[SECURITY] Fedora 43 Update: python-ply-3.11-33.fc43

PLY is a straightforward lex/yacc implementation. Here is a list of its essential features: It is implemented entirely in Python. It uses LR-parsing which is reasonably efficient and well suited for larger grammars. PLY provides most of the standard lex/yacc features including support for empty...

[SECURITY] Fedora 44 Update: python-ply-3.11-33.fc44

PLY is a straightforward lex/yacc implementation. Here is a list of its essential features: It is implemented entirely in Python. It uses LR-parsing which is reasonably efficient and well suited for larger grammars. PLY provides most of the standard lex/yacc features including support for empty...

CVE-2022-38884

The d8s-grammars for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...

EUVD-2025-27083

Malicious code in bioql PyPI...

EUVD-2022-0377

Malicious code in bioql PyPI...

Improper Input Validation

xgrammar is vulnerable to improper input validation. The vulnerability is due to the lack of validation on user-supplied grammars, which allows an attacker to easily trigger the flaw and potentially exploit affected tools that pass untrusted grammars to xgrammar...

CVE-2025-58446

xgrammar is an open-source library for efficient, flexible, and portable structured generation. A grammar optimizer introduced in 0.1.23 processes large grammars 100k characters at very low rates, and can be used for DOS of model providers. This issue is fixed in version 0.1.24. Mitigation Upgrad...

CVE-2025-58446

xgrammar is an open-source library for efficient, flexible, and portable structured generation. A grammar optimizer introduced in 0.1.23 processes large grammars 100k characters at very low rates, and can be used for DOS of model providers. This issue is fixed in version 0.1.24...

CVE-2025-58446 xgrammar vulnerable to denial of service by huge enum grammar

xgrammar is an open-source library for efficient, flexible, and portable structured generation. A grammar optimizer introduced in 0.1.23 processes large grammars 100k characters at very low rates, and can be used for DOS of model providers. This issue is fixed in version 0.1.24...

CVE-2025-58446 xgrammar vulnerable to denial of service by huge enum grammar

xgrammar is an open-source library for efficient, flexible, and portable structured generation. A grammar optimizer introduced in 0.1.23 processes large grammars 100k characters at very low rates, and can be used for DOS of model providers. This issue is fixed in version 0.1.24...

CVE-2025-58446

The CVE-2025-58446 entry concerns xgrammar, an open-source library for structured generation. The root cause is a grammar optimizer introduced in 0.1.23 that processes very large grammars (>100k characters) with very low throughput, enabling denial-of-service against model providers. A fix is ...

PT-2025-36398

Name of the Vulnerable Software and Affected Versions: xgrammar versions 0.1.23 Description: xgrammar is an open-source library for efficient, flexible, and portable structured generation. A grammar optimizer introduced in version 0.1.23 can be exploited to cause a denial-of-service DOS attack on...

XGrammar affected by Denial of Service by infinite recursion grammars

Summary This issue: http://github.com/mlc-ai/xgrammar/issues/250 should have it's own security advisory. Since several tools accept and pass user supplied grammars to xgrammar, and it is so easy to trigger it seems like a High...

GHSA-5CMR-4PX5-23PC XGrammar affected by Denial of Service by infinite recursion grammars

Summary This issue: http://github.com/mlc-ai/xgrammar/issues/250 should have it's own security advisory. Since several tools accept and pass user supplied grammars to xgrammar, and it is so easy to trigger it seems like a High...

PYSEC-2025-235

XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to 0.1.18, Xgrammar includes a cache for compiled grammars to increase performance with repeated use of the same grammar. This cache is held in memory. Since the cache is unbounded, a system maki...

PYSEC-2025-235

XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to 0.1.18, Xgrammar includes a cache for compiled grammars to increase performance with repeated use of the same grammar. This cache is held in memory. Since the cache is unbounded, a system maki...

GHSA-389X-67PX-MJG3 xgrammar Vulnerable to Denial of Service (DoS) by abusing unbounded cache in memory

Summary Xgrammar includes a cache for compiled grammars to increase performance with repeated use of the same grammar. This cache is held in memory. Since the cache is unbounded, a system making use of xgrammar can be abused to fill up a host's memory and case a denial of service. For example,...

CVE-2022-44049

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-grammars package. The affected version of d8s-htm is 0.1.0...

CVE-2022-44049

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-grammars package. The affected version of d8s-htm is 0.1.0...

Malicious Package

Overview democritus-grammars is a malicious package. This package is used for dependency confusion attempts and contains malicious code. The package now exists as a placeholder on PyPI. Remediation Avoid using all malicious instances of the democritus-grammars package. References - GitHub Issue...