE/CWE).

Downloads last month: 96

Safetensors

Model size

33B params

Tensor type

BF16

Model tree for exploitintel/cve-cwe-qwen3-32b

Base model

Qwen/Qwen3-32B

Quantized

(157)

this model

exploitintel
/

cve-cwe-qwen3-32b