usearch is vulnerable to Exposure of Sensitive Information
45
Medium Risk
The Python bindings resolve single-vector lookups in get_typed_vectors_for_keys by preallocating a 2D NumPy array and calling the underlying index.get without checking its return value. When Index.get is queried with a key that is not present in the index, the corresponding row is left as uninitialized heap memory and returned to the caller instead of None. Applications that query possibly-absent keys can therefore receive residual heap contents that may include previously stored vectors or other in-process data. The fix detects missing keys and returns py::none() for them while keeping a single backing allocation.
You are affected if you are using a version that falls within the vulnerable range and your application retrieves vectors for keys that may not exist in a non-multi USearch index.
usearch is vulnerable to Exposure of Sensitive Information in versions 2.9.0 - 2.25.1.
Upgrade the usearch library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

I consent to receiving marketing communications based on Aikido’s Privacy Policy.
SOC 2Compliant
ISO 27001Compliant