Denial Of Service (DoS)

xgrammar is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of multi-level nested syntax, which can trigger a segmentation fault and crash the application...

ado-vllm-performance (>=1.2.2 <=1.3.3), agentclinic (=0.1.0) +73 more potentially affected by CVE-2026-25048 via xgrammar (>=0.1.11 <=0.1.29)

xgrammar PYPI version =0.1.11, =1.2.2, =0.0.0, =2.3.5, =0.8.4, =0.2.2, =0.2.0, =0.1.0, =1.0.1rc1, =0.0.2, =0.1.1, =0.1.1, =0.0.2, =0.1.0 and more Source cves: CVE-2026-25048 Source advisory: OSV:GHSA-7RGV-GQHR-FXG3...

xgrammar vulnerable to DoS via multi-layer nesting

Summary The multi-level nested syntax caused a segmentation fault core dump. Details A trigger stack overflow or memory exhaustion was caused by constructing a malicious grammar rule containing 30,000 layers of nested parentheses. PoC !/usr/bin/env python3 """ XGrammar - Math Expression Generatio...

Denial Of Service (DoS)

xgrammar is vulnerable to Denial Of Service DoS. The vulnerability is due to a regression in the Earley parser, which causes excessive processing time for valid grammar inputs, allowing an attacker to exploit this inefficiency to trigger denial of service through resource exhaustion...

EUVD-2025-10549

Malicious code in bioql PyPI...

xgrammar vulnerable to denial of service by huge enum grammar

Summary Provided grammar, would fit in a context window of most of the models, but takes minutes to process in 0.1.23. In testing with 0.1.16 the parser worked fine so this seems to be a regression caused by Earley parser. Details Full reproducer provider in the POC section. The resulting grammar...

ai-dynamo-vllm (>=0.8.4 <=0.8.4.post4), arbor-ai (>=0.2.2 <=0.2.4) +36 more potentially affected by CVE-2025-57809 via xgrammar (>=0.1.11 <=0.1.19)

xgrammar PYPI version =0.1.11, =0.8.4, =0.2.2, =0.0.2, =0.1.1, =0.1.1, =0.0.2, =1.1.4, =0.1.1, =0.2.0a1, =0.1.2, =0.2.2 - lightrft =0.1.0 - llama-index-postprocessor-rankllm-rerank =0.6.2 and more Source cves: CVE-2025-57809 Source advisory: SNYK:PYTHON-XGRAMMAR-12201487...

ai-dynamo-vllm (>=0.8.4 <=0.8.4.post4), arbor-ai (>=0.2.2 <=0.2.4) +36 more potentially affected by CVE-2025-57809 via xgrammar (>=0.1.11 <=0.1.19)

xgrammar PYPI version =0.1.11, =0.8.4, =0.2.2, =0.0.2, =0.1.1, =0.1.1, =0.0.2, =1.1.4, =0.1.1, =0.2.0a1, =0.1.2, =0.2.2 - lightrft =0.1.0 - llama-index-postprocessor-rankllm-rerank =0.6.2 and more Source cves: CVE-2025-57809 Source advisory: OSV:GHSA-5CMR-4PX5-23PC...

Denial Of Service (DoS)

XGrammar is vulnerable to Denial Of Service DoS. The vulnerability is due to unbounded in-memory caching of compiled grammars, allows an attacker to exhaust system memory due to unbounded in-memory caching of compiled grammars...

GHSA-HF3C-WXG2-49Q9 vLLM vulnerable to Denial of Service by abusing xgrammar cache

Impact This report is to highlight a vulnerability in XGrammar, a library used by the structured output feature in vLLM. The XGrammar advisory is here: https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-389x-67px-mjg3 The xgrammar library is the default backend used by vLLM to support...

CVE-2025-32381

A flaw was found in Xgrammar. This vulnerability allows a denial of service DoS via unbounded memory usage when handling a large number of unique grammar inputs from untrusted sources. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the...

dev-laiser (>=0.0.2 <=0.2.17), dillema (>=0.1.1 <=0.1.6) +15 more potentially affected by CVE-2025-32381 via xgrammar (>=0.1.11 <=0.1.17)

xgrammar PYPI version =0.1.11, =0.0.2, =0.1.1, =0.1.1, =0.0.2, =0.0.7, =1.2.0, =0.1.20, =0.0.2, =0.1.2, =1.2.0, =0.1.0, =0.1.2 and more Source cves: CVE-2025-32381 Source advisory: OSV:PYSEC-2025-235...

CVE-2025-32381 Denial of Service by abusing xgrammar unbounded cache in memory

XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to 0.1.18, Xgrammar includes a cache for compiled grammars to increase performance with repeated use of the same grammar. This cache is held in memory. Since the cache is unbounded, a system maki...

CVE-2025-32381

XGrammar (open-source library for structured generation) has a DoS in-memory cache vulnerability. Before version 0.1.18, an unbounded in-memory cache of compiled grammars can be filled by many unique inputs (e.g., numerous JSON schemas), exhausting host memory and causing denial of service. The i...

CVE-2025-32381 Denial of Service by abusing xgrammar unbounded cache in memory

XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to 0.1.18, Xgrammar includes a cache for compiled grammars to increase performance with repeated use of the same grammar. This cache is held in memory. Since the cache is unbounded, a system maki...

dev-laiser (>=0.0.2 <=0.2.17), dillema (>=0.1.1 <=0.1.6) +15 more potentially affected by CVE-2025-32381 via xgrammar (>=0.1.11 <=0.1.17)

xgrammar PYPI version =0.1.11, =0.0.2, =0.1.1, =0.1.1, =0.0.2, =0.0.7, =1.2.0, =0.1.20, =0.0.2, =0.1.2, =1.2.0, =0.1.0, =0.1.2 and more Source cves: CVE-2025-32381 Source advisory: OSV:GHSA-389X-67PX-MJG3...

PT-2025-15757 · Xgrammar · Xgrammar

Name of the Vulnerable Software and Affected Versions: XGrammar versions prior to 0.1.18 Description: The issue concerns an unbounded cache for compiled grammars in memory, which can be exploited to cause a denial of service by filling up a host's memory. This can occur when a system using XGramm...