PyPI package
llama-index
pkg:pypi/llama-index
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-7707 | — | < 0.13.0 | 0.13.0 | Oct 13, 2025 | The llama_index library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This configuration allows local users to overwrite, delete, or corrupt NLTK data files, leading to potential deni | ||
| CVE-2025-6211 | — | < 0.12.41 | 0.12.41 | Jul 10, 2025 | A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to version 0.12.28, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to hash collisions when structurally distinct chunks contain identical text, result | ||
| CVE-2025-1793 | — | < 0.12.28 | 0.12.28 | Jun 5, 2025 | Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of t | ||
| CVE-2025-1752 | — | >= 0.12.15, < 0.12.21 | 0.12.21 | May 10, 2025 | A Denial of Service (DoS) vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llama_index project, affecting version ~ latest(v0.12.15). The vulnerability arises due to inappropriate secure coding measures, specifically the lack of proper implem | ||
| CVE-2024-12911 | — | < 0.12.3 | 0.12.3 | Mar 20, 2025 | A vulnerability in the `default_jsonalyzer` function of the `JSONalyzeQueryEngine` in the run-llama/llama_index repository allows for SQL injection via prompt injection. This can lead to arbitrary file creation and Denial-of-Service (DoS) attacks. The vulnerability affects the la | ||
| CVE-2024-12910 | — | < 0.12.9 | 0.12.9 | Mar 20, 2025 | A vulnerability in the `KnowledgeBaseWebReader` class of the run-llama/llama_index repository, version latest, allows an attacker to cause a Denial of Service (DoS) by controlling a URL variable to contain the root URL. This leads to infinite recursive calls to the `get_article_u | ||
| CVE-2024-4181 | — | < 0.10.13 | 0.10.13 | May 16, 2024 | A command injection vulnerability exists in the RunGptLLM class of the llama_index library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models (LLMs). The vulnerability arises from the improper use of the eval function, allowing a mali | ||
| CVE-2024-23751 | — | <= 0.9.35 | — | Jan 22, 2024 | LlamaIndex (aka llama_index) through 0.9.34 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine. For example, an attacker might be able to delete this year's stud | ||
| CVE-2023-39662 | — | < 0.9.14 | 0.9.14 | Aug 15, 2023 | An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via the `exec` parameter in PandasQueryEngine function. |
- CVE-2025-7707Oct 13, 2025affected < 0.13.0fixed 0.13.0
The llama_index library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This configuration allows local users to overwrite, delete, or corrupt NLTK data files, leading to potential deni
- CVE-2025-6211Jul 10, 2025affected < 0.12.41fixed 0.12.41
A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to version 0.12.28, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to hash collisions when structurally distinct chunks contain identical text, result
- CVE-2025-1793Jun 5, 2025affected < 0.12.28fixed 0.12.28
Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of t
- CVE-2025-1752May 10, 2025affected >= 0.12.15, < 0.12.21fixed 0.12.21
A Denial of Service (DoS) vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llama_index project, affecting version ~ latest(v0.12.15). The vulnerability arises due to inappropriate secure coding measures, specifically the lack of proper implem
- CVE-2024-12911Mar 20, 2025affected < 0.12.3fixed 0.12.3
A vulnerability in the `default_jsonalyzer` function of the `JSONalyzeQueryEngine` in the run-llama/llama_index repository allows for SQL injection via prompt injection. This can lead to arbitrary file creation and Denial-of-Service (DoS) attacks. The vulnerability affects the la
- CVE-2024-12910Mar 20, 2025affected < 0.12.9fixed 0.12.9
A vulnerability in the `KnowledgeBaseWebReader` class of the run-llama/llama_index repository, version latest, allows an attacker to cause a Denial of Service (DoS) by controlling a URL variable to contain the root URL. This leads to infinite recursive calls to the `get_article_u
- CVE-2024-4181May 16, 2024affected < 0.10.13fixed 0.10.13
A command injection vulnerability exists in the RunGptLLM class of the llama_index library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models (LLMs). The vulnerability arises from the improper use of the eval function, allowing a mali
- CVE-2024-23751Jan 22, 2024affected <= 0.9.35
LlamaIndex (aka llama_index) through 0.9.34 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine. For example, an attacker might be able to delete this year's stud
- CVE-2023-39662Aug 15, 2023affected < 0.9.14fixed 0.9.14
An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via the `exec` parameter in PandasQueryEngine function.