VYPR

Vendor CVEs

Run Llama

All CVEs

26 total · sorted by risk
  • CVE-2024-3098CriApr 10, 2024
    risk 0.57cvss 9.8epss 0.01

    A vulnerability was identified in the `exec_utils` class of the `llama_index` package, specifically within the `safe_eval` function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be…

  • CVE-2025-5302HigAug 25, 2025
    risk 0.49cvss 8.6epss 0.00

    A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its…

  • CVE-2025-7647HigSep 27, 2025
    risk 0.40cvss 7.3epss 0.00

    The llama-index-core package, up to version 0.12.44, contains a vulnerability in the `get_cache_dir()` function where a predictable, hardcoded directory path `/tmp/llama_index` is used on Linux systems without proper security controls. This vulnerability allows attackers on…

  • CVE-2025-6208MedFeb 2, 2026
    risk 0.27cvss 5.3epss 0.00

    The `SimpleDirectoryReader` component in `llama_index.core` version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit (`num_files_limit`) is applied after all files in a…

  • CVE-2024-14021Jan 12, 2026
    risk 0.00cvss epss 0.00

    LlamaIndex (run-llama/llama_index) versions up to and including 0.11.6 contain an unsafe deserialization vulnerability in BGEM3Index.load_from_disk() in llama_index/indices/managed/bge_m3/base.py. The function uses pickle.load() to deserialize multi_embed_store.pkl from a…

  • CVE-2024-58339Jan 12, 2026
    risk 0.00cvss epss 0.01

    LlamaIndex (run-llama/llama_index) versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The custom_query() logic generates SQL statements from a user-supplied prompt and executes them via…

  • CVE-2025-7707Oct 13, 2025
    risk 0.00cvss epss 0.00

    The llama_index library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This configuration allows local users to overwrite, delete, or corrupt NLTK data files, leading to potential…

  • CVE-2025-6211Jul 10, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to version 0.12.28, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to hash collisions when structurally distinct chunks contain identical text,…

  • CVE-2025-6209Jul 7, 2025
    risk 0.00cvss epss 0.01

    A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0.12.40, specifically within the `encode_image` function in `generic_utils.py`. This vulnerability allows an attacker to manipulate the `image_path` input to read arbitrary files on the…

  • CVE-2025-5472Jul 7, 2025
    risk 0.00cvss epss 0.00

    The JSONReader in run-llama/llama_index versions 0.12.28 is vulnerable to a stack overflow due to uncontrolled recursive JSON parsing. This vulnerability allows attackers to trigger a Denial of Service (DoS) by submitting deeply nested JSON structures, leading to a…

  • CVE-2025-6210Jul 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the ObsidianReader class of the run-llama/llama_index repository, specifically in version 0.12.27, allows for hardlink-based path traversal. This flaw permits attackers to bypass path restrictions and access sensitive system files, such as /etc/passwd, by…

  • CVE-2025-3046Jul 7, 2025
    risk 0.00cvss epss 0.01

    A vulnerability in the `ObsidianReader` class of the run-llama/llama_index repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The `ObsidianReader` fails to resolve symlinks to their real paths and does not validate whether the…

  • CVE-2025-3044Jul 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the ArxivReader class of the run-llama/llama_index repository, versions up to v0.12.22.post1, allows for MD5 hash collisions when generating filenames for downloaded papers. This can lead to data loss as papers with identical titles but different contents may…

  • CVE-2025-3225Jul 7, 2025
    risk 0.00cvss epss 0.00

    An XML Entity Expansion vulnerability, also known as a 'billion laughs' attack, exists in the sitemap parser of the run-llama/llama_index repository, specifically affecting version v0.12.21. This vulnerability allows an attacker to supply a malicious Sitemap XML, leading to a…

  • CVE-2025-3108Jul 6, 2025
    risk 0.00cvss epss 0.00

    A critical deserialization vulnerability exists in the run-llama/llama_index library's JsonPickleSerializer component, affecting versions v0.12.27 through v0.12.40. This vulnerability allows remote code execution due to an insecure fallback to Python's pickle module.…

  • CVE-2025-1793Jun 5, 2025
    risk 0.00cvss epss 0.01

    Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of…

  • CVE-2025-1750Jun 2, 2025
    risk 0.00cvss epss 0.01

    An SQL injection vulnerability exists in the delete function of DuckDBVectorStore in run-llama/llama_index version v0.12.19. This vulnerability allows an attacker to manipulate the ref_doc_id parameter, enabling them to read and write arbitrary files on the server, potentially…

  • CVE-2025-1753May 28, 2025
    risk 0.00cvss epss 0.01

    LLama-Index CLI version v0.12.20 contains an OS command injection vulnerability. The vulnerability arises from the improper handling of the `--files` argument, which is directly passed into `os.system`. An attacker who controls the content of this argument can inject and execute…

  • CVE-2025-1752May 10, 2025
    risk 0.00cvss epss 0.00

    A Denial of Service (DoS) vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llama_index project, affecting version ~ latest(v0.12.15). The vulnerability arises due to inappropriate secure coding measures, specifically the lack of proper…

  • CVE-2024-11958Mar 20, 2025
    risk 0.00cvss epss 0.01

    A SQL injection vulnerability exists in the `duckdb_retriever` component of the run-llama/llama_index repository, specifically in the latest version. The vulnerability arises from the construction of SQL queries without using prepared statements, allowing an attacker to inject…

  • CVE-2024-12911Mar 20, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the `default_jsonalyzer` function of the `JSONalyzeQueryEngine` in the run-llama/llama_index repository allows for SQL injection via prompt injection. This can lead to arbitrary file creation and Denial-of-Service (DoS) attacks. The vulnerability affects the…

  • CVE-2024-12909Mar 20, 2025
    risk 0.00cvss epss 0.01

    A vulnerability in the FinanceChatLlamaPack of the run-llama/llama_index repository, versions up to v0.12.3, allows for SQL injection in the `run_sql_query` function of the `database_agent`. This vulnerability can be exploited by an attacker to inject arbitrary SQL queries,…

  • CVE-2024-12910Mar 20, 2025
    risk 0.00cvss epss 0.01

    A vulnerability in the `KnowledgeBaseWebReader` class of the run-llama/llama_index repository, version latest, allows an attacker to cause a Denial of Service (DoS) by controlling a URL variable to contain the root URL. This leads to infinite recursive calls to the…

  • CVE-2024-12704Mar 20, 2025
    risk 0.00cvss epss 0.01

    A vulnerability in the LangChainLLM class of the run-llama/llama_index repository, version v0.12.5, allows for a Denial of Service (DoS) attack. The stream_complete method executes the llm using a thread and retrieves the result via the get_response_gen method of the…

  • CVE-2024-4181May 16, 2024
    risk 0.00cvss epss 0.02

    A command injection vulnerability exists in the RunGptLLM class of the llama_index library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models (LLMs). The vulnerability arises from the improper use of the eval function, allowing a…

  • CVE-2024-3271Apr 16, 2024
    risk 0.00cvss epss 0.03

    A command injection vulnerability exists in the run-llama/llama_index repository, specifically within the safe_eval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to execute arbitrary code.…