Is lightrag-hku safe to use?

lightrag-hku has 3 known vulnerabilities on the latest version (1.0.8). DepScope rates its health at 52/100 (high risk).

What is the latest version of lightrag-hku?

The latest version of lightrag-hku is 1.0.8, released 2026-04-30.

Does lightrag-hku have known vulnerabilities?

Yes. lightrag-hku has 3 known vulnerabilities. See depscope.dev/pkg/conda/lightrag-hku for details.

Is lightrag-hku deprecated?

No, lightrag-hku is actively maintained. Latest release: 1.0.8 (2026-04-30).

What are alternatives to lightrag-hku?

DepScope has no curated alternatives for lightrag-hku at this time.

What license does lightrag-hku use?

lightrag-hku is licensed under MIT.

lightrag-hku

condav1.0.8

LightRAG: Simple and Fast Retrieval-Augmented Generation

License MITpermissive9 versions1 maintainers0 deps126 weekly dl

/ 100

Health

update required

[email protected] has vulnerabilities — update to latest

Update to >= 1.3.8 to fix known vulnerabilities

Moderate health score (52/100) — verify manually
1 high severity vulnerabilities

Health breakdown0 – 100

25/25

maintenance

3/20

popularity

16/25

security

6/15

maturity

2/15

community

Vulnerabilities

1 high2 medium

Advisories (3)

Severity	ID	Summary	Fixed in
medium	CVE-2026-39413	lightrag-hku: JWT Algorithm Confusion Vulnerability	1.4.14
high	CVE-2026-30762	LightRAG: Hardcoded JWT Signing Secret Allows Authentication Bypass	1.4.13
medium	CVE-2025-6773	HKUDS LightRAG allows Path Traversal via function upload_to_input_dir	1.3.8

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/conda/lightrag-hku

First published · 2024-10-22 03:45:22.680000+00:00

Last updated · 2026-04-30 10:01:34.665000+00:00