GHSA-5cmr-4px5-23pc

Source

https://github.com/advisories/GHSA-5cmr-4px5-23pc

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/08/GHSA-5cmr-4px5-23pc/GHSA-5cmr-4px5-23pc.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-5cmr-4px5-23pc

Aliases

CVE-2025-57809

Published

2025-08-25T20:43:45Z

Modified

2025-08-26T17:58:16.912224Z

Severity

7.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P CVSS Calculator

Summary

XGrammar affected by Denial of Service by infinite recursion grammars

Details

Summary

This issue: http://github.com/mlc-ai/xgrammar/issues/250 should have it's own security advisory. Since several tools accept and pass user supplied grammars to xgrammar, and it is so easy to trigger it seems like a High.

Database specific

{
    "cwe_ids": [
        "CWE-674"
    ],
    "nvd_published_at": "2025-08-25T22:15:33Z",
    "github_reviewed": true,
    "github_reviewed_at": "2025-08-25T20:43:45Z",
    "severity": "HIGH"
}

References

Affected packages

PyPI / xgrammar

Package

Name: xgrammar; View open source insights on deps.dev
Purl: pkg:pypi/xgrammar

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.1.21

Affected versions

0.*

0.1.0

0.1.1

0.1.2

0.1.3

0.1.4rc2

0.1.4

0.1.5rc1

0.1.5

0.1.6

0.1.7

0.1.8

0.1.9

0.1.10

0.1.11

0.1.12

0.1.13

0.1.14

0.1.15

0.1.16

0.1.17

0.1.18

0.1.19

0.1.20