lightrag-hku

PyPI2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting lightrag-hkupage 1 of 1

CVE-2025-6773MEDIUMCVSS 5.3EG 5.3✓ Fixed in 1.3.8
2025-06-27
vulnerable: 0.0.2 ... 1.3.7 (36 versions)
A vulnerability was found in HKUDS LightRAG up to 1.3.8. It has been declared as critical. Affected by this vulnerability is the function upload_to_input_dir of the file lightrag/api/routers/document_routes.py of the component File Upload.…
CVE-2026-39413MEDIUMCVSS 4.2EG 4.2✓ Fixed in 1.4.14
2026-04-08
vulnerable: 0.0.2 ... 1.4.9rc4 (77 versions)
LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.4.14, the LightRAG API is vulnerable to a JWT algorithm confusion attack where an attacker can forge tokens by specifying 'alg': 'none' in the JWT header. Since t…

Check whether lightrag-hku is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for lightrag-hku CVEs against the assets you own.

Start Free Scan →