pkg:PyPI/llama-index

All known vulnerabilities

• CRITICAL9.8CVE-2025-1793llama_index vulnerable to SQL Injection
  from 0, < 0.12.28
• CRITICAL9.8CVE-2024-45201LlamaIndex includes an exec call for `import {cls_name}`
  from 0, < 0.10.38
• CRITICAL9.8CVE-2024-23751SQL injection in llama-index
  from 0, <= 0.9.35
• CRITICAL9.8CVE-2024-23751SQL injection in llama-index
  from 0, < 0.9.35
• CRITICAL9.8CVE-2023-39662llama-index vulnerable to arbitrary code execution
  from 0, < 0.9.14
• CRITICAL9.8CVE-2023-39662llama-index vulnerable to arbitrary code execution
  from 0, < 0.7.14
• HIGH8.8CVE-2024-4181RunGptLLM class in LlamaIndex has a command injection
  from 0, < 0.10.13
• HIGH7.8CVE-2024-14021LlamaIndex (run-llama/llama_index) versions up to and including 0.11.6 contain an unsafe deserialization vulnerability in BGEM3Index.load_f…
  from 0, < 0.11.7
• HIGH7.5CVE-2024-58339LlamaIndex (run-llama/llama_index) versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the Va…
  from 0, < 0.12.3
• HIGH7.5CVE-2025-6209LlamaIndex vulnerable to Path Traversal attack through its encode_image function
  from 0, < cdeaab91a204d1c3527f177dac37390327aef274 | >= 0.12.27, < 0.12.41
• HIGH7.5CVE-2025-1752LlamaIndex Vulnerable to Denial of Service (DoS)
  >= 0.12.15, < 0.12.21
• HIGH7.1CVE-2025-7707llama-index has Insecure Temporary File
  from 0, < 0.13.0
• HIGH7.1CVE-2024-12911LlamaIndex vulnerable to Creation of Temporary File in Directory with Insecure Permissions
  from 0, < 0.12.3
• MEDIUM6.5CVE-2025-6211LlamaIndex vulnerable to data loss through hash collisions in its DocugamiReader class
  from 0, < 0.12.41
• MEDIUM5.9CVE-2024-12910LlamaIndex Uncontrolled Resource Consumption vulnerability
  from 0, < 159ce485a1168100bb219dc1b93133f1121579d9 | from 0, < 0.12.9
• MEDIUM5.9CVE-2024-12910LlamaIndex Uncontrolled Resource Consumption vulnerability
  from 0, < 0.12.9