XGrammar 安全漏洞

XGrammar is a fast, flexible and portable structured generation tool from mlc-ai open source. A security vulnerability exists in xgrammar version 0.1.23, which stems from the syntax optimizer being inefficient when processing large grammars, and could lead to a denial of service attack...

xgrammar vulnerable to denial of service by huge enum grammar

Summary Provided grammar, would fit in a context window of most of the models, but takes minutes to process in 0.1.23. In testing with 0.1.16 the parser worked fine so this seems to be a regression caused by Earley parser. Details Full reproducer provider in the POC section. The resulting grammar...

agentics-py (>=0.0.0 <=0.0.5), caption-flow (>=0.1.0 <=0.4.2) +9 more potentially affected by CVE-2025-58446 via xgrammar (=0.1.23)

xgrammar PYPI version =0.1.23 is affected by a known vulnerability. The following packages have a transitive dependency on xgrammar and may be impacted: - agentics-py =0.0.0, =0.1.0, =1.0.1rc1, =0.0.4, =1.0.0, =0.1.1, =0.2.0, =0.9.2.post1, =0.10.0 Source cves: CVE-2025-58446 Source advisory:...

PT-2024-28848 · Doccano · Doccano

Name of the Vulnerable Software and Affected Versions: Doccano Open source annotation tools for machine learning practitioners version 1.8.4 Doccano Auto Labeling Pipeline module to annotate a document automatically version 0.1.23 Description: The issue allows a remote attacker to escalate...

PT-2024-28849 · Unknown +1 · Doccano Auto Labeling Pipeline +1

Name of the Vulnerable Software and Affected Versions: Doccano Open source annotation tools for machine learning practitioners version 1.8.4 Doccano Auto Labeling Pipeline module version 0.1.23 Description: An issue in the affected software allows a remote attacker to escalate privileges via a...