llama-index
PyPI13 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting llama-indexpage 1 of 1
- CVE-2023-39662CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.7.142023-08-15
vulnerable: 0.4.10 ... 0.7.9 (136 versions)
An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via the `exec` parameter in PandasQueryEngine function.
- CVE-2024-12910MEDIUMCVSS 5.9EG 5.9✓ Fixed in 0.12.92025-03-20
vulnerable: 0.10.0 ... v0.3.1 (614 versions)
A vulnerability in the `KnowledgeBaseWebReader` class of the run-llama/llama_index repository, version latest, allows an attacker to cause a Denial of Service (DoS) by controlling a URL variable to contain the root URL. This leads to infin…
- CVE-2024-12911HIGHCVSS 7.1EG 7.1✓ Fixed in 0.12.32025-03-20
vulnerable: 0.10.0 ... 0.9.9 (424 versions)
A vulnerability in the `default_jsonalyzer` function of the `JSONalyzeQueryEngine` in the run-llama/llama_index repository allows for SQL injection via prompt injection. This can lead to arbitrary file creation and Denial-of-Service (DoS) …
- CVE-2024-14021HIGHCVSS 7.8EG 7.8✓ Fixed in 0.11.72026-01-12
vulnerable: 0.10.0 ... 0.9.9 (404 versions)
LlamaIndex (run-llama/llama_index) versions up to and including 0.11.6 contain an unsafe deserialization vulnerability in BGEM3Index.load_from_disk() in llama_index/indices/managed/bge_m3/base.py. The function uses pickle.load() to deseria…
- CVE-2024-23751CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.9.352024-01-22
vulnerable: 0.4.10 ... 0.9.9 (309 versions)
LlamaIndex (aka llama_index) through 0.9.34 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine. For example, an attacker…
- CVE-2024-4181HIGHCVSS 8.8EG 8.8✓ Fixed in 0.10.132024-05-16
vulnerable: 0.10.0 ... 0.9.9 (340 versions)
A command injection vulnerability exists in the RunGptLLM class of the llama_index library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models (LLMs). The vulnerability arises from the improper …
- CVE-2024-45201HIGHCVSS 8.8EG 8.8✓ Fixed in 0.10.382024-08-22
vulnerable: 0.10.0 ... 0.9.9 (365 versions)
An issue was discovered in llama_index before 0.10.38. download/integration.py includes an exec call for import {cls_name}.
- CVE-2024-58339HIGHCVSS 7.5EG 7.5✓ Fixed in 0.12.32026-01-12
vulnerable: 0.10.0 ... 0.9.9 (424 versions)
LlamaIndex (run-llama/llama_index) versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The custom_query() logic generates SQL statements from a us…
- CVE-2025-1752HIGHCVSS 7.5EG 7.5✓ Fixed in 0.12.212025-05-10
vulnerable: 0.12.15 ... 0.12.20 (6 versions)
A Denial of Service (DoS) vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llama_index project, affecting version ~ latest(v0.12.15). The vulnerability arises due to inappropriate secure coding measure…
- CVE-2025-1793CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.12.282025-06-05
vulnerable: 0.10.0 ... 0.9.9 (449 versions)
Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data o…
- CVE-2025-6209HIGHCVSS 7.5EG 7.5✓ Fixed in 0.12.412025-07-07
vulnerable: 0.12.27 ... 0.12.40 (14 versions)
A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0.12.40, specifically within the `encode_image` function in `generic_utils.py`. This vulnerability allows an attacker to manipulate the `image_path` in…
- CVE-2025-6211MEDIUMCVSS 6.5EG 6.5✓ Fixed in 0.12.412025-07-10
vulnerable: 0.10.0 ... 0.9.9 (462 versions)
A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to version 0.12.28, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to hash collisions when structurally disti…
- CVE-2025-7707HIGHCVSS 7.8EG 7.8✓ Fixed in 0.13.02025-10-13
vulnerable: 0.10.0 ... 0.9.9 (474 versions)
The llama_index library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This configuration allows local users to overwrite, delete, or corrupt N…
Check whether llama-index is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for llama-index CVEs against the assets you own.
Start Free Scan →