GHSA-7753-XRFW-CH36 LlamaIndex affected by a Denial of Service (DOS) in JSONReader

A denial of service vulnerability exists in the JSONReader component of the run-llama/llamaindex repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth...

Linux Distros Unpatched Vulnerability : CVE-2019-13103

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitel...

CVE-2025-57809

XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.21, XGrammar has an infinite recursion issue in the grammar. This issue has been resolved in version 0.1.21...

Uncontrolled Recursion

Overview xgrammar is an Efficient, Flexible and Portable Structured Generation Affected versions of this package are vulnerable to Uncontrolled Recursion via user supplied grammars involving left recursion. Details Denial of Service DoS describes a family of attacks, all aimed at making a system...

CVE-2025-57809 XGrammar affected by Denial of Service by infinite recursion grammars

XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.21, XGrammar has an infinite recursion issue in the grammar. This issue has been resolved in version 0.1.21...

CVE-2025-57809 XGrammar affected by Denial of Service by infinite recursion grammars

XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.21, XGrammar has an infinite recursion issue in the grammar. This issue has been resolved in version 0.1.21...

CVE-2025-57809 XGrammar affected by Denial of Service by infinite recursion grammars

XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.21, XGrammar has an infinite recursion issue in the grammar. This issue has been resolved in version 0.1.21...

CVE-2025-57809

CVE-2025-57809 affects XGrammar. Prior to 0.1.21, there is an infinite recursion issue in the grammar; this is resolved in version 0.1.21. CVSSv3.1 base score 7.5 (HIGH) with availability impact; CVSS4 base score 8.7 (HIGH) with high availability impact. Remediation: upgrade XGrammar to 0.1.21 or...

XGrammar affected by Denial of Service by infinite recursion grammars

Summary This issue: http://github.com/mlc-ai/xgrammar/issues/250 should have it's own security advisory. Since several tools accept and pass user supplied grammars to xgrammar, and it is so easy to trigger it seems like a High...

GHSA-5CMR-4PX5-23PC XGrammar affected by Denial of Service by infinite recursion grammars

Summary This issue: http://github.com/mlc-ai/xgrammar/issues/250 should have it's own security advisory. Since several tools accept and pass user supplied grammars to xgrammar, and it is so easy to trigger it seems like a High...

Uncontrolled Recursion

Overview llama-index-core is an Interface between LLMs and your data Affected versions of this package are vulnerable to Uncontrolled Recursion via the JSONReader component. An attacker can cause excessive resource consumption and crash the process by submitting deeply nested JSON files...

CVE-2025-5302

A denial of service vulnerability exists in the JSONReader component of the run-llama/llamaindex repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth...

CVE-2025-5302

A denial of service vulnerability exists in the JSONReader component of the run-llama/llamaindex repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth...

CVE-2025-5302

The CVE-2025-5302 affects the JSONReader in run-llama/llama_index v0.12.37, where unconstrained recursion on deeply nested JSON can exhaust Python recursion depth, causing high CPU/memory use and potential DoS. The issue is resolved in v0.12.38. Remediation: upgrade llama_index to 0.12.38 or late...

CVE-2025-5302 Denial of Service (DOS) in JSONReader in run-llama/llama_index

A denial of service vulnerability exists in the JSONReader component of the run-llama/llamaindex repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth...

XGrammar 安全漏洞

XGrammar is a fast, flexible and portable structured generation tool from mlc-ai open source. A security vulnerability exists in XGrammar versions prior to 0.1.21, which stems from an infinite recursion problem in the syntax...

PT-2025-34711 · Xgrammar · Xgrammar

Name of the Vulnerable Software and Affected Versions: XGrammar versions prior to 0.1.21 Description: XGrammar, an open-source library for structured generation, contains an infinite recursion issue within its grammar. This issue was addressed in version 0.1.21. Recommendations: Update to version...

Linux Distros Unpatched Vulnerability : CVE-2019-9192

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the GNU C Library aka glibc or libc6 through 2.29, checkdstlimitscalcpos1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '|\1\1' in grep, ...

PT-2025-34665 · Run Llama · Llama Index

Name of the Vulnerable Software and Affected Versions: run-llama/llama index versions prior to 0.12.38 Description: A denial of service issue exists in the JSONReader component. The issue is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting i...

Linux Distros Unpatched Vulnerability : CVE-2022-28201

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite...