VYPR

Llama Index

by Run Llama

Source repositories

CVEs (26)

  • CVE-2024-12911Mar 20, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the `default_jsonalyzer` function of the `JSONalyzeQueryEngine` in the run-llama/llama_index repository allows for SQL injection via prompt injection. This can lead to arbitrary file creation and Denial-of-Service (DoS) attacks. The vulnerability affects the…

  • CVE-2024-12909Mar 20, 2025
    risk 0.00cvss epss 0.01

    A vulnerability in the FinanceChatLlamaPack of the run-llama/llama_index repository, versions up to v0.12.3, allows for SQL injection in the `run_sql_query` function of the `database_agent`. This vulnerability can be exploited by an attacker to inject arbitrary SQL queries,…

  • CVE-2024-12910Mar 20, 2025
    risk 0.00cvss epss 0.01

    A vulnerability in the `KnowledgeBaseWebReader` class of the run-llama/llama_index repository, version latest, allows an attacker to cause a Denial of Service (DoS) by controlling a URL variable to contain the root URL. This leads to infinite recursive calls to the…

  • CVE-2024-12704Mar 20, 2025
    risk 0.00cvss epss 0.01

    A vulnerability in the LangChainLLM class of the run-llama/llama_index repository, version v0.12.5, allows for a Denial of Service (DoS) attack. The stream_complete method executes the llm using a thread and retrieves the result via the get_response_gen method of the…

  • CVE-2024-4181May 16, 2024
    risk 0.00cvss epss 0.02

    A command injection vulnerability exists in the RunGptLLM class of the llama_index library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models (LLMs). The vulnerability arises from the improper use of the eval function, allowing a…

  • CVE-2024-3271Apr 16, 2024
    risk 0.00cvss epss 0.03

    A command injection vulnerability exists in the run-llama/llama_index repository, specifically within the safe_eval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to execute arbitrary code.…

Page 2 of 2