PyPI package
xgrammar
pkg:pypi/xgrammar
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-25048 | — | < 0.1.32 | 0.1.32 | Mar 5, 2026 | xgrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.32, the multi-level nested syntax caused a segmentation fault (core dumped). This issue has been patched in version 0.1.32. | ||
| CVE-2025-58446 | — | >= 0.1.23, < 0.1.24 | 0.1.24 | Sep 6, 2025 | xgrammar is an open-source library for efficient, flexible, and portable structured generation. A grammar optimizer introduced in 0.1.23 processes large grammars (>100k characters) at very low rates, and can be used for DOS of model providers. This issue is fixed in version 0.1.2 | ||
| CVE-2025-57809 | — | < 0.1.21 | 0.1.21 | Aug 25, 2025 | XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.21, XGrammar has an infinite recursion issue in the grammar. This issue has been resolved in version 0.1.21. | ||
| CVE-2025-32381 | Med | 6.5 | < 0.1.18 | 0.1.18 | Apr 9, 2025 | XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to 0.1.18, Xgrammar includes a cache for compiled grammars to increase performance with repeated use of the same grammar. This cache is held in memory. Since the cache is unbound |
- CVE-2026-25048Mar 5, 2026affected < 0.1.32fixed 0.1.32
xgrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.32, the multi-level nested syntax caused a segmentation fault (core dumped). This issue has been patched in version 0.1.32.
- CVE-2025-58446Sep 6, 2025affected >= 0.1.23, < 0.1.24fixed 0.1.24
xgrammar is an open-source library for efficient, flexible, and portable structured generation. A grammar optimizer introduced in 0.1.23 processes large grammars (>100k characters) at very low rates, and can be used for DOS of model providers. This issue is fixed in version 0.1.2
- CVE-2025-57809Aug 25, 2025affected < 0.1.21fixed 0.1.21
XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.21, XGrammar has an infinite recursion issue in the grammar. This issue has been resolved in version 0.1.21.
- affected < 0.1.18fixed 0.1.18
XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to 0.1.18, Xgrammar includes a cache for compiled grammars to increase performance with repeated use of the same grammar. This cache is held in memory. Since the cache is unbound