{"package":"lightrag-hku","ecosystem":"conda","latest_version":"1.0.8","description":"LightRAG: Simple and Fast Retrieval-Augmented Generation","license":"MIT","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://github.com/HKUDS/LightRAG","repository":"","downloads_weekly":126,"health":{"score":52,"risk":"high","breakdown":{"maintenance":25,"popularity":3,"security":16,"maturity":6,"community":2},"deprecated":false,"max_score":100},"vulnerabilities":{"count":3,"critical":0,"high":1,"medium":2,"low":0,"details":[{"vuln_id":"CVE-2026-39413","severity":"medium","summary":"lightrag-hku: JWT Algorithm Confusion Vulnerability ","affected_versions":"<1.4.14|=0.0.2|=0.0.3|=0.0.4|=0.0.5|=0.0.6|=0.0.7|=0.0.8|=0.0.9|=1.0.0|=1.0.1|=1.0.3|=1.0.5|=1.0.6|=1.0.8|=1.0.9|=1.1.0|=1.1.1|=1.1.2|=1.1.3|=1.1.4|=1.1.5|=1.1.6|=1.1.7|=1.2.1|=1.2.2|=1.2.3|=1.2.5|=1.2.6|=1.3.0|=1.3.1|=1.3.2|=1.3.3|=1.3.4|=1.3.5|=1.3.6|=1.3.7|=1.3.8|=1.3.9|=1.4.0|=1.4.1|=1.4.10|=1.4.11|=1.4.11rc2|=1.4.12|=1.4.12rc1|=1.4.13|=1.4.13rc1|=1.4.2|=1.4.3|=1.4.4|=1.4.5|=1.4.6|=1.4.7|=1.4.8.1|=1.4.8.2|=1.4.8rc4|=1.4.8rc6|=1.4.8rc7|=1.4.8rc8|=1.4.8rc9|=1.4.9|=1.4.9.1|=1.4.9.10|=1.4.9.11|=1.4.9.2|=1.4.9.3|=1.4.9.4|=1.4.9.4rc1|=1.4.9.5|=1.4.9.6|=1.4.9.7|=1.4.9.8|=1.4.9.9|=1.4.9rc1|=1.4.9rc2|=1.4.9rc3|=1.4.9rc4","fixed_version":"1.4.14","source":"osv","published_at":"2026-04-08T00:17:50Z","in_kev":false,"epss_prob":0.00016,"epss_percentile":0.03695,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-30762","severity":"high","summary":"LightRAG: Hardcoded JWT Signing Secret Allows Authentication Bypass","affected_versions":"<1.4.13|=0.0.2|=0.0.3|=0.0.4|=0.0.5|=0.0.6|=0.0.7|=0.0.8|=0.0.9|=1.0.0|=1.0.1|=1.0.3|=1.0.5|=1.0.6|=1.0.8|=1.0.9|=1.1.0|=1.1.1|=1.1.2|=1.1.3|=1.1.4|=1.1.5|=1.1.6|=1.1.7|=1.2.1|=1.2.2|=1.2.3|=1.2.5|=1.2.6|=1.3.0|=1.3.1|=1.3.2|=1.3.3|=1.3.4|=1.3.5|=1.3.6|=1.3.7|=1.3.8|=1.3.9|=1.4.0|=1.4.1|=1.4.10|=1.4.11|=1.4.11rc2|=1.4.12|=1.4.12rc1|=1.4.13rc1|=1.4.2|=1.4.3|=1.4.4|=1.4.5|=1.4.6|=1.4.7|=1.4.8.1|=1.4.8.2|=1.4.8rc4|=1.4.8rc6|=1.4.8rc7|=1.4.8rc8|=1.4.8rc9|=1.4.9|=1.4.9.1|=1.4.9.10|=1.4.9.11|=1.4.9.2|=1.4.9.3|=1.4.9.4|=1.4.9.4rc1|=1.4.9.5|=1.4.9.6|=1.4.9.7|=1.4.9.8|=1.4.9.9|=1.4.9rc1|=1.4.9rc2|=1.4.9rc3|=1.4.9rc4","fixed_version":"1.4.13","source":"osv","published_at":"2026-04-04T06:14:41Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"CVE-2025-6773","severity":"medium","summary":"HKUDS LightRAG allows Path Traversal via function upload_to_input_dir","affected_versions":"<1.3.8|=0.0.2|=0.0.3|=0.0.4|=0.0.5|=0.0.6|=0.0.7|=0.0.8|=0.0.9|=1.0.0|=1.0.1|=1.0.3|=1.0.5|=1.0.6|=1.0.8|=1.0.9|=1.1.0|=1.1.1|=1.1.2|=1.1.3|=1.1.4|=1.1.5|=1.1.6|=1.1.7|=1.2.1|=1.2.2|=1.2.3|=1.2.5|=1.2.6|=1.3.0|=1.3.1|=1.3.2|=1.3.3|=1.3.4|=1.3.5|=1.3.6|=1.3.7","fixed_version":"1.3.8","source":"osv","published_at":"2025-06-27T21:30:29Z","in_kev":false,"epss_prob":0.00051,"epss_percentile":0.15546,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"1.0.8","total_count":9,"recent":["0.0.7","0.0.8","0.0.9","1.0.0","1.0.1","1.0.3","1.0.5","1.0.6","1.0.8"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":1,"first_published":"2024-10-22 03:45:22.680000+00:00","last_published":"2026-04-30 10:01:34.665000+00:00","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"update_required","issues":["Moderate health score (52/100) — verify manually","1 high severity vulnerabilities"],"use_version":"1.0.8","version_hint":"Update to >= 1.3.8 to fix known vulnerabilities","summary":"lightrag-hku@1.0.8 has vulnerabilities — update to latest"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":323,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":9,"first_release_age_days":557,"last_release_days_ago":2,"avg_days_between_releases":70,"release_velocity":"active"}}