pkg:PyPI/llama-index-core

10 total CVEsCRITICAL3HIGH4MEDIUM3

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2024-45201LlamaIndex includes an exec call for `import {cls_name}`
    from 0, < 0.10.38
  • CRITICAL9.8CVE-2024-3271llama-index-core Command Injection vulnerability
    from 0, < 0.10.24
  • CRITICAL9.8CVE-2024-3098llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution
    from 0, < 0.10.24
  • HIGH8.6CVE-2025-5302LlamaIndex affected by a Denial of Service (DOS) in JSONReader
    from 0, < 0.12.38
  • HIGH7.5CVE-2025-6209LlamaIndex vulnerable to Path Traversal attack through its encode_image function
    >= 0.11.23, < 0.12.41
  • HIGH7.5CVE-2024-12704LlamaIndex Improper Handling of Exceptional Conditions vulnerability
    from 0, < 0.12.6
  • HIGH7.3CVE-2025-7647llama-index-core insecurely handles temporary files
    from 0, < 0.13.0
  • MEDIUM6.5CVE-2025-5472LlamaIndex vulnerable to DoS attack through uncontrolled recursive JSON parsing
    from 0, < 0.12.38
  • MEDIUM5.3CVE-2025-6208llama-index-core vulnerable to Uncontrolled Resource Consumption
    from 0, < 0.12.41
  • MEDIUM5.0CVE-2025-3108LlamaIndex has Incomplete Documentation of Program Execution related to JsonPickleSerializer component
    >= 0.11.15, < 0.12.41