Lucene search
K

42 matches found

Fedora
Fedora
added 2026/03/29 12:51 a.m.8 views

[SECURITY] Fedora 43 Update: python-ply-3.11-33.fc43

PLY is a straightforward lex/yacc implementation. Here is a list of its essential features: It is implemented entirely in Python. It uses LR-parsing which is reasonably efficient and well suited for larger grammars. PLY provides most of the standard lex/yacc features including support for empty...

9.8CVSS7.3AI score0.16903EPSS
Exploits3
Fedora
Fedora
added 2026/03/29 12:18 a.m.5 views

[SECURITY] Fedora 44 Update: python-ply-3.11-33.fc44

PLY is a straightforward lex/yacc implementation. Here is a list of its essential features: It is implemented entirely in Python. It uses LR-parsing which is reasonably efficient and well suited for larger grammars. PLY provides most of the standard lex/yacc features including support for empty...

9.8CVSS7.3AI score0.16903EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2026/01/09 10:57 a.m.4 views

CVE-2022-38884

The d8s-grammars for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...

9.8CVSS6.9AI score0.01238EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-27083

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00495EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-0377

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.01012EPSS
Exploits0References3
Veracode
Veracode
added 2025/09/19 3:3 p.m.5 views

Improper Input Validation

xgrammar is vulnerable to improper input validation. The vulnerability is due to the lack of validation on user-supplied grammars, which allows an attacker to easily trigger the flaw and potentially exploit affected tools that pass untrusted grammars to xgrammar...

8.7CVSS7AI score0.00436EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/09/08 7:14 p.m.11 views

CVE-2025-58446

xgrammar is an open-source library for efficient, flexible, and portable structured generation. A grammar optimizer introduced in 0.1.23 processes large grammars 100k characters at very low rates, and can be used for DOS of model providers. This issue is fixed in version 0.1.24. Mitigation Upgrad...

7.5CVSS6.5AI score0.00495EPSS
Exploits1References5
NVD
NVD
added 2025/09/06 7:15 p.m.8 views

CVE-2025-58446

xgrammar is an open-source library for efficient, flexible, and portable structured generation. A grammar optimizer introduced in 0.1.23 processes large grammars 100k characters at very low rates, and can be used for DOS of model providers. This issue is fixed in version 0.1.24...

7.5CVSS0.00495EPSS
Exploits1References2
CVE
CVE
added 2025/09/06 7:6 p.m.27 views

CVE-2025-58446

The CVE-2025-58446 entry concerns xgrammar, an open-source library for structured generation. The root cause is a grammar optimizer introduced in 0.1.23 that processes very large grammars (>100k characters) with very low throughput, enabling denial-of-service against model providers. A fix is ...

7.5CVSS6.3AI score0.00495EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/06 7:6 p.m.1 views

CVE-2025-58446 xgrammar vulnerable to denial of service by huge enum grammar

xgrammar is an open-source library for efficient, flexible, and portable structured generation. A grammar optimizer introduced in 0.1.23 processes large grammars 100k characters at very low rates, and can be used for DOS of model providers. This issue is fixed in version 0.1.24...

6.9CVSS6.3AI score0.00495EPSS
Exploits1References2
OSV
OSV
added 2025/09/06 7:6 p.m.5 views

CVE-2025-58446 xgrammar vulnerable to denial of service by huge enum grammar

xgrammar is an open-source library for efficient, flexible, and portable structured generation. A grammar optimizer introduced in 0.1.23 processes large grammars 100k characters at very low rates, and can be used for DOS of model providers. This issue is fixed in version 0.1.24...

6.9CVSS6.5AI score0.00495EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/09/05 12:0 a.m.4 views

PT-2025-36398

Name of the Vulnerable Software and Affected Versions: xgrammar versions 0.1.23 Description: xgrammar is an open-source library for efficient, flexible, and portable structured generation. A grammar optimizer introduced in version 0.1.23 can be exploited to cause a denial-of-service DOS attack on...

6.9CVSS6.3AI score0.00495EPSS
Exploits1References8
OSV
OSV
added 2025/08/25 8:43 p.m.2 views

GHSA-5CMR-4PX5-23PC XGrammar affected by Denial of Service by infinite recursion grammars

Summary This issue: http://github.com/mlc-ai/xgrammar/issues/250 should have it's own security advisory. Since several tools accept and pass user supplied grammars to xgrammar, and it is so easy to trigger it seems like a High...

8.7CVSS7.2AI score0.00436EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2025/08/25 8:43 p.m.3 views

XGrammar affected by Denial of Service by infinite recursion grammars

Summary This issue: http://github.com/mlc-ai/xgrammar/issues/250 should have it's own security advisory. Since several tools accept and pass user supplied grammars to xgrammar, and it is so easy to trigger it seems like a High...

8.7CVSS6.5AI score0.00436EPSS
Exploits1References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/07/17 12:0 a.m.7 views

The vulnerability of the native code library for analyzing and linearizing PGF grammars lies in its memory management after deallocation. This allows attackers to gain elevated privileges within the system.

The vulnerability of the native code library for analyzing and linearizing PGF grammars is related to the use of memory after deallocation in Decoder.cpp. Exploiting this vulnerability can allow an attacker to gain elevated privileges within the system...

10CVSS7.8AI score0.01908EPSS
Exploits0References7Affected Software2
OSV
OSV
added 2025/04/09 4:15 p.m.5 views

PYSEC-2025-235

XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to 0.1.18, Xgrammar includes a cache for compiled grammars to increase performance with repeated use of the same grammar. This cache is held in memory. Since the cache is unbounded, a system maki...

6.5CVSS5.8AI score0.00434EPSS
Exploits0References3
PyPA
PyPA
added 2025/04/09 4:15 p.m.22 views

PYSEC-2025-235

XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to 0.1.18, Xgrammar includes a cache for compiled grammars to increase performance with repeated use of the same grammar. This cache is held in memory. Since the cache is unbounded, a system maki...

6.5CVSS6.5AI score0.00434EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/04/09 1:8 p.m.2 views

GHSA-389X-67PX-MJG3 xgrammar Vulnerable to Denial of Service (DoS) by abusing unbounded cache in memory

Summary Xgrammar includes a cache for compiled grammars to increase performance with repeated use of the same grammar. This cache is held in memory. Since the cache is unbounded, a system making use of xgrammar can be abused to fill up a host's memory and case a denial of service. For example,...

6.5CVSS5.8AI score0.00434EPSS
Exploits0References6
OSV
OSV
added 2022/11/07 3:15 p.m.4 views

CVE-2022-44049

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-grammars package. The affected version of d8s-htm is 0.1.0...

9.8CVSS6.2AI score0.01012EPSS
Exploits0References3
NVD
NVD
added 2022/11/07 3:15 p.m.20 views

CVE-2022-44049

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-grammars package. The affected version of d8s-htm is 0.1.0...

9.8CVSS0.01012EPSS
Exploits0References3
Rows per page
Query Builder