VYPR

PyPI package

llama-index-retrievers-duckdb-retriever

pkg:pypi/llama-index-retrievers-duckdb-retriever

Vulnerabilities (1)

  • CVE-2024-11958Mar 20, 2025
    affected < 0.4.0fixed 0.4.0

    A SQL injection vulnerability exists in the `duckdb_retriever` component of the run-llama/llama_index repository, specifically in the latest version. The vulnerability arises from the construction of SQL queries without using prepared statements, allowing an attacker to inject ar