VYPR

Lightrag

by Hkuds

Source repositories

CVEs (2)

  • CVE-2025-6773MedJun 27, 2025
    risk 0.27cvss 5.3epss 0.00

    A vulnerability was found in HKUDS LightRAG up to 1.3.8. It has been declared as critical. Affected by this vulnerability is the function upload_to_input_dir of the file lightrag/api/routers/document_routes.py of the component File Upload. The manipulation of the argument…

  • CVE-2026-39413MedApr 8, 2026
    risk 0.20cvss 4.2epss 0.00

    LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.4.14, the LightRAG API is vulnerable to a JWT algorithm confusion attack where an attacker can forge tokens by specifying 'alg': 'none' in the JWT header. Since the jwt.decode() call does not explicitly…