VYPR

PyPI package

llama-index-readers-obsidian

pkg:pypi/llama-index-readers-obsidian

Vulnerabilities (2)

  • CVE-2025-6210MedJul 7, 2025
    affected < 0.5.2fixed 0.5.2

    A vulnerability in the ObsidianReader class of the run-llama/llama_index repository, specifically in version 0.12.27, allows for hardlink-based path traversal. This flaw permits attackers to bypass path restrictions and access sensitive system files, such as /etc/passwd, by explo

  • CVE-2025-3046HigJul 7, 2025
    affected < 0.5.1fixed 0.5.1

    A vulnerability in the `ObsidianReader` class of the run-llama/llama_index repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The `ObsidianReader` fails to resolve symlinks to their real paths and does not validate whether the resolved